|
45d284f2
|
2024-06-01T12:34:53
|
|
aarch64: support pointer authentication (#834)
* aarch64: fix callstack in ffi_call_SYSV
The debug stack gets corrupted between the frame and stack pivots, update
the CFI directives so the call stack stays correct in the debugger.
str x9, [x1, #32] // stack is ffi_call_SYSV() -> ffi_call_int() -> ffi_call_int() -> main() (good)
mov x29, x1 // stack is ffi_call_SYSV() -> ffi_call_int() -> ffi_call_int() -> ffi_call() -> main() (bad)
mov sp, x0 // stack is ffi_call_SYSV() -> ffi_call_int() -> ffi_call_int() -> main() (good)
The CFA data needs to be updated around the pivots, after this patch the
callstack stays correct.
Signed-off-by: Bill Roberts <bill.roberts@arm.com>
* aarch64: remove uneeded CFI directive
This directive doesn't actually set the CFA to anything valid, and
during unwinding this isn't even used. Note that the PAC/Darwin usage
is quite suspect as well, as the CFA is either x1 or x29 after the frame
pivot, and the CFA address is what's used as the modifier when verifying
the PAC. At least this is the behavior on Linux with PAC, I need to
verify ARME ABI unwinding. So for now leave Darwin as is.
Signed-off-by: Bill Roberts <bill.roberts@arm.com>
* ptrauth: rename define for clarity
Rename the HAVE_PTRAUTH define for clarity that its associated with the
ARM64E ABI and not the ARM64 ABI that can be supported on Linux and
enabled with -mbranch-protection=standard.
Signed-off-by: Bill Roberts <bill.roberts@arm.com>
* aarch64: add PAC support to ffi_call_SYSV
Support AARCH64 Pointer Authentication Codes (PAC) within ffi_call_SYSV
and support exception unwinding.
The Linux ABI for PAC is to use paciasp/autiasp instructions which also
have hint space equivelent instructions. They sign the LR (x30) with the
A key and the current stack pointer as the salt. Note that this can also be
configured to use the B key and will use pacibsp/autibsp hint instructions.
The Linux ABI for exception frame data when PAC is enabled assumes that the
Connonical Frame Address, or CFA is equal to the stack pointer. I.E sp is
equal to x29 (fp). When the unwinder is invoked the cfa will point to
the frame which will include the *signed* return address from the LR.
This will then be passed to __builtin_aarch64_autia1716 where the CFA
will be used as the salt and stored to register x16 and register x17
will contain the signed address to demangle. This can be noted in:
- https://github.com/gcc-mirror/gcc/blob/d6d7afcdbc04adb0ec42a44b2d7e05600945af42/libgcc/config/aarch64/aarch64-unwind.h#L56
The other required portion of this is to indicate to the unwinder that
this is a signed address that needs to go the special demangle route in
the unwinder. This is accomplished by using CFI directive "cfi_window_save"
which marks that frame as being signed.
Putting all of this together is a bit tricky, as the internals of
ffi_call_SYSV the callee allocates its stack and frame and passes it in
arg1 (x0) and arg2 (x1) to the called function, where that function
pivots its stack, so care must be taken to get the sp == fp before
paciasp is called and also restore that state before autiasp is called.
Signed-off-by: Bill Roberts <bill.roberts@arm.com>
---------
Signed-off-by: Bill Roberts <bill.roberts@arm.com>
|
