Add program property and PLT for CFI extension#417
Open
kito-cheng wants to merge 15 commits intomasterfrom
Open
Add program property and PLT for CFI extension#417kito-cheng wants to merge 15 commits intomasterfrom
kito-cheng wants to merge 15 commits intomasterfrom
Conversation
kito-cheng
requested review from
MaskRay,
Nelson1225,
asb,
aswaterman,
jrtc27 and
rui314
Collaborator
Author
|
cc @ved-rivos |
ved-rivos
reviewed
Jan 4, 2024
ved-rivos
reviewed
Jan 4, 2024
ved-rivos
reviewed
Jan 4, 2024
Collaborator
|
My concern about this proposal is that, with the 32-bit bitmap, we can't have more than 32 extensions. That might be OK for x86-64 that is controlled only by Intel and AMD, but it is likely that we would have way more extensions than x86-64 for RISC-V. I'm not sure even 64 bits is enough. Maybe we should avoid the bitmap completely? |
Collaborator
Author
|
@rui314 /* Processor-specific semantics, lo */
#define GNU_PROPERTY_LOPROC 0xc0000000
/* Processor-specific semantics, hi */
#define GNU_PROPERTY_HIPROC 0xdfffffffSo we have 536,870,912 * 32 rather than only 32-bit bitmap :) |
Collaborator
|
@kito-cheng Ah, you are right. Even though I've implemented the feature to the linker, I forgot the actual on-file format. Thank you for pointing that out! |
Collaborator
|
Thanks for the proposal. On Arm/x86, if all relocatable files contain That said, this is most viable proposal. Defining GNU program property looks good for x86/Arm parity. You may want to mention that
"property" is a heavily overloaded term. Consider "program property" or just use |
kito-cheng
changed the title
Collaborator
|
@kito-cheng Isn't the usefulness of this degraded by the fact that we only allocate 1 32-bit property instead of the ~ 3 * 32768 allocated on x86? When we start to use the next bitmap, an old linker won't be able to propagate it, and so on. |
kito-cheng
added a commit
that referenced
this pull request
Feb 26, 2024
We introduce .note.gnu.property section to store infomations that linker or runtime system may use, and we define 4 program property classes to specifying the merge semantics, it's used for forward compatibility in linker implementations, allowing linker can correctly handle program property types even if they are not recognized. We don't define any program property within this PR, it would be separate PR like #417
Merged
Collaborator
Author
|
Split base program property part into #428 |
kito-cheng
added a commit
that referenced
this pull request
Feb 26, 2024
We introduce .note.gnu.property section to store infomations that linker or runtime system may use, and we define 4 program property classes to specifying the merge semantics, it's used for forward compatibility in linker implementations, allowing linker can correctly handle program property types even if they are not recognized. We don't define any program property within this PR, it would be separate PR like #417
Collaborator
Author
|
ChangeLog:
|
ved-rivos
reviewed
Feb 26, 2024
kito-cheng
changed the title
Collaborator
Author
|
Changes:
|
Collaborator
Author
|
Update on binutils part: Nelson is approved, but waiting glibc patch send out before merge. |
saagarjha
pushed a commit
to ahjragaas/binutils-gdb
that referenced
this pull request
Jun 24, 2025
…V_FEATURE_1_CFI_LP_UNLABELED This patch adds two new GNU properties for RISC-V: GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS and GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED. We only add readelf and define the properties in this patch. Ref: riscv-non-isa/riscv-elf-psabi-doc#417
saagarjha
pushed a commit
to ahjragaas/binutils-gdb
that referenced
this pull request
Jun 24, 2025
This patch adds support for generating unlabeled landing pad PLT entries for the RISC-V architecture. Unlabeled landing pad will place a LPAD instruction at the PLT entry and PLT header, also PLT header will have few changes due to the offset is different from the original one. Ref: riscv-non-isa/riscv-elf-psabi-doc#417
lgaver2
pushed a commit
to fpetrot/riscv-binutils
that referenced
this pull request
Jun 30, 2025
…V_FEATURE_1_CFI_LP_UNLABELED This patch adds two new GNU properties for RISC-V: GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS and GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED. We only add readelf and define the properties in this patch. Ref: riscv-non-isa/riscv-elf-psabi-doc#417
lgaver2
pushed a commit
to fpetrot/riscv-binutils
that referenced
this pull request
Jun 30, 2025
This patch adds support for generating unlabeled landing pad PLT entries for the RISC-V architecture. Unlabeled landing pad will place a LPAD instruction at the PLT entry and PLT header, also PLT header will have few changes due to the offset is different from the original one. Ref: riscv-non-isa/riscv-elf-psabi-doc#417
Define two bit for landing pad and shadow stack, and we plan to defined third bit `GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_COMPLEX` for complex labeling scheme.
Changes: - Rename `GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_SIMPLE` to `GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED` - Fix wrong offset in the first PLT stubs for the simple landing pad PLT.
- Use sw guarded call in PLT entry and PLT header. - Also remove `lpad 0` in the entry of PLT header. - Forbid lazy binding at psABI spec level. This change could unify the PLT entry and PLT header with function signature based PLT.
mylai-mtk
reviewed
Aug 12, 2025
riscv-elf.adoc
Outdated
Comment on lines
+743
to
+765
| sub t1, t1, t3 # shifted .got.plt offset + hdr size + 12 | ||
| sub t1, t1, t3 # shifted .got.plt offset + hdr size + 12 |
riscv-elf.adoc
Outdated
| function pointer from the GOT. On the first call to a function, the | ||
| entry redirects to the first PLT entry which calls `_dl_runtime_resolve` | ||
| and fills in the GOT entry for subsequent calls to the function: | ||
| And occupies two 16 byte entries for the unlabeled landing pad PLT style: |
There was a problem hiding this comment.
I guess we don't need to distinguish between unlabeled and func-sig landing pad PLT styles anymore.
riscv-elf.adoc
Outdated
| executable sections are built to be compatible with the landing pad mechanism | ||
| provided by the Zicfilp extension in the unlabeled scheme: Executables and | ||
| shared libraries with this bit set are required to generate PLTs in the | ||
| unlabeled landing pad PLT style, and all of the labels of lpad instructions are |
xypron
reviewed
Aug 14, 2025
riscv-elf.adoc
Outdated
| each bit indicating a feature that the object file is compatible with. The | ||
| linker should perform a bitwise AND operation when merging different objects. | ||
|
|
||
| The value of `GNU_PROPERTY_RISCV_FEATURE_1_AND` is defined in <<rv-prog-prop-type>>. |
There was a problem hiding this comment.
This link does not make sense to me here. We are here in the section that defines the values in the lines below.
xypron
reviewed
Aug 14, 2025
| |=== | ||
| | Bit | Bit Name | ||
| | 0 | GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED | ||
| | 1 | GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS |
There was a problem hiding this comment.
Why do we need a bit for unlabeled landing pads?
I would have expected a bit for "have landing pads" and a property for the labeling scheme which may be unlabeled or labeled according to a specific algorithm.
There was a problem hiding this comment.
For easy migration of distros we will probably need at least:
- no landing pads
- landing pads are unlabeled, callers do not set x7
- landing pads are unlabeled, but callers set x7 according to labeling scheme
- both landing pads and callers abide to labeling scheme
RevySR
pushed a commit
to revyos/binutils-gdb
that referenced
this pull request
Nov 21, 2025
…NU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED This patch adds two new GNU properties for RISC-V: GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS and GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED. We only add readelf and define the properties in this patch. Ref: riscv-non-isa/riscv-elf-psabi-doc#417 (cherry picked from commit 4ad5217caf706925014e38be2bc561a2fa094ece) Signed-off-by: Han Gao <gaohan@iscas.ac.cn>
RevySR
pushed a commit
to revyos/binutils-gdb
that referenced
this pull request
Nov 21, 2025
…NU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED This patch adds two new GNU properties for RISC-V: GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS and GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED. We only add readelf and define the properties in this patch. Ref: riscv-non-isa/riscv-elf-psabi-doc#417 (cherry picked from commit 4ad5217caf706925014e38be2bc561a2fa094ece) Signed-off-by: Han Gao <gaohan@iscas.ac.cn>
RevySR
pushed a commit
to revyos/binutils-gdb
that referenced
this pull request
Nov 21, 2025
…NU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED This patch adds two new GNU properties for RISC-V: GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS and GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED. We only add readelf and define the properties in this patch. Ref: riscv-non-isa/riscv-elf-psabi-doc#417 (cherry picked from commit 4ad5217caf706925014e38be2bc561a2fa094ece) Signed-off-by: Han Gao <gaohan@iscas.ac.cn>
RevySR
pushed a commit
to revyos/binutils-gdb
that referenced
this pull request
Nov 21, 2025
…NU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED This patch adds two new GNU properties for RISC-V: GNU_PROPERTY_RISCV_FEATURE_1_CFI_SS and GNU_PROPERTY_RISCV_FEATURE_1_CFI_LP_UNLABELED. We only add readelf and define the properties in this patch. Ref: riscv-non-isa/riscv-elf-psabi-doc#417 (cherry picked from commit 4ad5217caf706925014e38be2bc561a2fa094ece) Signed-off-by: Han Gao <gaohan@iscas.ac.cn>
- Remove trailing whitespace in PLT entry code comment. - Simplify "unlabeled landing pad PLT style" to "landing pad PLT style" since there is only one type of landing pad PLT style. - Directly specify the pr_type value of GNU_PROPERTY_RISCV_FEATURE_1_AND instead of referencing the table. - Remove "PLT entries" from the indirect branch origins list since PLT calls are use SW guared call.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We introduce .note.gnu.property section to store infomations that linker or runtime system may use, and we define two bit for landing pad and shadow stack.
Those two bit will checked by loader - and use that info to enable the landing pad checking and/or shadow stack feature.