[PAC] Support signed GOT and PLT GOT

Author: kovdan01

arch/aarch64/reloc.h

@@ -24,12 +24,12 @@
 	"mov sp,%1 ; br %0" : : "r"(pc), "r"(sp) : "memory" )
 
 #if __has_feature(ptrauth_calls)
-#define TARGET_RELOCATE(dso, type, reladdr, sym, addend, is_phase_2) \
-  do_target_reloc(dso, type, reladdr, sym, addend, is_phase_2)
+#define TARGET_RELOCATE(dso, type, reladdr, sym, addend, is_phase_2, error_sym) \
+  do_target_reloc(dso, type, reladdr, sym, addend, is_phase_2, error_sym)
 #define DO_TARGET_RELR(dso, dyn) do_pauth_relr(dso, dyn)
 
-int do_target_reloc(int type, uint64_t* reladdr, uint64_t base,
-		    uint64_t symval, uint64_t addend, int is_phase_2);
+int do_target_reloc(int type, uint64_t* reladdr, uint64_t base, uint64_t symval,
+                    uint64_t addend, int is_phase_2, uint64_t error_sym);
 
 void do_pauth_relr(uint64_t base, uint64_t* dyn);
 

ldso/dynlink.c

@@ -485,6 +485,7 @@ static void do_relocs(struct dso *dso, size_t *rel, size_t rel_size, size_t stri
 		case REL_GOT:
 		case REL_PLT:
 			*reloc_addr = sym_val + addend;
+			TARGET_RELOCATE(type, reloc_addr, (size_t)base, sym_val, addend, head == &ldso, (uint64_t)error);
 			break;
 		case REL_USYMBOLIC:
 			memcpy(reloc_addr, &(size_t){sym_val + addend}, sizeof(size_t));
@@ -565,7 +566,7 @@ static void do_relocs(struct dso *dso, size_t *rel, size_t rel_size, size_t stri
 #endif
 			break;
 		default:
-			if (TARGET_RELOCATE(type, reloc_addr, (size_t)base, sym_val, addend, head == &ldso))
+			if (TARGET_RELOCATE(type, reloc_addr, (size_t)base, sym_val, addend, head == &ldso, (uint64_t)error))
 				break;
 			error("Error relocating %s: unsupported relocation type %d",
 				dso->name, type);

src/ldso/aarch64/reloc.c

@@ -4,8 +4,12 @@
 #include "reloc.h"
 
 #define R_AARCH64_AUTH_ABS64 0x244
+// Define R_AARCH64_JUMP_SLOT manually to avoid including elf.h
+#define R_AARCH64_JUMP_SLOT 0x402
 #define R_AARCH64_AUTH_RELATIVE 0x411
+#define R_AARCH64_AUTH_GLOB_DAT 0xe201
 
+#define DT_AARCH64_PAC_PLT 0x70000003
 #define DT_AARCH64_AUTH_RELRSZ 0x70000011
 #define DT_AARCH64_AUTH_RELR 0x70000012
 #define DT_AARCH64_AUTH_RELRENT 0x70000013
@@ -66,11 +70,24 @@ static int do_pauth_reloc(uint64_t* reladdr, uint64_t value)
 }
 
 int do_target_reloc(int type, uint64_t* reladdr, uint64_t base,
-					uint64_t symval, uint64_t addend, int is_phase_2)
+                    uint64_t symval, uint64_t addend, int is_phase_2, uint64_t error_sym)
 {
+	if (type == R_AARCH64_JUMP_SLOT) {
+		*reladdr = do_sign_ia((uint64_t)reladdr, *reladdr);
+		return 1;
+	}
+	if (type == R_AARCH64_AUTH_GLOB_DAT) {
+		// is_phase_2 is not applicable here
+		if ((*reladdr & 0xffffffffffffull) == 0)
+			return do_pauth_reloc(reladdr, symval + addend);
+		return 1;
+	}
 	// We don't process auth relocs until we load all dependencies
 	if (is_phase_2)
 		return 1;
+	// FIXME a horrible hack; we set error = error_impl in __dls3 manually
+	if (*reladdr == error_sym)
+		return 1;
 	switch(type)
 	{
 		case R_AARCH64_AUTH_ABS64: