[all-commits] [llvm/llvm-project] 1d2b55: [AArch64][PAC] Check authenticated LR value during...

Anatoly Trosinenko via All-commits all-commits at lists.llvm.org
Wed Oct 11 07:39:50 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/llvm/llvm-project
  Commit: 1d2b558265bd9c9c50599b78e210eeebc78a1ae3
      https://github.com/llvm/llvm-project/commit/1d2b558265bd9c9c50599b78e210eeebc78a1ae3
  Author: Anatoly Trosinenko <atrosinenko at accesssoftek.com>
  Date:   2023-10-11 (Wed, 11 Oct 2023)

  Changed paths:
    M llvm/lib/Target/AArch64/AArch64FrameLowering.cpp
    M llvm/lib/Target/AArch64/AArch64InstrInfo.cpp
    M llvm/lib/Target/AArch64/AArch64InstrInfo.h
    M llvm/lib/Target/AArch64/AArch64MachineFunctionInfo.cpp
    M llvm/lib/Target/AArch64/AArch64MachineFunctionInfo.h
    M llvm/lib/Target/AArch64/AArch64PointerAuth.cpp
    A llvm/lib/Target/AArch64/AArch64PointerAuth.h
    M llvm/lib/Target/AArch64/AArch64Subtarget.cpp
    M llvm/lib/Target/AArch64/AArch64Subtarget.h
    A llvm/test/CodeGen/AArch64/sign-return-address-tailcall.ll

  Log Message:
  -----------
  [AArch64][PAC] Check authenticated LR value during tail call

When performing a tail call, check the value of LR register after
authentication to prevent the callee from signing and spilling an
untrusted value. This commit implements a few variants of check,
more can be added later.

If it is safe to assume that executable pages are always readable,
LR can be checked just by dereferencing the LR value via LDR.

As an alternative, LR can be checked as follows:

    ; lowered AUT* instruction
    ; <some variant of check that LR contains a valid address>
    b.cond break_block
  ret_block:
    ; lowered TCRETURN
  break_block:
    brk 0xc471

As the existing methods either break the compatibility with execute-only
memory mappings or can degrade the performance, they are disabled by
default and can be explicitly enabled with a command line option.

Individual subtargets can opt-in to use one of the available methods
by updating AArch64FrameLowering::getAuthenticatedLRCheckMethod().

Reviewed By: kristof.beyls

Differential Revision: https://reviews.llvm.org/D156716

More information about the All-commits mailing list