[clang] [PAC] Implement authentication for C++ member function pointers (PR #99576)
Oliver Hunt via cfe-commits
cfe-commits at lists.llvm.org
Mon Jul 22 11:55:36 PDT 2024
================
@@ -1036,9 +1155,32 @@ llvm::Constant *ItaniumCXXABI::BuildMemberPointer(const CXXMethodDecl *MD,
// least significant bit of adj then makes exactly the same
// discrimination as the least significant bit of ptr does for
// Itanium.
- MemPtr[0] = llvm::ConstantInt::get(CGM.PtrDiffTy, VTableOffset);
- MemPtr[1] = llvm::ConstantInt::get(CGM.PtrDiffTy,
- 2 * ThisAdjustment.getQuantity() + 1);
+
+ // We cannot use the Itanium ABI's representation for virtual member
+ // function pointers under pointer authentication because it would
+ // require us to store both the virtual offset and the constant
+ // discriminator in the pointer, which would be immediately vulnerable
+ // to attack. Instead we introduce a thunk that does the virtual dispatch
+ // and store it as if it were a non-virtual member function. This means
+ // that virtual function pointers may not compare equal anymore, but
+ // fortunately they aren't required to by the standard, and we do make
+ // a best-effort attempt to re-use the thunk.
+ //
+ // To support interoperation with code in which pointer authentication
+ // is disabled, derefencing a member function pointer must still handle
+ // the virtual case, but it can use a discriminator which should never
+ // be valid.
+ const auto &Schema =
+ CGM.getCodeGenOpts().PointerAuth.CXXMemberFunctionPointers;
+ if (Schema)
+ MemPtr[0] = llvm::ConstantExpr::getPtrToInt(
+ getSignedVirtualMemberFunctionPointer(MD), CGM.PtrDiffTy);
+ else
+ MemPtr[0] = llvm::ConstantInt::get(CGM.PtrDiffTy, VTableOffset);
+ // Don't set the LSB of adj to 1 if pointer authentication for member
----------------
ojhunt wrote:
@kovdan01 what do you mean here? the use of a thunk in general?
https://github.com/llvm/llvm-project/pull/99576
More information about the cfe-commits
mailing list