Message ID | 55c2f030bcb0c66c855e823b60bbd624d7d5bff9.1589552055.git.szabolcs.nagy@arm.com |
---|---|
State | New |
Headers | show |
Series | aarch64: branch protection support | expand |
On 15/05/2020 11:40, Szabolcs Nagy wrote: > Use return address signing in assembly files for functions that save > LR when pac-ret is enabled in the compiler. > > The GNU property note for PAC-RET is not meaningful to the dynamic > linker so it is not strictly required, but it may be used to track > the security property of binaries. (The PAC-RET property is only set > if BTI is set too because BTI implies working GNU property support.) With the suggestion from previous HAVE_AARCH64_PAC_RET patch, these tests could be used as #if HAVE_AARCH64_PAC_RET. Besides that, LGTM. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> > --- > sysdeps/aarch64/crti.S | 8 ++++++++ > sysdeps/aarch64/crtn.S | 6 ++++++ > sysdeps/aarch64/dl-tlsdesc.S | 8 ++++++++ > sysdeps/aarch64/dl-trampoline.S | 18 ++++++++++++++++++ > sysdeps/aarch64/sysdep.h | 8 +++++++- > 5 files changed, 47 insertions(+), 1 deletion(-) > > diff --git a/sysdeps/aarch64/crti.S b/sysdeps/aarch64/crti.S > index c346bcad72..02ec7d015e 100644 > --- a/sysdeps/aarch64/crti.S > +++ b/sysdeps/aarch64/crti.S > @@ -75,7 +75,11 @@ call_weak_fn: > .hidden _init > .type _init, %function > _init: > +#ifdef HAVE_AARCH64_PAC_RET > + PACIASP > +#else > BTI_C > +#endif > stp x29, x30, [sp, -16]! > mov x29, sp > #if PREINIT_FUNCTION_WEAK > @@ -90,6 +94,10 @@ _init: > .hidden _fini > .type _fini, %function > _fini: > +#ifdef HAVE_AARCH64_PAC_RET > + PACIASP > +#else > BTI_C > +#endif > stp x29, x30, [sp, -16]! > mov x29, sp Ok. > diff --git a/sysdeps/aarch64/crtn.S b/sysdeps/aarch64/crtn.S > index 0c1ef112c2..4b93b90411 100644 > --- a/sysdeps/aarch64/crtn.S > +++ b/sysdeps/aarch64/crtn.S > @@ -41,8 +41,14 @@ > > .section .init,"ax",%progbits > ldp x29, x30, [sp], 16 > +#ifdef HAVE_AARCH64_PAC_RET > + AUTIASP > +#endif > RET > > .section .fini,"ax",%progbits > ldp x29, x30, [sp], 16 > +#ifdef HAVE_AARCH64_PAC_RET > + AUTIASP > +#endif > RET Ok. > diff --git a/sysdeps/aarch64/dl-tlsdesc.S b/sysdeps/aarch64/dl-tlsdesc.S > index 9d96c8632a..3746dbec17 100644 > --- a/sysdeps/aarch64/dl-tlsdesc.S > +++ b/sysdeps/aarch64/dl-tlsdesc.S > @@ -183,6 +183,10 @@ _dl_tlsdesc_dynamic: > callee will trash. */ > > /* Save the remaining registers that we must treat as caller save. */ > +# ifdef HAVE_AARCH64_PAC_RET > + PACIASP > + cfi_window_save > +# endif > # define NSAVEXREGPAIRS 8 > stp x29, x30, [sp,#-16*NSAVEXREGPAIRS]! > cfi_adjust_cfa_offset (16*NSAVEXREGPAIRS) > @@ -233,6 +237,10 @@ _dl_tlsdesc_dynamic: > cfi_adjust_cfa_offset (-16*NSAVEXREGPAIRS) > cfi_restore (x29) > cfi_restore (x30) > +# ifdef HAVE_AARCH64_PAC_RET > + AUTIASP > + cfi_window_save > +# endif > b 1b > cfi_endproc > .size _dl_tlsdesc_dynamic, .-_dl_tlsdesc_dynamic Ok. > diff --git a/sysdeps/aarch64/dl-trampoline.S b/sysdeps/aarch64/dl-trampoline.S > index 2cbfa81434..53f92d68bf 100644 > --- a/sysdeps/aarch64/dl-trampoline.S > +++ b/sysdeps/aarch64/dl-trampoline.S > @@ -127,7 +127,12 @@ _dl_runtime_resolve: > cfi_startproc > .align 2 > _dl_runtime_profile: > +# ifdef HAVE_AARCH64_PAC_RET > + PACIASP > + cfi_window_save > +# else > BTI_C > +# endif > /* AArch64 we get called with: > ip0 &PLTGOT[2] > ip1 temp(dl resolver entry point) > @@ -239,8 +244,17 @@ _dl_runtime_profile: > cfi_restore(x29) > cfi_restore(x30) > > +# ifdef HAVE_AARCH64_PAC_RET > + add sp, sp, SF_SIZE > + cfi_adjust_cfa_offset (-SF_SIZE) > + AUTIASP > + cfi_window_save > + add sp, sp, 16 > + cfi_adjust_cfa_offset (-16) > +# else > add sp, sp, SF_SIZE + 16 > cfi_adjust_cfa_offset (- SF_SIZE - 16) > +# endif > > /* Jump to the newly found address. */ > br ip0 > @@ -287,6 +301,10 @@ _dl_runtime_profile: > /* LR from within La_aarch64_reg */ > ldr lr, [x29, #OFFSET_RG + DL_OFFSET_RG_LR] > cfi_restore(lr) > +# ifdef HAVE_AARCH64_PAC_RET > + /* Note: LR restored from La_aarch64_reg has no PAC. */ > + cfi_window_save > +# endif > mov sp, x29 > cfi_def_cfa_register (sp) > ldr x29, [x29, #0] Ok. > diff --git a/sysdeps/aarch64/sysdep.h b/sysdeps/aarch64/sysdep.h > index 086fc84b53..c51572a690 100644 > --- a/sysdeps/aarch64/sysdep.h > +++ b/sysdeps/aarch64/sysdep.h > @@ -45,6 +45,10 @@ > #define BTI_C hint 34 > #define BTI_J hint 36 > > +/* Return address signing support (pac-ret). */ > +#define PACIASP hint 25 > +#define AUTIASP hint 29 > + > /* GNU_PROPERTY_AARCH64_* macros from elf.h for use in asm code. */ > #define FEATURE_1_AND 0xc0000000 > #define FEATURE_1_BTI 1 > @@ -66,7 +70,9 @@ > > /* Add GNU property note with the supported features to all asm code > where sysdep.h is included. */ > -#if defined HAVE_AARCH64_BTI > +#if defined HAVE_AARCH64_BTI && defined HAVE_AARCH64_PAC_RET > +GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI|FEATURE_1_PAC) > +#elif defined HAVE_AARCH64_BTI > GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI) > #endif > > Ok.
diff --git a/sysdeps/aarch64/crti.S b/sysdeps/aarch64/crti.S index c346bcad72..02ec7d015e 100644 --- a/sysdeps/aarch64/crti.S +++ b/sysdeps/aarch64/crti.S @@ -75,7 +75,11 @@ call_weak_fn: .hidden _init .type _init, %function _init: +#ifdef HAVE_AARCH64_PAC_RET + PACIASP +#else BTI_C +#endif stp x29, x30, [sp, -16]! mov x29, sp #if PREINIT_FUNCTION_WEAK @@ -90,6 +94,10 @@ _init: .hidden _fini .type _fini, %function _fini: +#ifdef HAVE_AARCH64_PAC_RET + PACIASP +#else BTI_C +#endif stp x29, x30, [sp, -16]! mov x29, sp diff --git a/sysdeps/aarch64/crtn.S b/sysdeps/aarch64/crtn.S index 0c1ef112c2..4b93b90411 100644 --- a/sysdeps/aarch64/crtn.S +++ b/sysdeps/aarch64/crtn.S @@ -41,8 +41,14 @@ .section .init,"ax",%progbits ldp x29, x30, [sp], 16 +#ifdef HAVE_AARCH64_PAC_RET + AUTIASP +#endif RET .section .fini,"ax",%progbits ldp x29, x30, [sp], 16 +#ifdef HAVE_AARCH64_PAC_RET + AUTIASP +#endif RET diff --git a/sysdeps/aarch64/dl-tlsdesc.S b/sysdeps/aarch64/dl-tlsdesc.S index 9d96c8632a..3746dbec17 100644 --- a/sysdeps/aarch64/dl-tlsdesc.S +++ b/sysdeps/aarch64/dl-tlsdesc.S @@ -183,6 +183,10 @@ _dl_tlsdesc_dynamic: callee will trash. */ /* Save the remaining registers that we must treat as caller save. */ +# ifdef HAVE_AARCH64_PAC_RET + PACIASP + cfi_window_save +# endif # define NSAVEXREGPAIRS 8 stp x29, x30, [sp,#-16*NSAVEXREGPAIRS]! cfi_adjust_cfa_offset (16*NSAVEXREGPAIRS) @@ -233,6 +237,10 @@ _dl_tlsdesc_dynamic: cfi_adjust_cfa_offset (-16*NSAVEXREGPAIRS) cfi_restore (x29) cfi_restore (x30) +# ifdef HAVE_AARCH64_PAC_RET + AUTIASP + cfi_window_save +# endif b 1b cfi_endproc .size _dl_tlsdesc_dynamic, .-_dl_tlsdesc_dynamic diff --git a/sysdeps/aarch64/dl-trampoline.S b/sysdeps/aarch64/dl-trampoline.S index 2cbfa81434..53f92d68bf 100644 --- a/sysdeps/aarch64/dl-trampoline.S +++ b/sysdeps/aarch64/dl-trampoline.S @@ -127,7 +127,12 @@ _dl_runtime_resolve: cfi_startproc .align 2 _dl_runtime_profile: +# ifdef HAVE_AARCH64_PAC_RET + PACIASP + cfi_window_save +# else BTI_C +# endif /* AArch64 we get called with: ip0 &PLTGOT[2] ip1 temp(dl resolver entry point) @@ -239,8 +244,17 @@ _dl_runtime_profile: cfi_restore(x29) cfi_restore(x30) +# ifdef HAVE_AARCH64_PAC_RET + add sp, sp, SF_SIZE + cfi_adjust_cfa_offset (-SF_SIZE) + AUTIASP + cfi_window_save + add sp, sp, 16 + cfi_adjust_cfa_offset (-16) +# else add sp, sp, SF_SIZE + 16 cfi_adjust_cfa_offset (- SF_SIZE - 16) +# endif /* Jump to the newly found address. */ br ip0 @@ -287,6 +301,10 @@ _dl_runtime_profile: /* LR from within La_aarch64_reg */ ldr lr, [x29, #OFFSET_RG + DL_OFFSET_RG_LR] cfi_restore(lr) +# ifdef HAVE_AARCH64_PAC_RET + /* Note: LR restored from La_aarch64_reg has no PAC. */ + cfi_window_save +# endif mov sp, x29 cfi_def_cfa_register (sp) ldr x29, [x29, #0] diff --git a/sysdeps/aarch64/sysdep.h b/sysdeps/aarch64/sysdep.h index 086fc84b53..c51572a690 100644 --- a/sysdeps/aarch64/sysdep.h +++ b/sysdeps/aarch64/sysdep.h @@ -45,6 +45,10 @@ #define BTI_C hint 34 #define BTI_J hint 36 +/* Return address signing support (pac-ret). */ +#define PACIASP hint 25 +#define AUTIASP hint 29 + /* GNU_PROPERTY_AARCH64_* macros from elf.h for use in asm code. */ #define FEATURE_1_AND 0xc0000000 #define FEATURE_1_BTI 1 @@ -66,7 +70,9 @@ /* Add GNU property note with the supported features to all asm code where sysdep.h is included. */ -#if defined HAVE_AARCH64_BTI +#if defined HAVE_AARCH64_BTI && defined HAVE_AARCH64_PAC_RET +GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI|FEATURE_1_PAC) +#elif defined HAVE_AARCH64_BTI GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI) #endif