Change MEMTAG_STACK to be d_val, and MEMTAG_GLOBALS to be d_ptr #225
Conversation
|
P.S. I don't have access to add reviewers to this patch :) |
|
I had a longthink about the implications of the ABI change, and discussed it with my team. We do have binaries on Android that have been deploayed with the old But, I think the nature of dynamic entries is to be interpereted in an application-specific way. Yes, I think it's a better option to leave the current values as the wrong type, and just add a note below saying "sorry, we messed this up, please interpret |
|
I think that you are right that a dynamic linker that did not recognize the tag couldn't hope to run the binary. I think the cases where it could be a problem are:
In practice it looks like no open-source ELF reader or dynamic loader that I checked makes use of the even entries being d_ptr. It seems like every one uses a switch statement and combines the relocation and processing at the same time. It does seem like if a dynamic linker did make use of the property for relocation, it could compensate later by subtracting/adding the displacement when doing the memtag specific processing later on. To summarise, I personally would be happy with your proposal to put a note explaining that the two tags have the wrong parity (if that's the right word) according to the ELF standard. I'll open it up to my colleagues to see if there are any objections. |
|
https://www.sco.com/developers/gabi/latest/ch5.dynamic.html says
A processor can provide additional requirement to processor-specific values. However, some processors, such as MIPS and PPC64, have values that do not follow the even/odd convention. It's probably still a good idea to follow the convention, but I agree that as the values as been deployed, there is not much need to change it now. If the values haven't been deployed, adding new values looks good to me. |
hctim
changed the title
|
I've updated the patch, commit message, and top post (which I'm guessing should be the squashed merge commit) now with the wording that I think is correct. The patch:
|
There was a problem hiding this comment.
Thanks for the update. I've approved the final version. The way the project is set up is a rebase and merge, so all 3 commits will be applied in the current state.
Internally we've been doing a force push of the squashed commit prior to clicking the merge button in github. I'm just double checking that with my colleagues. Hope to get you an answer soon.
Update: Yes, please do squash the changes so we'll be able to apply a single commit.
MEMTAG_STACK should be d_val (a bit to indicate that MTE stack is either on/off), and MEMTAG_GLOBALS should be d_ptr (a pointer offset to a section containing memtag globals descriptors). This is the way that lld has implemented it, as it's the local semantics (MEMTAG_GLOBALS is a pointer-to-section that needs load bias adjustment, and MEMTAG_STACK is a single bit that enables PROT_MTE on the stack). This unfortunatly does mean that we diverge from the accepted semantics of odd == d_val, and even == d_ptr, but this seems like the best trade-off as we've shipped a compiler that did the non-spec-but-more-logical thing and shipped binaries to end users. Much better than shipping a whole new set of MEMTAG_GLOBALS_2 and MEMTAG_STACK_2 to fix the mistake. Found by eugenis@ in https://r.android.com/2765590
| respectively). Binaries compiled with clang-17 and lld-17 produced the dynamic | ||
| entries with ``DT_AARCH64_MEMTAG_STACK`` as ``d_val`` and | ||
| ``DT_AARCH64_MEMTAG_GLOBALS`` as ``d_ptr`` as this was the intended semantics, | ||
| and they were shipped on Android devices. The values were thus updated to |
There was a problem hiding this comment.
remove thus - it's archaic language and difficult for non-native speakers.
"The values were updated to more fitting semantic types.
| does mean that ``DT_AARCH64_MEMTAG_STACK`` is a ``d_val`` with an even | ||
| ``Value``, and ``DT_AARCH64_MEMTAG_GLOBALS`` is a ``d_ptr`` with an odd | ||
| ``Value`` (where the normal semantics are ``odd == d_val``, and ``even == | ||
| d_ptr``). Implementations of dynamic loaders need to be careful to apply these |
There was a problem hiding this comment.
change "need to be" to "should be"
Implementations of dynamic loaders should be careful to apply these semantics correctly. Most importantly, you should not apply the load bias to......
| semantics correctly - notably the load bias should not be applied to | ||
| ``DT_AARCH64_MEMTAG_STACK``, as it's a ``d_val``, even though the ``Value`` is | ||
| even. | ||
|
|
||
| ``DT_AARCH64_MEMTAG_MODE`` indicates the initial MTE mode that should be set. It | ||
| has two possible values: ``0``, indicating that the desired MTE mode is | ||
| Synchronous, and ``1``, indicating that the desired mode is Asynchronous. This |
There was a problem hiding this comment.
Change to a bulleted list:
It has two possible values:
- 0 - indicates that the
- 1 - indicates that the....
MEMTAG_STACK should be d_val (a bit to indicate that MTE stack is either on/off), and MEMTAG_GLOBALS should be d_ptr (a pointer offset to a section containing memtag globals descriptors).
This is the way that lld has implemented it, as it's the local semantics (
MEMTAG_GLOBALSis a pointer-to-section that needs load bias adjustment, andMEMTAG_STACKis a single bit that enablesPROT_MTEon the stack).This unfortunatly does mean that we diverge from the accepted semantics of
odd == d_val, andeven == d_ptr, but this seems like the best trade-off as we've shipped a compiler that did the non-spec-but-more-logical thing and shipped binaries to end users. Much better than shipping a whole new set ofMEMTAG_GLOBALS_2andMEMTAG_STACK_2to fix the mistake.Found by eugenis@ in https://r.android.com/2765590