c18n: Support for wrapping function pointers in trampolines #2301
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jrtc27
reviewed
Jan 28, 2025
sys/arm64/arm64/elf_machdep.c
Outdated
Comment on lines
770
to
774
| switch (ELF_R_TYPE(rela->r_info)) { | ||
| case R_AARCH64_RELATIVE: | ||
| case R_AARCH64_FUNC_RELATIVE: | ||
| /* XXX Dapeng: Which base to use here? */ | ||
| break; |
There was a problem hiding this comment.
As discussed on Zoom: the kernel is position-dependent so should not have any R_AARCH64_RELATIVE relocations, but we should check that LLD definitely won't emit them for a ptraddr_t global in a purecap kernel. If it does emit them for whatever reason, relocbase is 0 for the kernel (due to being linked at an absolute address), and that is what the 0 in the call to build_cap_from_fragment is for, so these relocations would be a no-op anyway. The only reason R_MORELLO_RELATIVE is needed (and, soon, FUNC_RELATIVE) is because of the need to derive valid caps at run time for their tags.
dpgao
force-pushed
the
c18n-fptr
branch
6 times, most recently
from
7267bc6 to
114d0ed
Compare
Sometimes we need to create a trampoline based on incomplete
information. For example, if we require all function pointers to be
wrapped in trampolines and have the following code:
static void foo() {};
ptraddr_t p = (ptraddr_t)&foo;
The runtime linker needs to create a trampoline using an address
generated from an integer relative relocation. We create a half-baked
trampoline that has a canonical address but that does not have a full
capability as its target. Hence this trampoline cannot be called.
If in the future, some other piece of code does require a callable
trampoline for foo (e.g. through a CAPINIT relocation or simply dlsym),
this half-baked trampoline is retrieved and mutated to its final form.
Setting this flag causes all function pointers to be wrapped in trampolines. Binaries MUST be compiled with -cheri-codeptr-relocs for this to work properly. This flag is only available as a transition mechanism. It will become the default in the future and the flag will then be removed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR depends on #2300 and so duplicates its commits, but the real content starts from c18n: Lazy trampolines.
Commit kernel: [WIP] Support for R_{AARCH64,MORELLO}_FUNC_RELATIVE relocations needs further work because it is unclear what relocbase should be used during self-relocation of the kernel.