[PAuthABI] Allow GNU program properties as a PAuth ABI marking schema

A new program property GNU_PROPERTY_AARCH64_FEATURE_PAUTH is defined in section .note.gnu.property that can be used as an alternative method for signing PAuthABI-compatible ELF files.At least in the Bionic linker, this is easier to implement: the property (and the existing .note.gnu.property section) can be trivially extracted from a DSO, and is already happening for other properties (mainly GNU_PROPERTY_AARCH64_FEATURE_1_AND to check for BTI and PAC-ret). In contrast, a new section would require traversing all the sections in the ELF and checking for the section name, which is more complicated to implement and possibly slower. Unfortunately, .note.gnu.property is not guaranteed to be understood by all ELF-based platforms, so we still keep the new section .note.AARCH64-PAUTH-ABI-tag as the default marking schema.
ARM-software · Aug 26, 2021 · 19621f9 · 19621f9
1 parent 9a7da16
commit 19621f9
Showing 1 changed file with 48 additions and 5 deletions.
diff --git a/pauthabielf64/pauthabielf64.rst b/pauthabielf64/pauthabielf64.rst
@@ -14,7 +14,7 @@
 .. _LSB: https://refspecs.linuxfoundation.org/LSB_1.2.0/gLSB/noteabitag.html
 .. _SCO-ELF: http://www.sco.com/developers/gabi/
 .. _TLSDESC: http://www.fsfla.org/~lxoliva/writeups/TLS/paper-lk2006.pdf
-
+.. _LINUX_ABI: https://github.com/hjl-tools/linux-abi/wiki
 .. footer::
 
    ###Page###
@@ -253,6 +253,7 @@ This document refers to, or is referred to by, the following documents.
   | TLSDESC_                                                                                | http://www.fsfla.org/~lxoliva/writeups/TLS/paper-lk2006.pdf | TLS Descriptors for Arm. Original proposal document                      |
   +-----------------------------------------------------------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+
   | `GABI_SHT_RELR <https://groups.google.com/d/msg/generic-abi/bX460iggiKg/YT2RrjpMAwAJ>`_ | ELF GABI Google Groups                                      | Proposal for a new section type SHT_RELR                                 |
+  | LINUX_ABI_                                                                              | https://github.com/hjl-tools/linux-abi/wiki                 | Linux Extensions to gABI                                                 |
   +-----------------------------------------------------------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+
 
 Terms and Abbreviations
@@ -832,10 +833,24 @@ language to signing schema is expected to evolve over time. Even if
 the low-level ELF extensions remain constant, a change to the
 high-level language mapping may result in incompatible ELF files.
 
-Every relocatable object, executable and shared library that uses the
-PAuth ABI ELF extensions must have a section named
-``.note.AARCH64-PAUTH-ABI-tag`` of type ``SHT_NOTE``. This section is
-structured as a note section as documented in SCO-ELF_.
+This specification defines a default marking schema. Platforms and
+vendors are free to define a different marking schema. Regardless,
+every relocatable object, executable and shared library that uses the
+PAuth ABI ELF extensions must be marked, otherwise toolchains and
+platforms are free to assume that the ELF file does not comply with
+this PAuth ABI.
+
+Some platforms (most notably Linux) are aware of a special section
+``.note.gnu.property``. An alternative marking schema for this special
+case is shown in `Appendix Marking schema using GNU program
+properties`_.
+
+Default marking schema
+----------------------
+
+A new section named ``.note.AARCH64-PAUTH-ABI-tag`` of type
+``SHT_NOTE`` is defined. This section is structured as a note section
+as documented in SCO-ELF_.
 
 The name field (``namesz`` / ``name``) contains the string "ARM". The
 type field shall be 1, and the ``descsz`` field must be at least 16.
@@ -858,6 +873,11 @@ related to the version number of this document. It is controlled by
 the object-producer based on the signing schema that have been used
 for pointers.
 
+If a file contains a section named ``.note.AARCH64-PAUTH-ABI-tag``,
+it must observe the entirety of the rules in this default marking
+schema. Generating such section with a platform-specific schema is
+forbidden.
+
 Base Compatibility Model
 ------------------------
 
@@ -1196,3 +1216,26 @@ Some observations:
 * When not dynamic linking a static linker may choose to encode the
   pointer signing information in a custom encoding understood by the
   start-up code used.
+
+Appendix Marking schema using GNU program properties
+====================================================
+
+If a platform understands section type ``.note.gnu.property``, it can
+be used as the base for an alternative schema. The format of this
+section is defined in LINUX_ABI_.
+
+A processor-specific program property type
+``GNU_PROPERTY_AARCH64_FEATURE_PAUTH`` is defined in section
+``.note.gnu.property`` with a value of ``0xc0000001``. The format of
+the data in ``pr_data`` is at least two 64-bit words, the first being
+a platform identifier, and the second being a version number specific
+to the platform identified in the first word. Consequently, the
+``pr_datasz`` field must be at least 16. When ``pr_datasz`` is larger
+than 16, the remainder of the contents of ``pr_data`` are specific
+to the (platform id, version number).
+
+The rules for the fields are the same as for the default marking
+schema: this ABI does not define the exact format of the platform and
+version identifiers, but reserves the combination of (platform,
+version) equal to (0,0) to represent an ELF file incompatible with
+this ABI.