commit 8d55d1872a6c7f850a13c59ddaedc813d0bc7e26
author Tamas Petz <tamas.petz@arm.com> Mon Feb 24 14:15:25 2020 +0100
committer Ryan Prichard <rprichard@google.com> Wed Sep 23 17:53:28 2020 -0700
tree 7dc4c724e876d855ce8d1117721566afa4373be8
parent 0a12075ca48c9bf6fc1a68c0446ac000c07afb42

Enable BTI in bionic linker

This patch adds support to load BTI-enabled objects.

According to the ABI, BTI is recorded in the .note.gnu.property section.
The new parser evaluates the property section, if exists.
It searches for .note section with NT_GNU_PROPERTY_TYPE_0.
Once found it tries to find GNU_PROPERTY_AARCH64_FEATURE_1_AND.
The results are cached.

The main change in linker is when protection of loaded ranges gets
applied. When BTI is requested and the platform also supports it
the prot flags have to be amended with PROT_BTI for executable ranges.
Failing to add PROT_BTI flag would disable BTI protection.
Moreover, adding the new PROT flag for shared objects without BTI
compatibility would break applications.

Kernel does not add PROT_BTI to a loaded ELF which has interpreter.
Linker handles this case too.

Test: 1. Flame boots
      2. Tested on FVP with BTI enabled

Change-Id: Iafdf223b74c6e75d9f17ca90500e6fe42c4c1218

linker/linker_phdr.h

diff --git a/linker/linker_phdr.h b/linker/linker_phdr.h
index 4cb48f5..548dc51 100644
--- a/linker/linker_phdr.h
+++ b/linker/linker_phdr.h
@@ -37,6 +37,7 @@
 
 #include "linker.h"
 #include "linker_mapped_file_fragment.h"
+#include "linker_note_gnu_property.h"
 
 class ElfReader {
  public:
@@ -67,6 +68,7 @@
   bool ReserveAddressSpace(address_space_params* address_space);
   bool LoadSegments();
   bool FindPhdr();
+  bool FindGnuPropertySection();
   bool CheckPhdr(ElfW(Addr));
   bool CheckFileRange(ElfW(Addr) offset, size_t size, size_t alignment);
 
@@ -110,13 +112,16 @@
 
   // Is map owned by the caller
   bool mapped_by_caller_;
+
+  // Only used by AArch64 at the moment.
+  GnuPropertySection note_gnu_property_ __unused;
 };
 
 size_t phdr_table_get_load_size(const ElfW(Phdr)* phdr_table, size_t phdr_count,
                                 ElfW(Addr)* min_vaddr = nullptr, ElfW(Addr)* max_vaddr = nullptr);
 
-int phdr_table_protect_segments(const ElfW(Phdr)* phdr_table,
-                                size_t phdr_count, ElfW(Addr) load_bias);
+int phdr_table_protect_segments(const ElfW(Phdr)* phdr_table, size_t phdr_count,
+                                ElfW(Addr) load_bias, const GnuPropertySection* prop = nullptr);
 
 int phdr_table_unprotect_segments(const ElfW(Phdr)* phdr_table, size_t phdr_count,
                                   ElfW(Addr) load_bias);
@@ -139,5 +144,5 @@
                                     ElfW(Addr) load_bias, ElfW(Dyn)** dynamic,
                                     ElfW(Word)* dynamic_flags);
 
-const char* phdr_table_get_interpreter_name(const ElfW(Phdr) * phdr_table, size_t phdr_count,
+const char* phdr_table_get_interpreter_name(const ElfW(Phdr)* phdr_table, size_t phdr_count,
                                             ElfW(Addr) load_bias);