[Lldb-commits] [PATCH] D136620: Change how debugserver clears auth bits from pc/fp/sp/lr with thread_get_state on Darwin
Jason Molenda via Phabricator via lldb-commits
lldb-commits at lists.llvm.org
Mon Oct 24 10:02:41 PDT 2022
jasonmolenda created this revision.
jasonmolenda added a reviewer: JDevlieghere.
jasonmolenda added a project: LLDB.
Herald added a subscriber: kristof.beyls.
Herald added a project: All.
jasonmolenda requested review of this revision.
Herald added a subscriber: lldb-commits.
When debugserver thread_get_state/thread_set_state's registers from an inferior, if the inferior is arm64e, debugserver must also be built arm64e, and debugserver passes the values through a series of macros provided by the kernel to authorize & clear auth bits off of the values that thread_get_state provides. When the inferior process has crashed -- jumping through an improperly signed function pointer, or jumped to invalid memory, the pc value will fail to authenticate in these kernel macros. On M2 <https://reviews.llvm.org/M2> era Mac hardware, this auth failure results in debugserver crashing.
We don't need to authenticate sp/pc/fp/lr, we only need to clear the auth bits from the address values. This patch replaces the kernel macro accesses after thread_get_state to do that. The macros like __darwin_arm_thread_state64_get_pc() are gated on `__has_feature(ptrauth_calls) && defined(__LP64__)`, and in the case where we have `ptrauth_calls`, the register context structure in <mach/arm/_structs.h> are `void *` instead of `uint64_t`, so I needed to add a reinterpret cast of those values before clearing them.
It would probably be better to move my checks of `__has_feature(ptrauth_calls) && defined(__LP64__)` into this `clear_pac_bits()` function and call it unconditionally, instead of testing at all of the caller sites. (these two tests are distinguishing between arm64_32 v. arm64 v. arm64e)
In the case of thread_set_state, we will still use the kernel provided macros -- in this case, we are passing unsigned addresses and the signing will never fail.
With this patch, we still trigger the warning that the program has halted because of a PAC auth failure and show the most relevant pc value to explain it; no change in behavior there.
Repository:
rG LLVM Github Monorepo
https://reviews.llvm.org/D136620
Files:
lldb/tools/debugserver/source/DNB.cpp
lldb/tools/debugserver/source/DNB.h
lldb/tools/debugserver/source/MacOSX/arm64/DNBArchImplARM64.cpp
lldb/tools/debugserver/source/RNBRemote.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D136620.470197.patch
Type: text/x-patch
Size: 7185 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/lldb-commits/attachments/20221024/a6a7445f/attachment-0001.bin>
More information about the lldb-commits
mailing list