[ELF][AArch64] Fix potentially corrupted section content for PAC

MaskRay · tstellar · commit bf271375cc08 · 2022-08-08T12:53:26.000-07:00
D74537 introduced a bug: if `(config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_PAC) != 0` with -z pac-plt unspecified, we incorrectly use AArch64BtiPac, whose writePlt will make out-of-bounds write after the .plt section. This is often benign because the output section after .plt will usually overwrite the content. This is very difficult to test without D131247 (Parallelize writes of different OutputSections). (cherry picked from commit d7cbfcf)
diff --git a/lld/ELF/Arch/AArch64.cpp b/lld/ELF/Arch/AArch64.cpp
@@ -873,8 +873,8 @@ void AArch64BtiPac::writePlt(uint8_t *buf, const Symbol &sym,
 }
 
 static TargetInfo *getTargetInfo() {
-  if (config->andFeatures & (GNU_PROPERTY_AARCH64_FEATURE_1_BTI |
-                             GNU_PROPERTY_AARCH64_FEATURE_1_PAC)) {
+  if ((config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_BTI) ||
+      config->zPacPlt) {
     static AArch64BtiPac t;
     return &t;
   }

Original file line number	Diff line number	Diff line change
`@@ -873,8 +873,8 @@ void AArch64BtiPac::writePlt(uint8_t *buf, const Symbol &sym,`
`873`	`873`	`}`
`874`	`874`
`875`	`875`	`static TargetInfo *getTargetInfo() {`
`876`		`- if (config->andFeatures & (GNU_PROPERTY_AARCH64_FEATURE_1_BTI \|`
`877`		`- GNU_PROPERTY_AARCH64_FEATURE_1_PAC)) {`
	`876`	`+ if ((config->andFeatures & GNU_PROPERTY_AARCH64_FEATURE_1_BTI) \|\|`
	`877`	`+ config->zPacPlt) {`
`878`	`878`	`static AArch64BtiPac t;`
`879`	`879`	`return &t;`
`880`	`880`	`}`