[compiler-rt] e6a1aff - [runtimes][PAC] Harden unwinding when possible (#143230)
via llvm-commits
llvm-commits at lists.llvm.org
Mon Oct 20 09:57:49 PDT 2025
Author: Oliver Hunt
Date: 2025-10-20T09:57:45-07:00
New Revision: e6a1aff5916447630e9ec0e8a90594ca1ee7a1be
URL: https://github.com/llvm/llvm-project/commit/e6a1aff5916447630e9ec0e8a90594ca1ee7a1be
DIFF: https://github.com/llvm/llvm-project/commit/e6a1aff5916447630e9ec0e8a90594ca1ee7a1be.diff
LOG: [runtimes][PAC] Harden unwinding when possible (#143230)
This hardens the unwinding logic and datastructures on systems
that support pointer authentication.
The approach taken to hardening is to harden the schemas of as many
high value fields in the myriad structs as possible, and then also
explicitly qualify local variables referencing privileged or security
critical values.
This does introduce ABI linkage between libcxx, libcxxabi, and
libunwind but those are in principle separate from the OS itself
so we've kept the schema definitions in the library specific headers
rather than ptrauth.h
Added:
Modified:
compiler-rt/lib/builtins/gcc_personality_v0.c
libcxxabi/include/__cxxabi_config.h
libcxxabi/src/cxa_exception.cpp
libcxxabi/src/cxa_exception.h
libcxxabi/src/cxa_personality.cpp
libunwind/include/__libunwind_config.h
libunwind/include/libunwind.h
libunwind/src/AddressSpace.hpp
libunwind/src/CompactUnwinder.hpp
libunwind/src/DwarfInstructions.hpp
libunwind/src/DwarfParser.hpp
libunwind/src/Registers.hpp
libunwind/src/UnwindCursor.hpp
libunwind/src/UnwindLevel1.c
libunwind/src/UnwindRegistersRestore.S
libunwind/src/UnwindRegistersSave.S
libunwind/src/libunwind.cpp
Removed:
################################################################################
diff --git a/compiler-rt/lib/builtins/gcc_personality_v0.c b/compiler-rt/lib/builtins/gcc_personality_v0.c
index ef63a5fb83472..3ed17fa788c28 100644
--- a/compiler-rt/lib/builtins/gcc_personality_v0.c
+++ b/compiler-rt/lib/builtins/gcc_personality_v0.c
@@ -30,6 +30,54 @@ EXCEPTION_DISPOSITION _GCC_specific_handler(PEXCEPTION_RECORD, void *, PCONTEXT,
_Unwind_Personality_Fn);
#endif
+#if __has_feature(ptrauth_calls)
+#include <ptrauth.h>
+
+// `__ptrauth_restricted_intptr` is a feature of apple clang that predates
+// support for direct application of `__ptrauth` to integer types. This
+// guard is necessary to support compilation with those compiler.
+#if __has_feature(ptrauth_restricted_intptr_qualifier)
+#define __ptrauth_gcc_personality_intptr(key, addressDiscriminated, \
+ discriminator) \
+ __ptrauth_restricted_intptr(key, addressDiscriminated, discriminator)
+#else
+#define __ptrauth_gcc_personality_intptr(key, addressDiscriminated, \
+ discriminator) \
+ __ptrauth(key, addressDiscriminated, discriminator)
+#endif
+#else
+#define __ptrauth_gcc_personality_intptr(...)
+#endif
+
+#define __ptrauth_gcc_personality_func_key ptrauth_key_function_pointer
+
+// ptrauth_string_discriminator("__gcc_personality_v0'funcStart") == 0xDFEB
+#define __ptrauth_gcc_personality_func_start \
+ __ptrauth_gcc_personality_intptr(__ptrauth_gcc_personality_func_key, 1, \
+ 0xDFEB)
+
+// ptrauth_string_discriminator("__gcc_personality_v0'start") == 0x52DC
+#define __ptrauth_gcc_personality_start \
+ __ptrauth_gcc_personality_intptr(__ptrauth_gcc_personality_func_key, 1, \
+ 0x52DC)
+
+// ptrauth_string_discriminator("__gcc_personality_v0'length") == 0xFFF7
+#define __ptrauth_gcc_personality_length \
+ __ptrauth_gcc_personality_intptr(__ptrauth_gcc_personality_func_key, 1, \
+ 0xFFF7)
+
+// ptrauth_string_discriminator("__gcc_personality_v0'landingPadOffset") ==
+// 0x6498
+#define __ptrauth_gcc_personality_lpoffset \
+ __ptrauth_gcc_personality_intptr(__ptrauth_gcc_personality_func_key, 1, \
+ 0x6498)
+
+// ptrauth_string_discriminator("__gcc_personality_v0'landingPad") == 0xA134
+#define __ptrauth_gcc_personality_lpad_disc 0xA134
+#define __ptrauth_gcc_personality_lpad \
+ __ptrauth_gcc_personality_intptr(__ptrauth_gcc_personality_func_key, 1, \
+ __ptrauth_gcc_personality_lpad_disc)
+
// Pointer encodings documented at:
// http://refspecs.freestandards.org/LSB_1.3.0/gLSB/gLSB/ehframehdr.html
@@ -205,7 +253,8 @@ COMPILER_RT_ABI _Unwind_Reason_Code __gcc_personality_v0(
return continueUnwind(exceptionObject, context);
uintptr_t pc = (uintptr_t)_Unwind_GetIP(context) - 1;
- uintptr_t funcStart = (uintptr_t)_Unwind_GetRegionStart(context);
+ uintptr_t __ptrauth_gcc_personality_func_start funcStart =
+ (uintptr_t)_Unwind_GetRegionStart(context);
uintptr_t pcOffset = pc - funcStart;
// Parse LSDA header.
@@ -224,11 +273,14 @@ COMPILER_RT_ABI _Unwind_Reason_Code __gcc_personality_v0(
const uint8_t *callSiteTableEnd = callSiteTableStart + callSiteTableLength;
const uint8_t *p = callSiteTableStart;
while (p < callSiteTableEnd) {
- uintptr_t start = readEncodedPointer(&p, callSiteEncoding);
- size_t length = readEncodedPointer(&p, callSiteEncoding);
- size_t landingPad = readEncodedPointer(&p, callSiteEncoding);
+ uintptr_t __ptrauth_gcc_personality_start start =
+ readEncodedPointer(&p, callSiteEncoding);
+ size_t __ptrauth_gcc_personality_length length =
+ readEncodedPointer(&p, callSiteEncoding);
+ size_t __ptrauth_gcc_personality_lpoffset landingPadOffset =
+ readEncodedPointer(&p, callSiteEncoding);
readULEB128(&p); // action value not used for C code
- if (landingPad == 0)
+ if (landingPadOffset == 0)
continue; // no landing pad for this entry
if ((start <= pcOffset) && (pcOffset < (start + length))) {
// Found landing pad for the PC.
@@ -238,7 +290,24 @@ COMPILER_RT_ABI _Unwind_Reason_Code __gcc_personality_v0(
_Unwind_SetGR(context, __builtin_eh_return_data_regno(0),
(uintptr_t)exceptionObject);
_Unwind_SetGR(context, __builtin_eh_return_data_regno(1), 0);
- _Unwind_SetIP(context, (funcStart + landingPad));
+ size_t __ptrauth_gcc_personality_lpad landingPad =
+ funcStart + landingPadOffset;
+#if __has_feature(ptrauth_calls)
+ uintptr_t stackPointer = _Unwind_GetGR(context, -2);
+ const uintptr_t existingDiscriminator = ptrauth_blend_discriminator(
+ &landingPad, __ptrauth_gcc_personality_lpad_disc);
+ // newIP is authenticated as if it were qualified with a pseudo qualifier
+ // along the lines of:
+ // __ptrauth(ptrauth_key_return_address, <stackPointer>, 0)
+ // where the stack pointer is used in place of the strict storage
+ // address.
+ uintptr_t newIP = (uintptr_t)ptrauth_auth_and_resign(
+ *(void **)&landingPad, __ptrauth_gcc_personality_func_key,
+ existingDiscriminator, ptrauth_key_return_address, stackPointer);
+ _Unwind_SetIP(context, newIP);
+#else
+ _Unwind_SetIP(context, landingPad);
+#endif
return _URC_INSTALL_CONTEXT;
}
}
diff --git a/libcxxabi/include/__cxxabi_config.h b/libcxxabi/include/__cxxabi_config.h
index 759445dac91f9..f5101dbc9e599 100644
--- a/libcxxabi/include/__cxxabi_config.h
+++ b/libcxxabi/include/__cxxabi_config.h
@@ -103,6 +103,47 @@
#define _LIBCXXABI_DTOR_FUNC
#endif
+#if __has_include(<ptrauth.h>)
+# include <ptrauth.h>
+#endif
+
+#if __has_feature(ptrauth_calls)
+
+// ptrauth_string_discriminator("__cxa_exception::actionRecord") == 0xFC91
+# define __ptrauth_cxxabi_action_record __ptrauth(ptrauth_key_process_dependent_data, 1, 0xFC91)
+
+// ptrauth_string_discriminator("__cxa_exception::languageSpecificData") == 0xE8EE
+# define __ptrauth_cxxabi_lsd __ptrauth(ptrauth_key_process_dependent_data, 1, 0xE8EE)
+
+// ptrauth_string_discriminator("__cxa_exception::catchTemp") == 0xFA58
+# define __ptrauth_cxxabi_catch_temp_disc 0xFA58
+# define __ptrauth_cxxabi_catch_temp_key ptrauth_key_process_dependent_data
+# define __ptrauth_cxxabi_catch_temp __ptrauth(__ptrauth_cxxabi_catch_temp_key, 1, __ptrauth_cxxabi_catch_temp_disc)
+
+// ptrauth_string_discriminator("__cxa_exception::adjustedPtr") == 0x99E4
+# define __ptrauth_cxxabi_adjusted_ptr __ptrauth(ptrauth_key_process_dependent_data, 1, 0x99E4)
+
+// ptrauth_string_discriminator("__cxa_exception::unexpectedHandler") == 0x99A9
+# define __ptrauth_cxxabi_unexpected_handler __ptrauth(ptrauth_key_function_pointer, 1, 0x99A9)
+
+// ptrauth_string_discriminator("__cxa_exception::terminateHandler") == 0x0886)
+# define __ptrauth_cxxabi_terminate_handler __ptrauth(ptrauth_key_function_pointer, 1, 0x886)
+
+// ptrauth_string_discriminator("__cxa_exception::exceptionDestructor") == 0xC088
+# define __ptrauth_cxxabi_exception_destructor __ptrauth(ptrauth_key_function_pointer, 1, 0xC088)
+
+#else
+
+# define __ptrauth_cxxabi_action_record
+# define __ptrauth_cxxabi_lsd
+# define __ptrauth_cxxabi_catch_temp
+# define __ptrauth_cxxabi_adjusted_ptr
+# define __ptrauth_cxxabi_unexpected_handler
+# define __ptrauth_cxxabi_terminate_handler
+# define __ptrauth_cxxabi_exception_destructor
+
+#endif
+
#if __cplusplus < 201103L
# define _LIBCXXABI_NOEXCEPT throw()
#else
diff --git a/libcxxabi/src/cxa_exception.cpp b/libcxxabi/src/cxa_exception.cpp
index 92901a83bfd03..73ba21c1df7c1 100644
--- a/libcxxabi/src/cxa_exception.cpp
+++ b/libcxxabi/src/cxa_exception.cpp
@@ -192,7 +192,9 @@ void *__cxa_allocate_exception(size_t thrown_size) throw() {
std::terminate();
__cxa_exception *exception_header =
static_cast<__cxa_exception *>((void *)(raw_buffer + header_offset));
- ::memset(exception_header, 0, actual_size);
+ // We warn on memset to a non-trivially castable type. We might want to
+ // change that diagnostic to not fire on a trivially obvious zero fill.
+ ::memset(static_cast<void*>(exception_header), 0, actual_size);
return thrown_object_from_cxa_exception(exception_header);
}
diff --git a/libcxxabi/src/cxa_exception.h b/libcxxabi/src/cxa_exception.h
index aba08f2992103..fa4c4dc55bde2 100644
--- a/libcxxabi/src/cxa_exception.h
+++ b/libcxxabi/src/cxa_exception.h
@@ -47,10 +47,10 @@ struct _LIBCXXABI_HIDDEN __cxa_exception {
// In Wasm, a destructor returns its argument
void *(_LIBCXXABI_DTOR_FUNC *exceptionDestructor)(void *);
#else
- void (_LIBCXXABI_DTOR_FUNC *exceptionDestructor)(void *);
+ void (_LIBCXXABI_DTOR_FUNC *__ptrauth_cxxabi_exception_destructor exceptionDestructor)(void *);
#endif
- std::unexpected_handler unexpectedHandler;
- std::terminate_handler terminateHandler;
+ std::unexpected_handler __ptrauth_cxxabi_unexpected_handler unexpectedHandler;
+ std::terminate_handler __ptrauth_cxxabi_terminate_handler terminateHandler;
__cxa_exception *nextException;
@@ -61,10 +61,10 @@ struct _LIBCXXABI_HIDDEN __cxa_exception {
int propagationCount;
#else
int handlerSwitchValue;
- const unsigned char *actionRecord;
- const unsigned char *languageSpecificData;
- void *catchTemp;
- void *adjustedPtr;
+ const unsigned char *__ptrauth_cxxabi_action_record actionRecord;
+ const unsigned char *__ptrauth_cxxabi_lsd languageSpecificData;
+ void *__ptrauth_cxxabi_catch_temp catchTemp;
+ void *__ptrauth_cxxabi_adjusted_ptr adjustedPtr;
#endif
#if !defined(__LP64__) && !defined(_WIN64) && !defined(_LIBCXXABI_ARM_EHABI)
@@ -79,6 +79,8 @@ struct _LIBCXXABI_HIDDEN __cxa_exception {
// http://sourcery.mentor.com/archives/cxx-abi-dev/msg01924.html
// The layout of this structure MUST match the layout of __cxa_exception, with
// primaryException instead of referenceCount.
+// The pointer authentication schemas specified here must also match those of
+// the corresponding members in __cxa_exception.
struct _LIBCXXABI_HIDDEN __cxa_dependent_exception {
#if defined(__LP64__) || defined(_WIN64) || defined(_LIBCXXABI_ARM_EHABI)
void* reserve; // padding.
@@ -86,9 +88,9 @@ struct _LIBCXXABI_HIDDEN __cxa_dependent_exception {
#endif
std::type_info *exceptionType;
- void (_LIBCXXABI_DTOR_FUNC *exceptionDestructor)(void *);
- std::unexpected_handler unexpectedHandler;
- std::terminate_handler terminateHandler;
+ void (_LIBCXXABI_DTOR_FUNC *__ptrauth_cxxabi_exception_destructor exceptionDestructor)(void *);
+ std::unexpected_handler __ptrauth_cxxabi_unexpected_handler unexpectedHandler;
+ std::terminate_handler __ptrauth_cxxabi_terminate_handler terminateHandler;
__cxa_exception *nextException;
@@ -99,10 +101,10 @@ struct _LIBCXXABI_HIDDEN __cxa_dependent_exception {
int propagationCount;
#else
int handlerSwitchValue;
- const unsigned char *actionRecord;
- const unsigned char *languageSpecificData;
- void * catchTemp;
- void *adjustedPtr;
+ const unsigned char *__ptrauth_cxxabi_action_record actionRecord;
+ const unsigned char *__ptrauth_cxxabi_lsd languageSpecificData;
+ void *__ptrauth_cxxabi_catch_temp catchTemp;
+ void *__ptrauth_cxxabi_adjusted_ptr adjustedPtr;
#endif
#if !defined(__LP64__) && !defined(_WIN64) && !defined(_LIBCXXABI_ARM_EHABI)
diff --git a/libcxxabi/src/cxa_personality.cpp b/libcxxabi/src/cxa_personality.cpp
index 5f6e75c5be19c..b7eb0f23dbe06 100644
--- a/libcxxabi/src/cxa_personality.cpp
+++ b/libcxxabi/src/cxa_personality.cpp
@@ -20,7 +20,47 @@
#include "cxa_exception.h"
#include "cxa_handlers.h"
#include "private_typeinfo.h"
-#include "unwind.h"
+
+#if __has_feature(ptrauth_calls)
+
+// CXXABI depends on defintions in libunwind as pointer auth couples the
+// definitions
+# include "libunwind.h"
+
+// The actual value of the discriminators listed below is not important.
+// The derivation of the constants is only being included for the purpose
+// of maintaining a record of how they were originally produced.
+
+// ptrauth_string_discriminator("scan_results::languageSpecificData") == 0xE50D)
+# define __ptrauth_scan_results_lsd __ptrauth(ptrauth_key_process_dependent_code, 1, 0xE50D)
+
+// ptrauth_string_discriminator("scan_results::actionRecord") == 0x9823
+# define __ptrauth_scan_results_action_record __ptrauth(ptrauth_key_process_dependent_code, 1, 0x9823)
+
+// scan result is broken up as we have a manual re-sign that requires each component
+# define __ptrauth_scan_results_landingpad_key ptrauth_key_process_dependent_code
+// ptrauth_string_discriminator("scan_results::landingPad") == 0xD27C
+# define __ptrauth_scan_results_landingpad_disc 0xD27C
+# define __ptrauth_scan_results_landingpad \
+ __ptrauth(__ptrauth_scan_results_landingpad_key, 1, __ptrauth_scan_results_landingpad_disc)
+
+// `__ptrauth_restricted_intptr` is a feature of apple clang that predates
+// support for direct application of `__ptrauth` to integer types. This
+// guard is necessary to support compilation with those compiler.
+# if __has_extension(ptrauth_restricted_intptr_qualifier)
+# define __ptrauth_scan_results_landingpad_intptr \
+ __ptrauth_restricted_intptr(__ptrauth_scan_results_landingpad_key, 1, __ptrauth_scan_results_landingpad_disc)
+# else
+# define __ptrauth_scan_results_landingpad_intptr \
+ __ptrauth(__ptrauth_scan_results_landingpad_key, 1, __ptrauth_scan_results_landingpad_disc)
+# endif
+
+#else
+# define __ptrauth_scan_results_lsd
+# define __ptrauth_scan_results_action_record
+# define __ptrauth_scan_results_landingpad
+# define __ptrauth_scan_results_landingpad_intptr
+#endif
// TODO: This is a temporary workaround for libc++abi to recognize that it's being
// built against LLVM's libunwind. LLVM's libunwind started reporting _LIBUNWIND_VERSION
@@ -527,12 +567,17 @@ get_thrown_object_ptr(_Unwind_Exception* unwind_exception)
namespace
{
+typedef const uint8_t *__ptrauth_scan_results_lsd lsd_ptr_t;
+typedef const uint8_t *__ptrauth_scan_results_action_record action_ptr_t;
+typedef uintptr_t __ptrauth_scan_results_landingpad_intptr landing_pad_t;
+typedef void *__ptrauth_scan_results_landingpad landing_pad_ptr_t;
+
struct scan_results
{
int64_t ttypeIndex; // > 0 catch handler, < 0 exception spec handler, == 0 a cleanup
- const uint8_t* actionRecord; // Currently unused. Retained to ease future maintenance.
- const uint8_t* languageSpecificData; // Needed only for __cxa_call_unexpected
- uintptr_t landingPad; // null -> nothing found, else something found
+ action_ptr_t actionRecord; // Currently unused. Retained to ease future maintenance.
+ lsd_ptr_t languageSpecificData; // Needed only for __cxa_call_unexpected
+ landing_pad_t landingPad; // null -> nothing found, else something found
void* adjustedPtr; // Used in cxa_exception.cpp
_Unwind_Reason_Code reason; // One of _URC_FATAL_PHASE1_ERROR,
// _URC_FATAL_PHASE2_ERROR,
@@ -557,7 +602,23 @@ set_registers(_Unwind_Exception* unwind_exception, _Unwind_Context* context,
reinterpret_cast<uintptr_t>(unwind_exception));
_Unwind_SetGR(context, __builtin_eh_return_data_regno(1),
static_cast<uintptr_t>(results.ttypeIndex));
+#if __has_feature(ptrauth_calls)
+ auto stackPointer = _Unwind_GetGR(context, UNW_REG_SP);
+ // We manually re-sign the IP as the __ptrauth qualifiers cannot
+ // express the required relationship with the destination address
+ const auto existingDiscriminator =
+ ptrauth_blend_discriminator(&results.landingPad,
+ __ptrauth_scan_results_landingpad_disc);
+ unw_word_t newIP /* opaque __ptrauth(ptrauth_key_return_address, stackPointer, 0) */ =
+ (unw_word_t)ptrauth_auth_and_resign(*(void* const*)&results.landingPad,
+ __ptrauth_scan_results_landingpad_key,
+ existingDiscriminator,
+ ptrauth_key_return_address,
+ stackPointer);
+ _Unwind_SetIP(context, newIP);
+#else
_Unwind_SetIP(context, results.landingPad);
+#endif
}
/*
@@ -691,12 +752,12 @@ static void scan_eh_tab(scan_results &results, _Unwind_Action actions,
// The call sites are ordered in increasing value of start
uintptr_t start = readEncodedPointer(&callSitePtr, callSiteEncoding);
uintptr_t length = readEncodedPointer(&callSitePtr, callSiteEncoding);
- uintptr_t landingPad = readEncodedPointer(&callSitePtr, callSiteEncoding);
+ landing_pad_t landingPad = readEncodedPointer(&callSitePtr, callSiteEncoding);
uintptr_t actionEntry = readULEB128(&callSitePtr);
if ((start <= ipOffset) && (ipOffset < (start + length)))
#else // __USING_SJLJ_EXCEPTIONS__ || __WASM_EXCEPTIONS__
// ip is 1-based index into this table
- uintptr_t landingPad = readULEB128(&callSitePtr);
+ landing_pad_t landingPad = readULEB128(&callSitePtr);
uintptr_t actionEntry = readULEB128(&callSitePtr);
if (--ip == 0)
#endif // __USING_SJLJ_EXCEPTIONS__ || __WASM_EXCEPTIONS__
@@ -903,6 +964,57 @@ _UA_CLEANUP_PHASE
*/
#if !defined(_LIBCXXABI_ARM_EHABI)
+
+// We use these helper functions to work around the behavior of casting between
+// integers (even those that are authenticated) and authenticated pointers.
+// Because the schemas being used are address discriminated we cannot use a
+// trivial value union to coerce the types so instead we perform the re-signing
+// manually.
+using __cxa_catch_temp_type = decltype(__cxa_exception::catchTemp);
+static inline void set_landing_pad(scan_results& results,
+ const __cxa_catch_temp_type& source) {
+#if __has_feature(ptrauth_calls)
+ const uintptr_t sourceDiscriminator =
+ ptrauth_blend_discriminator(&source, __ptrauth_cxxabi_catch_temp_disc);
+ const uintptr_t targetDiscriminator =
+ ptrauth_blend_discriminator(&results.landingPad,
+ __ptrauth_scan_results_landingpad_disc);
+ uintptr_t reauthenticatedLandingPad =
+ (uintptr_t)ptrauth_auth_and_resign(*reinterpret_cast<void* const*>(&source),
+ __ptrauth_cxxabi_catch_temp_key,
+ sourceDiscriminator,
+ __ptrauth_scan_results_landingpad_key,
+ targetDiscriminator);
+ memmove(reinterpret_cast<void *>(&results.landingPad),
+ reinterpret_cast<void *>(&reauthenticatedLandingPad),
+ sizeof(reauthenticatedLandingPad));
+#else
+ results.landingPad = reinterpret_cast<landing_pad_t>(source);
+#endif
+}
+
+static inline void get_landing_pad(__cxa_catch_temp_type &dest,
+ const scan_results &results) {
+#if __has_feature(ptrauth_calls)
+ const uintptr_t sourceDiscriminator =
+ ptrauth_blend_discriminator(&results.landingPad,
+ __ptrauth_scan_results_landingpad_disc);
+ const uintptr_t targetDiscriminator =
+ ptrauth_blend_discriminator(&dest, __ptrauth_cxxabi_catch_temp_disc);
+ uintptr_t reauthenticatedPointer =
+ (uintptr_t)ptrauth_auth_and_resign(*reinterpret_cast<void* const*>(&results.landingPad),
+ __ptrauth_scan_results_landingpad_key,
+ sourceDiscriminator,
+ __ptrauth_cxxabi_catch_temp_key,
+ targetDiscriminator);
+ memmove(reinterpret_cast<void *>(&dest),
+ reinterpret_cast<void *>(&reauthenticatedPointer),
+ sizeof(reauthenticatedPointer));
+#else
+ dest = reinterpret_cast<__cxa_catch_temp_type>(results.landingPad);
+#endif
+}
+
#ifdef __WASM_EXCEPTIONS__
_Unwind_Reason_Code __gxx_personality_wasm0
#elif defined(__SEH__) && !defined(__USING_SJLJ_EXCEPTIONS__)
@@ -935,8 +1047,7 @@ __gxx_personality_v0
results.ttypeIndex = exception_header->handlerSwitchValue;
results.actionRecord = exception_header->actionRecord;
results.languageSpecificData = exception_header->languageSpecificData;
- results.landingPad =
- reinterpret_cast<uintptr_t>(exception_header->catchTemp);
+ set_landing_pad(results, exception_header->catchTemp);
results.adjustedPtr = exception_header->adjustedPtr;
// Jump to the handler.
@@ -970,7 +1081,7 @@ __gxx_personality_v0
exc->handlerSwitchValue = static_cast<int>(results.ttypeIndex);
exc->actionRecord = results.actionRecord;
exc->languageSpecificData = results.languageSpecificData;
- exc->catchTemp = reinterpret_cast<void*>(results.landingPad);
+ get_landing_pad(exc->catchTemp, results);
exc->adjustedPtr = results.adjustedPtr;
#ifdef __WASM_EXCEPTIONS__
// Wasm only uses a single phase (_UA_SEARCH_PHASE), so save the
diff --git a/libunwind/include/__libunwind_config.h b/libunwind/include/__libunwind_config.h
index 544b3ec96216a..343934e885368 100644
--- a/libunwind/include/__libunwind_config.h
+++ b/libunwind/include/__libunwind_config.h
@@ -212,4 +212,11 @@
# define _LIBUNWIND_HIGHEST_DWARF_REGISTER 287
#endif // _LIBUNWIND_IS_NATIVE_ONLY
+#if __has_feature(ptrauth_calls) && __has_feature(ptrauth_returns)
+# define _LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING 1
+#elif __has_feature(ptrauth_calls) != __has_feature(ptrauth_returns)
+# error "Either both or none of ptrauth_calls and ptrauth_returns "\
+ "is allowed to be enabled"
+#endif
+
#endif // ____LIBUNWIND_CONFIG_H__
diff --git a/libunwind/include/libunwind.h b/libunwind/include/libunwind.h
index 94928f436025a..18684ce311f95 100644
--- a/libunwind/include/libunwind.h
+++ b/libunwind/include/libunwind.h
@@ -43,6 +43,109 @@
#define LIBUNWIND_AVAIL
#endif
+#if defined(_LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING)
+
+ #include <ptrauth.h>
+
+ // `__ptrauth_restricted_intptr` is a feature of apple clang that predates
+ // support for direct application of `__ptrauth` to integer types. This
+ // guard is necessary to support compilation with those compiler.
+ #if __has_extension(ptrauth_restricted_intptr_qualifier)
+ #define __unwind_ptrauth_restricted_intptr(...) \
+ __ptrauth_restricted_intptr(__VA_ARGS__)
+ #else
+ #define __unwind_ptrauth_restricted_intptr(...) \
+ __ptrauth(__VA_ARGS__)
+ #endif
+
+ // ptrauth_string_discriminator("unw_proc_info_t::handler") == 0x7405
+ #define __ptrauth_unwind_upi_handler_disc 0x7405
+
+ #define __ptrauth_unwind_upi_handler \
+ __ptrauth(ptrauth_key_function_pointer, 1, __ptrauth_unwind_upi_handler_disc)
+
+ #define __ptrauth_unwind_upi_handler_intptr \
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_function_pointer, 1,\
+ __ptrauth_unwind_upi_handler_disc)
+
+ // ptrauth_string_discriminator("unw_proc_info_t::start_ip") == 0xCA2C
+ #define __ptrauth_unwind_upi_startip \
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_process_independent_code, 1, 0xCA2C)
+
+ // ptrauth_string_discriminator("unw_proc_info_t::end_ip") == 0xE183
+ #define __ptrauth_unwind_upi_endip \
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_process_independent_code, 1, 0xE183)
+
+ // ptrauth_string_discriminator("unw_proc_info_t::lsda") == 0x83DE
+ #define __ptrauth_unwind_upi_lsda \
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_process_dependent_data, 1, 0x83DE)
+
+ // ptrauth_string_discriminator("unw_proc_info_t::flags") == 0x79A1
+ #define __ptrauth_unwind_upi_flags \
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_process_dependent_data, 1, 0x79A1)
+
+ // ptrauth_string_discriminator("unw_proc_info_t::unwind_info") == 0xC20C
+ #define __ptrauth_unwind_upi_info \
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_process_dependent_data, 1, 0xC20C)
+
+ // ptrauth_string_discriminator("unw_proc_info_t::extra") == 0x03DF
+ #define __ptrauth_unwind_upi_extra \
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_process_dependent_data, 1, 0x03DF)
+
+ // ptrauth_string_discriminator("Registers_arm64::link_reg_t") == 0x8301
+ #define __ptrauth_unwind_registers_arm64_link_reg \
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_process_dependent_code, 1, 0x8301)
+
+ // ptrauth_string_discriminator("UnwindInfoSections::dso_base") == 0x4FF5
+ #define __ptrauth_unwind_uis_dso_base \
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_process_dependent_data, 1, 0x4FF5)
+
+ // ptrauth_string_discriminator("UnwindInfoSections::dwarf_section") == 0x4974
+ #define __ptrauth_unwind_uis_dwarf_section \
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_process_dependent_data, 1, 0x4974)
+
+ // ptrauth_string_discriminator("UnwindInfoSections::dwarf_section_length") == 0x2A9A
+ #define __ptrauth_unwind_uis_dwarf_section_length \
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_process_dependent_data, 1, 0x2A9A)
+
+ // ptrauth_string_discriminator("UnwindInfoSections::compact_unwind_section") == 0xA27B
+ #define __ptrauth_unwind_uis_compact_unwind_section \
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_process_dependent_data, 1, 0xA27B)
+
+ // ptrauth_string_discriminator("UnwindInfoSections::compact_unwind_section_length") == 0x5D0A
+ #define __ptrauth_unwind_uis_compact_unwind_section_length \
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_process_dependent_data, 1, 0x5D0A)
+
+ // ptrauth_string_discriminator("CIE_Info::personality") == 0x6A40
+ #define __ptrauth_unwind_cie_info_personality_disc 0x6A40
+ #define __ptrauth_unwind_cie_info_personality \
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_function_pointer, 1, \
+ __ptrauth_unwind_cie_info_personality_disc)
+
+ // ptrauth_string_discriminator("personality") == 0x7EAD)
+ #define __ptrauth_unwind_pauthtest_personality_disc 0x7EAD
+
+#else
+
+ #define __unwind_ptrauth_restricted_intptr(...)
+ #define __ptrauth_unwind_upi_handler
+ #define __ptrauth_unwind_upi_handler_intptr
+ #define __ptrauth_unwind_upi_startip
+ #define __ptrauth_unwind_upi_endip
+ #define __ptrauth_unwind_upi_lsda
+ #define __ptrauth_unwind_upi_flags
+ #define __ptrauth_unwind_upi_info
+ #define __ptrauth_unwind_upi_extra
+ #define __ptrauth_unwind_registers_arm64_link_reg
+ #define __ptrauth_unwind_uis_dso_base
+ #define __ptrauth_unwind_uis_dwarf_section
+ #define __ptrauth_unwind_uis_dwarf_section_length
+ #define __ptrauth_unwind_uis_compact_unwind_section
+ #define __ptrauth_unwind_uis_compact_unwind_section_length
+ #define __ptrauth_unwind_cie_info_personality
+
+#endif
+
#if defined(_WIN32) && defined(__SEH__)
#define LIBUNWIND_CURSOR_ALIGNMENT_ATTR __attribute__((__aligned__(16)))
#else
@@ -88,17 +191,18 @@ typedef double unw_fpreg_t;
#endif
struct unw_proc_info_t {
- unw_word_t start_ip; /* start address of function */
- unw_word_t end_ip; /* address after end of function */
- unw_word_t lsda; /* address of language specific data area, */
- /* or zero if not used */
- unw_word_t handler; /* personality routine, or zero if not used */
- unw_word_t gp; /* not used */
- unw_word_t flags; /* not used */
- uint32_t format; /* compact unwind encoding, or zero if none */
- uint32_t unwind_info_size; /* size of DWARF unwind info, or zero if none */
- unw_word_t unwind_info; /* address of DWARF unwind info, or zero */
- unw_word_t extra; /* mach_header of mach-o image containing func */
+ unw_word_t __ptrauth_unwind_upi_startip start_ip; /* start address of function */
+ unw_word_t __ptrauth_unwind_upi_endip end_ip; /* address after end of function */
+ unw_word_t __ptrauth_unwind_upi_lsda lsda; /* address of language specific data area, */
+ /* or zero if not used */
+
+ unw_word_t __ptrauth_unwind_upi_handler_intptr handler;
+ unw_word_t gp; /* not used */
+ unw_word_t __ptrauth_unwind_upi_flags flags; /* not used */
+ uint32_t format; /* compact unwind encoding, or zero if none */
+ uint32_t unwind_info_size; /* size of DWARF unwind info, or zero if none */
+ unw_word_t __ptrauth_unwind_upi_info unwind_info; /* address of DWARF unwind info, or zero */
+ unw_word_t __ptrauth_unwind_upi_extra extra; /* mach_header of mach-o image containing func */
};
typedef struct unw_proc_info_t unw_proc_info_t;
diff --git a/libunwind/src/AddressSpace.hpp b/libunwind/src/AddressSpace.hpp
index 5551c7d4bef1c..63f9cb367ec0c 100644
--- a/libunwind/src/AddressSpace.hpp
+++ b/libunwind/src/AddressSpace.hpp
@@ -129,22 +129,27 @@ struct UnwindInfoSections {
defined(_LIBUNWIND_SUPPORT_COMPACT_UNWIND) || \
defined(_LIBUNWIND_USE_DL_ITERATE_PHDR)
// No dso_base for SEH.
- uintptr_t dso_base;
+ uintptr_t __ptrauth_unwind_uis_dso_base
+ dso_base = 0;
#endif
#if defined(_LIBUNWIND_USE_DL_ITERATE_PHDR)
size_t text_segment_length;
#endif
#if defined(_LIBUNWIND_SUPPORT_DWARF_UNWIND)
- uintptr_t dwarf_section;
- size_t dwarf_section_length;
+ uintptr_t __ptrauth_unwind_uis_dwarf_section
+ dwarf_section = 0;
+ size_t __ptrauth_unwind_uis_dwarf_section_length
+ dwarf_section_length = 0;
#endif
#if defined(_LIBUNWIND_SUPPORT_DWARF_INDEX)
uintptr_t dwarf_index_section;
size_t dwarf_index_section_length;
#endif
#if defined(_LIBUNWIND_SUPPORT_COMPACT_UNWIND)
- uintptr_t compact_unwind_section;
- size_t compact_unwind_section_length;
+ uintptr_t __ptrauth_unwind_uis_compact_unwind_section
+ compact_unwind_section = 0;
+ size_t __ptrauth_unwind_uis_compact_unwind_section_length
+ compact_unwind_section_length = 0;
#endif
#if defined(_LIBUNWIND_ARM_EHABI)
uintptr_t arm_section;
@@ -196,7 +201,7 @@ class _LIBUNWIND_HIDDEN LocalAddressSpace {
static int64_t getSLEB128(pint_t &addr, pint_t end);
pint_t getEncodedP(pint_t &addr, pint_t end, uint8_t encoding,
- pint_t datarelBase = 0);
+ pint_t datarelBase = 0, pint_t *resultAddr = nullptr);
bool findFunctionName(pint_t addr, char *buf, size_t bufLen,
unw_word_t *offset);
bool findUnwindSections(pint_t targetAddr, UnwindInfoSections &info);
@@ -269,7 +274,7 @@ inline int64_t LocalAddressSpace::getSLEB128(pint_t &addr, pint_t end) {
inline LocalAddressSpace::pint_t
LocalAddressSpace::getEncodedP(pint_t &addr, pint_t end, uint8_t encoding,
- pint_t datarelBase) {
+ pint_t datarelBase, pint_t *resultAddr) {
pint_t startAddr = addr;
const uint8_t *p = (uint8_t *)addr;
pint_t result;
@@ -353,8 +358,14 @@ LocalAddressSpace::getEncodedP(pint_t &addr, pint_t end, uint8_t encoding,
break;
}
- if (encoding & DW_EH_PE_indirect)
+ if (encoding & DW_EH_PE_indirect) {
+ if (resultAddr)
+ *resultAddr = result;
result = getP(result);
+ } else {
+ if (resultAddr)
+ *resultAddr = startAddr;
+ }
return result;
}
diff --git a/libunwind/src/CompactUnwinder.hpp b/libunwind/src/CompactUnwinder.hpp
index a7a8a153d86a4..cd2e0e3431314 100644
--- a/libunwind/src/CompactUnwinder.hpp
+++ b/libunwind/src/CompactUnwinder.hpp
@@ -601,11 +601,17 @@ int CompactUnwinder_arm64<A>::stepWithCompactEncodingFrameless(
savedRegisterLoc -= 8;
}
+ // We load the link register prior to setting the new SP as the authentication
+ // schema for LR entangles the SP of the old frame into the diversifier.
+ Registers_arm64::reg_t linkRegister = registers.getRegister(UNW_AARCH64_LR);
+
// subtract stack size off of sp
registers.setSP(savedRegisterLoc);
- // set pc to be value in lr
- registers.setIP(registers.getRegister(UNW_AARCH64_LR));
+ // Set pc to be value in lr. This needs to be performed after the new SP has
+ // been set, as the PC authentication schema entangles the SP of the new
+ // frame.
+ registers.setIP(linkRegister);
return UNW_STEP_SUCCESS;
}
@@ -614,7 +620,7 @@ template <typename A>
int CompactUnwinder_arm64<A>::stepWithCompactEncodingFrame(
compact_unwind_encoding_t encoding, uint64_t, A &addressSpace,
Registers_arm64 ®isters) {
- uint64_t savedRegisterLoc = registers.getFP() - 8;
+ Registers_arm64::reg_t savedRegisterLoc = registers.getFP() - 8;
if (encoding & UNWIND_ARM64_FRAME_X19_X20_PAIR) {
registers.setRegister(UNW_AARCH64_X19, addressSpace.get64(savedRegisterLoc));
@@ -680,11 +686,16 @@ int CompactUnwinder_arm64<A>::stepWithCompactEncodingFrame(
savedRegisterLoc -= 8;
}
- uint64_t fp = registers.getFP();
+ Registers_arm64::reg_t fp = registers.getFP();
+
// fp points to old fp
registers.setFP(addressSpace.get64(fp));
- // old sp is fp less saved fp and lr
+
+ // Old sp is fp less saved fp and lr. We need to set this prior to setting
+ // the lr as the pointer authentication schema for the lr incorporates the
+ // sp as part of the diversifier.
registers.setSP(fp + 16);
+
// pop return address into pc
registers.setIP(addressSpace.get64(fp + 8));
diff --git a/libunwind/src/DwarfInstructions.hpp b/libunwind/src/DwarfInstructions.hpp
index e7be0d6d5d635..d2822e8be29ef 100644
--- a/libunwind/src/DwarfInstructions.hpp
+++ b/libunwind/src/DwarfInstructions.hpp
@@ -22,7 +22,6 @@
#include "dwarf2.h"
#include "libunwind_ext.h"
-
namespace libunwind {
@@ -34,8 +33,9 @@ class DwarfInstructions {
typedef typename A::pint_t pint_t;
typedef typename A::sint_t sint_t;
- static int stepWithDwarf(A &addressSpace, pint_t pc, pint_t fdeStart,
- R ®isters, bool &isSignalFrame, bool stage2);
+ static int stepWithDwarf(A &addressSpace, const typename R::link_reg_t &pc,
+ pint_t fdeStart, R ®isters, bool &isSignalFrame,
+ bool stage2);
private:
@@ -64,9 +64,10 @@ class DwarfInstructions {
static pint_t getCFA(A &addressSpace, const PrologInfo &prolog,
const R ®isters) {
- if (prolog.cfaRegister != 0)
- return (pint_t)((sint_t)registers.getRegister((int)prolog.cfaRegister) +
- prolog.cfaRegisterOffset);
+ if (prolog.cfaRegister != 0) {
+ uintptr_t cfaRegister = registers.getRegister((int)prolog.cfaRegister);
+ return (pint_t)(cfaRegister + prolog.cfaRegisterOffset);
+ }
if (prolog.cfaExpression != 0)
return evaluateExpression((pint_t)prolog.cfaExpression, addressSpace,
registers, 0);
@@ -207,7 +208,8 @@ bool DwarfInstructions<A, R>::isReturnAddressSignedWithPC(A &addressSpace,
#endif
template <typename A, typename R>
-int DwarfInstructions<A, R>::stepWithDwarf(A &addressSpace, pint_t pc,
+int DwarfInstructions<A, R>::stepWithDwarf(A &addressSpace,
+ const typename R::link_reg_t &pc,
pint_t fdeStart, R ®isters,
bool &isSignalFrame, bool stage2) {
FDE_Info fdeInfo;
@@ -264,7 +266,7 @@ int DwarfInstructions<A, R>::stepWithDwarf(A &addressSpace, pint_t pc,
// by a CFI directive later on.
newRegisters.setSP(cfa);
- pint_t returnAddress = 0;
+ typename R::reg_t returnAddress = 0;
constexpr int lastReg = R::lastDwarfRegNum();
static_assert(static_cast<int>(CFI_Parser<A>::kMaxRegisterNumber) >=
lastReg,
@@ -300,7 +302,16 @@ int DwarfInstructions<A, R>::stepWithDwarf(A &addressSpace, pint_t pc,
isSignalFrame = cieInfo.isSignalFrame;
-#if defined(_LIBUNWIND_TARGET_AARCH64)
+#if defined(_LIBUNWIND_TARGET_AARCH64) && \
+ !defined(_LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING)
+ // There are two ways of return address signing: pac-ret (enabled via
+ // -mbranch-protection=pac-ret) and ptrauth-returns (enabled as part of
+ // Apple's arm64e or experimental pauthtest ABI on Linux). The code
+ // below handles signed RA for pac-ret, while ptrauth-returns uses
+ //
diff erent logic.
+ // TODO: unify logic for both cases, see
+ // https://github.com/llvm/llvm-project/issues/160110
+ //
// If the target is aarch64 then the return address may have been signed
// using the v8.3 pointer authentication extensions. The original
// return address needs to be authenticated before the return address is
diff --git a/libunwind/src/DwarfParser.hpp b/libunwind/src/DwarfParser.hpp
index 25250e0810987..dbd7d65c354aa 100644
--- a/libunwind/src/DwarfParser.hpp
+++ b/libunwind/src/DwarfParser.hpp
@@ -23,6 +23,10 @@
#include "config.h"
+#if defined(_LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING)
+#include <ptrauth.h>
+#endif
+
namespace libunwind {
/// CFI_Parser does basic parsing of a CFI (Call Frame Information) records.
@@ -33,6 +37,7 @@ template <typename A>
class CFI_Parser {
public:
typedef typename A::pint_t pint_t;
+ typedef pint_t __ptrauth_unwind_cie_info_personality personality_t;
/// Information encoded in a CIE (Common Information Entry)
struct CIE_Info {
@@ -43,7 +48,7 @@ class CFI_Parser {
uint8_t lsdaEncoding;
uint8_t personalityEncoding;
uint8_t personalityOffsetInCIE;
- pint_t personality;
+ personality_t personality;
uint32_t codeAlignFactor;
int dataAlignFactor;
bool isSignalFrame;
@@ -369,6 +374,7 @@ const char *CFI_Parser<A>::parseCIE(A &addressSpace, pint_t cie,
cieInfo->returnAddressRegister = (uint8_t)raReg;
// parse augmentation data based on augmentation string
const char *result = NULL;
+ pint_t resultAddr = 0;
if (addressSpace.get8(strStart) == 'z') {
// parse augmentation data length
addressSpace.getULEB128(p, cieContentEnd);
@@ -377,13 +383,41 @@ const char *CFI_Parser<A>::parseCIE(A &addressSpace, pint_t cie,
case 'z':
cieInfo->fdesHaveAugmentationData = true;
break;
- case 'P':
+ case 'P': {
cieInfo->personalityEncoding = addressSpace.get8(p);
++p;
cieInfo->personalityOffsetInCIE = (uint8_t)(p - cie);
- cieInfo->personality = addressSpace
- .getEncodedP(p, cieContentEnd, cieInfo->personalityEncoding);
+ pint_t personality = addressSpace.getEncodedP(
+ p, cieContentEnd, cieInfo->personalityEncoding,
+ /*datarelBase=*/0, &resultAddr);
+#if defined(_LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING)
+ if (personality) {
+ // The GOT for the personality function was signed address
+ // authenticated. Manually re-sign with the CIE_Info::personality
+ // schema. If we could guarantee the encoding of the personality we
+ // could avoid this by simply giving resultAddr the correct ptrauth
+ // schema and performing an assignment.
+#if defined(__arm64e__)
+ const auto oldDiscriminator = resultAddr;
+#else
+ const auto oldDiscriminator = ptrauth_blend_discriminator(
+ (void *)resultAddr, __ptrauth_unwind_pauthtest_personality_disc);
+#endif
+ const auto discriminator = ptrauth_blend_discriminator(
+ &cieInfo->personality,
+ __ptrauth_unwind_cie_info_personality_disc);
+ void *signedPtr = ptrauth_auth_and_resign(
+ (void *)personality, ptrauth_key_function_pointer,
+ oldDiscriminator, ptrauth_key_function_pointer, discriminator);
+ personality = (pint_t)signedPtr;
+ }
+#endif
+ // We use memmove to set the CIE personality as we have already
+ // re-signed the pointer to the correct schema.
+ memmove((void *)&cieInfo->personality, (void *)&personality,
+ sizeof(personality));
break;
+ }
case 'L':
cieInfo->lsdaEncoding = addressSpace.get8(p);
++p;
diff --git a/libunwind/src/Registers.hpp b/libunwind/src/Registers.hpp
index 8b3055f5cd7cd..5a5b57835379a 100644
--- a/libunwind/src/Registers.hpp
+++ b/libunwind/src/Registers.hpp
@@ -17,6 +17,7 @@
#include "config.h"
#include "libunwind.h"
+#include "libunwind_ext.h"
#include "shadow_stack_unwind.h"
namespace libunwind {
@@ -60,6 +61,9 @@ class _LIBUNWIND_HIDDEN Registers_x86 {
Registers_x86();
Registers_x86(const void *registers);
+ typedef uint32_t reg_t;
+ typedef uint32_t link_reg_t;
+
bool validRegister(int num) const;
uint32_t getRegister(int num) const;
void setRegister(int num, uint32_t value);
@@ -278,6 +282,9 @@ class _LIBUNWIND_HIDDEN Registers_x86_64 {
Registers_x86_64();
Registers_x86_64(const void *registers);
+ typedef uint64_t reg_t;
+ typedef uint64_t link_reg_t;
+
bool validRegister(int num) const;
uint64_t getRegister(int num) const;
void setRegister(int num, uint64_t value);
@@ -597,6 +604,9 @@ class _LIBUNWIND_HIDDEN Registers_ppc {
Registers_ppc();
Registers_ppc(const void *registers);
+ typedef uint32_t reg_t;
+ typedef uint32_t link_reg_t;
+
bool validRegister(int num) const;
uint32_t getRegister(int num) const;
void setRegister(int num, uint32_t value);
@@ -1169,6 +1179,9 @@ class _LIBUNWIND_HIDDEN Registers_ppc64 {
Registers_ppc64();
Registers_ppc64(const void *registers);
+ typedef uint64_t reg_t;
+ typedef uint64_t link_reg_t;
+
bool validRegister(int num) const;
uint64_t getRegister(int num) const;
void setRegister(int num, uint64_t value);
@@ -1826,6 +1839,11 @@ class _LIBUNWIND_HIDDEN Registers_arm64 {
public:
Registers_arm64();
Registers_arm64(const void *registers);
+ Registers_arm64(const Registers_arm64 &);
+ Registers_arm64 &operator=(const Registers_arm64 &);
+
+ typedef uint64_t reg_t;
+ typedef uint64_t __ptrauth_unwind_registers_arm64_link_reg link_reg_t;
bool validRegister(int num) const;
uint64_t getRegister(int num) const;
@@ -1845,10 +1863,47 @@ class _LIBUNWIND_HIDDEN Registers_arm64 {
uint64_t getSP() const { return _registers.__sp; }
void setSP(uint64_t value) { _registers.__sp = value; }
- uint64_t getIP() const { return _registers.__pc; }
- void setIP(uint64_t value) { _registers.__pc = value; }
- uint64_t getFP() const { return _registers.__fp; }
- void setFP(uint64_t value) { _registers.__fp = value; }
+ uint64_t getIP() const {
+ uint64_t value = _registers.__pc;
+#if defined(_LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING)
+ // Note the value of the PC was signed to its address in the register state
+ // but everyone else expects it to be sign by the SP, so convert on return.
+ value = (uint64_t)ptrauth_auth_and_resign((void *)_registers.__pc,
+ ptrauth_key_return_address,
+ &_registers.__pc,
+ ptrauth_key_return_address,
+ getSP());
+#endif
+ return value;
+ }
+ void setIP(uint64_t value) {
+#if defined(_LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING)
+ // Note the value which was set should have been signed with the SP.
+ // We then resign with the slot we are being stored in to so that both SP
+ // and LR can't be spoofed at the same time.
+ value = (uint64_t)ptrauth_auth_and_resign((void *)value,
+ ptrauth_key_return_address,
+ getSP(),
+ ptrauth_key_return_address,
+ &_registers.__pc);
+#endif
+ _registers.__pc = value;
+ }
+ uint64_t getFP() const { return _registers.__fp; }
+ void setFP(uint64_t value) { _registers.__fp = value; }
+
+#if defined(_LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING)
+ void
+ loadAndAuthenticateLinkRegister(reg_t inplaceAuthedLinkRegister,
+ link_reg_t *referenceAuthedLinkRegister) {
+ // If we are in an arm64/arm64e frame, then the PC should have been signed
+ // with the SP
+ *referenceAuthedLinkRegister =
+ (uint64_t)ptrauth_auth_data((void *)inplaceAuthedLinkRegister,
+ ptrauth_key_return_address,
+ _registers.__sp);
+ }
+#endif
private:
uint64_t lazyGetVG() const;
@@ -1889,11 +1944,35 @@ inline Registers_arm64::Registers_arm64(const void *registers) {
memcpy(_vectorHalfRegisters,
static_cast<const uint8_t *>(registers) + sizeof(GPRs),
sizeof(_vectorHalfRegisters));
+ _misc_registers.__vg = 0;
+
+#if defined(_LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING)
+ // We have to do some pointer authentication fixups after this copy,
+ // and as part of that we need to load the source pc without
+ // authenticating so that we maintain the signature for the resigning
+ // performed by setIP.
+ uint64_t pcRegister = 0;
+ memmove(&pcRegister, ((uint8_t *)&_registers) + offsetof(GPRs, __pc),
+ sizeof(pcRegister));
+ setIP(pcRegister);
+#endif
+}
+
+inline Registers_arm64::Registers_arm64(const Registers_arm64 &other) {
+ *this = other;
+}
+
+inline Registers_arm64 &
+Registers_arm64::operator=(const Registers_arm64 &other) {
+ memmove(static_cast<void *>(this), &other, sizeof(*this));
+ // We perform this step to ensure that we correctly authenticate and re-sign
+ // the pc after the bitwise copy.
+ setIP(other.getIP());
+ return *this;
}
inline Registers_arm64::Registers_arm64() {
- memset(&_registers, 0, sizeof(_registers));
- memset(&_vectorHalfRegisters, 0, sizeof(_vectorHalfRegisters));
+ memset(static_cast<void *>(this), 0, sizeof(*this));
}
inline bool Registers_arm64::validRegister(int regNum) const {
@@ -1930,13 +2009,13 @@ inline uint64_t Registers_arm64::lazyGetVG() const {
inline uint64_t Registers_arm64::getRegister(int regNum) const {
if (regNum == UNW_REG_IP || regNum == UNW_AARCH64_PC)
- return _registers.__pc;
+ return getIP();
if (regNum == UNW_REG_SP || regNum == UNW_AARCH64_SP)
return _registers.__sp;
if (regNum == UNW_AARCH64_RA_SIGN_STATE)
return _registers.__ra_sign_state;
if (regNum == UNW_AARCH64_FP)
- return _registers.__fp;
+ return getFP();
if (regNum == UNW_AARCH64_LR)
return _registers.__lr;
if (regNum == UNW_AARCH64_VG)
@@ -1948,13 +2027,13 @@ inline uint64_t Registers_arm64::getRegister(int regNum) const {
inline void Registers_arm64::setRegister(int regNum, uint64_t value) {
if (regNum == UNW_REG_IP || regNum == UNW_AARCH64_PC)
- _registers.__pc = value;
+ setIP(value);
else if (regNum == UNW_REG_SP || regNum == UNW_AARCH64_SP)
_registers.__sp = value;
else if (regNum == UNW_AARCH64_RA_SIGN_STATE)
_registers.__ra_sign_state = value;
else if (regNum == UNW_AARCH64_FP)
- _registers.__fp = value;
+ setFP(value);
else if (regNum == UNW_AARCH64_LR)
_registers.__lr = value;
else if (regNum == UNW_AARCH64_VG)
@@ -2148,6 +2227,9 @@ class _LIBUNWIND_HIDDEN Registers_arm {
Registers_arm();
Registers_arm(const void *registers);
+ typedef uint32_t reg_t;
+ typedef uint32_t link_reg_t;
+
bool validRegister(int num) const;
uint32_t getRegister(int num) const;
void setRegister(int num, uint32_t value);
@@ -2653,6 +2735,9 @@ class _LIBUNWIND_HIDDEN Registers_or1k {
Registers_or1k();
Registers_or1k(const void *registers);
+ typedef uint32_t reg_t;
+ typedef uint32_t link_reg_t;
+
bool validRegister(int num) const;
uint32_t getRegister(int num) const;
void setRegister(int num, uint32_t value);
@@ -2852,6 +2937,9 @@ class _LIBUNWIND_HIDDEN Registers_mips_o32 {
Registers_mips_o32();
Registers_mips_o32(const void *registers);
+ typedef uint32_t reg_t;
+ typedef uint32_t link_reg_t;
+
bool validRegister(int num) const;
uint32_t getRegister(int num) const;
void setRegister(int num, uint32_t value);
@@ -3187,6 +3275,9 @@ class _LIBUNWIND_HIDDEN Registers_mips_newabi {
Registers_mips_newabi();
Registers_mips_newabi(const void *registers);
+ typedef uint64_t reg_t;
+ typedef uint64_t link_reg_t;
+
bool validRegister(int num) const;
uint64_t getRegister(int num) const;
void setRegister(int num, uint64_t value);
@@ -3490,6 +3581,9 @@ class _LIBUNWIND_HIDDEN Registers_sparc {
Registers_sparc();
Registers_sparc(const void *registers);
+ typedef uint32_t reg_t;
+ typedef uint32_t link_reg_t;
+
bool validRegister(int num) const;
uint32_t getRegister(int num) const;
void setRegister(int num, uint32_t value);
@@ -3676,6 +3770,9 @@ class _LIBUNWIND_HIDDEN Registers_sparc64 {
Registers_sparc64() = default;
Registers_sparc64(const void *registers);
+ typedef uint64_t reg_t;
+ typedef uint64_t link_reg_t;
+
bool validRegister(int num) const;
uint64_t getRegister(int num) const;
void setRegister(int num, uint64_t value);
@@ -3861,6 +3958,9 @@ class _LIBUNWIND_HIDDEN Registers_hexagon {
Registers_hexagon();
Registers_hexagon(const void *registers);
+ typedef uint32_t reg_t;
+ typedef uint32_t link_reg_t;
+
bool validRegister(int num) const;
uint32_t getRegister(int num) const;
void setRegister(int num, uint32_t value);
@@ -4076,6 +4176,9 @@ class _LIBUNWIND_HIDDEN Registers_riscv {
Registers_riscv();
Registers_riscv(const void *registers);
+ typedef ::libunwind::reg_t reg_t;
+ typedef ::libunwind::reg_t link_reg_t;
+
bool validRegister(int num) const;
reg_t getRegister(int num) const;
void setRegister(int num, reg_t value);
@@ -4373,6 +4476,9 @@ class _LIBUNWIND_HIDDEN Registers_ve {
Registers_ve();
Registers_ve(const void *registers);
+ typedef uint64_t reg_t;
+ typedef uint64_t link_reg_t;
+
bool validRegister(int num) const;
uint64_t getRegister(int num) const;
void setRegister(int num, uint64_t value);
@@ -4816,6 +4922,9 @@ class _LIBUNWIND_HIDDEN Registers_s390x {
Registers_s390x();
Registers_s390x(const void *registers);
+ typedef uint64_t reg_t;
+ typedef uint64_t link_reg_t;
+
bool validRegister(int num) const;
uint64_t getRegister(int num) const;
void setRegister(int num, uint64_t value);
@@ -5104,6 +5213,9 @@ class _LIBUNWIND_HIDDEN Registers_loongarch {
Registers_loongarch();
Registers_loongarch(const void *registers);
+ typedef uint64_t reg_t;
+ typedef uint64_t link_reg_t;
+
bool validRegister(int num) const;
uint64_t getRegister(int num) const;
void setRegister(int num, uint64_t value);
diff --git a/libunwind/src/UnwindCursor.hpp b/libunwind/src/UnwindCursor.hpp
index 9a1afd3721f5a..7ec5f9e91578a 100644
--- a/libunwind/src/UnwindCursor.hpp
+++ b/libunwind/src/UnwindCursor.hpp
@@ -1047,18 +1047,26 @@ class UnwindCursor : public AbstractUnwindCursor{
bool getInfoFromFdeCie(const typename CFI_Parser<A>::FDE_Info &fdeInfo,
const typename CFI_Parser<A>::CIE_Info &cieInfo,
pint_t pc, uintptr_t dso_base);
- bool getInfoFromDwarfSection(pint_t pc, const UnwindInfoSections §s,
- uint32_t fdeSectionOffsetHint=0);
+ bool getInfoFromDwarfSection(const typename R::link_reg_t &pc,
+ const UnwindInfoSections §s,
+ uint32_t fdeSectionOffsetHint = 0);
int stepWithDwarfFDE(bool stage2) {
+#if defined(_LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING)
+ typename R::reg_t rawPC = this->getReg(UNW_REG_IP);
+ typename R::link_reg_t pc;
+ _registers.loadAndAuthenticateLinkRegister(rawPC, &pc);
+#else
+ typename R::link_reg_t pc = this->getReg(UNW_REG_IP);
+#endif
return DwarfInstructions<A, R>::stepWithDwarf(
- _addressSpace, (pint_t)this->getReg(UNW_REG_IP),
- (pint_t)_info.unwind_info, _registers, _isSignalFrame, stage2);
+ _addressSpace, pc, (pint_t)_info.unwind_info, _registers,
+ _isSignalFrame, stage2);
}
#endif
#if defined(_LIBUNWIND_SUPPORT_COMPACT_UNWIND)
- bool getInfoFromCompactEncodingSection(pint_t pc,
- const UnwindInfoSections §s);
+ bool getInfoFromCompactEncodingSection(const typename R::link_reg_t &pc,
+ const UnwindInfoSections §s);
int stepWithCompactEncoding(bool stage2 = false) {
#if defined(_LIBUNWIND_SUPPORT_DWARF_UNWIND)
if ( compactSaysUseDwarf() )
@@ -1359,13 +1367,13 @@ UnwindCursor<A, R>::UnwindCursor(unw_context_t *context, A &as)
"UnwindCursor<> does not fit in unw_cursor_t");
static_assert((alignof(UnwindCursor<A, R>) <= alignof(unw_cursor_t)),
"UnwindCursor<> requires more alignment than unw_cursor_t");
- memset(&_info, 0, sizeof(_info));
+ memset(static_cast<void *>(&_info), 0, sizeof(_info));
}
template <typename A, typename R>
UnwindCursor<A, R>::UnwindCursor(A &as, void *)
: _addressSpace(as), _unwindInfoMissing(false), _isSignalFrame(false) {
- memset(&_info, 0, sizeof(_info));
+ memset(static_cast<void *>(&_info), 0, sizeof(_info));
// FIXME
// fill in _registers from thread arg
}
@@ -1683,9 +1691,9 @@ bool UnwindCursor<A, R>::getInfoFromFdeCie(
}
template <typename A, typename R>
-bool UnwindCursor<A, R>::getInfoFromDwarfSection(pint_t pc,
- const UnwindInfoSections §s,
- uint32_t fdeSectionOffsetHint) {
+bool UnwindCursor<A, R>::getInfoFromDwarfSection(
+ const typename R::link_reg_t &pc, const UnwindInfoSections §s,
+ uint32_t fdeSectionOffsetHint) {
typename CFI_Parser<A>::FDE_Info fdeInfo;
typename CFI_Parser<A>::CIE_Info cieInfo;
bool foundFDE = false;
@@ -1743,8 +1751,8 @@ bool UnwindCursor<A, R>::getInfoFromDwarfSection(pint_t pc,
#if defined(_LIBUNWIND_SUPPORT_COMPACT_UNWIND)
template <typename A, typename R>
-bool UnwindCursor<A, R>::getInfoFromCompactEncodingSection(pint_t pc,
- const UnwindInfoSections §s) {
+bool UnwindCursor<A, R>::getInfoFromCompactEncodingSection(
+ const typename R::link_reg_t &pc, const UnwindInfoSections §s) {
const bool log = false;
if (log)
fprintf(stderr, "getInfoFromCompactEncodingSection(pc=0x%llX, mh=0x%llX)\n",
@@ -1975,6 +1983,16 @@ bool UnwindCursor<A, R>::getInfoFromCompactEncodingSection(pint_t pc,
personalityIndex * sizeof(uint32_t));
pint_t personalityPointer = sects.dso_base + (pint_t)personalityDelta;
personality = _addressSpace.getP(personalityPointer);
+#if defined(_LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING)
+ // The GOT for the personality function was signed address authenticated.
+ // Resign it as a regular function pointer.
+ const auto discriminator = ptrauth_blend_discriminator(
+ &_info.handler, __ptrauth_unwind_upi_handler_disc);
+ void *signedPtr = ptrauth_auth_and_resign(
+ (void *)personality, ptrauth_key_function_pointer, personalityPointer,
+ ptrauth_key_function_pointer, discriminator);
+ personality = (__typeof(personality))signedPtr;
+#endif
if (log)
fprintf(stderr, "getInfoFromCompactEncodingSection(pc=0x%llX), "
"personalityDelta=0x%08X, personality=0x%08llX\n",
@@ -1988,7 +2006,11 @@ bool UnwindCursor<A, R>::getInfoFromCompactEncodingSection(pint_t pc,
_info.start_ip = funcStart;
_info.end_ip = funcEnd;
_info.lsda = lsda;
- _info.handler = personality;
+ // We use memmove to copy the personality function as we have already manually
+ // re-signed the pointer, and assigning directly will attempt to incorrectly
+ // sign the already signed value.
+ memmove(reinterpret_cast<void *>(&_info.handler),
+ reinterpret_cast<void *>(&personality), sizeof(personality));
_info.gp = 0;
_info.flags = 0;
_info.format = encoding;
@@ -2641,11 +2663,19 @@ void UnwindCursor<A, R>::setInfoBasedOnIPRegister(bool isReturnAddress) {
_isSigReturn = false;
#endif
- pint_t pc = static_cast<pint_t>(this->getReg(UNW_REG_IP));
+ typename R::reg_t rawPC = this->getReg(UNW_REG_IP);
+
#if defined(_LIBUNWIND_ARM_EHABI)
// Remove the thumb bit so the IP represents the actual instruction address.
// This matches the behaviour of _Unwind_GetIP on arm.
- pc &= (pint_t)~0x1;
+ rawPC &= (pint_t)~0x1;
+#endif
+
+ typename R::link_reg_t pc;
+#if defined(_LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING)
+ _registers.loadAndAuthenticateLinkRegister(rawPC, &pc);
+#else
+ pc = rawPC;
#endif
// Exit early if at the top of the stack.
@@ -3189,16 +3219,22 @@ template <typename A, typename R> int UnwindCursor<A, R>::step(bool stage2) {
template <typename A, typename R>
void UnwindCursor<A, R>::getInfo(unw_proc_info_t *info) {
if (_unwindInfoMissing)
- memset(info, 0, sizeof(*info));
+ memset(static_cast<void *>(info), 0, sizeof(*info));
else
*info = _info;
}
template <typename A, typename R>
bool UnwindCursor<A, R>::getFunctionName(char *buf, size_t bufLen,
- unw_word_t *offset) {
- return _addressSpace.findFunctionName((pint_t)this->getReg(UNW_REG_IP),
- buf, bufLen, offset);
+ unw_word_t *offset) {
+#if defined(_LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING)
+ typename R::reg_t rawPC = this->getReg(UNW_REG_IP);
+ typename R::link_reg_t pc;
+ _registers.loadAndAuthenticateLinkRegister(rawPC, &pc);
+#else
+ typename R::link_reg_t pc = this->getReg(UNW_REG_IP);
+#endif
+ return _addressSpace.findFunctionName(pc, buf, bufLen, offset);
}
#if defined(_LIBUNWIND_CHECK_LINUX_SIGRETURN)
diff --git a/libunwind/src/UnwindLevel1.c b/libunwind/src/UnwindLevel1.c
index f3b451ad9b730..b0cd60dfb9141 100644
--- a/libunwind/src/UnwindLevel1.c
+++ b/libunwind/src/UnwindLevel1.c
@@ -90,6 +90,23 @@
} while (0)
#endif
+// We need this helper function as the semantics of casting between integers and
+// function pointers mean that we end up with a function pointer without the
+// correct signature. Instead we assign to an integer with a matching schema,
+// and then memmove the result into a variable of the correct type. This memmove
+// is possible as `_Unwind_Personality_Fn` is a standard function pointer, and
+// as such is not address diversified.
+static _Unwind_Personality_Fn get_handler_function(unw_proc_info_t *frameInfo) {
+ uintptr_t __unwind_ptrauth_restricted_intptr(ptrauth_key_function_pointer,
+ 0,
+ ptrauth_function_pointer_type_discriminator(_Unwind_Personality_Fn))
+ reauthenticatedIntegerHandler = frameInfo->handler;
+ _Unwind_Personality_Fn handler;
+ memmove(&handler, (void *)&reauthenticatedIntegerHandler,
+ sizeof(_Unwind_Personality_Fn));
+ return handler;
+}
+
static _Unwind_Reason_Code
unwind_phase1(unw_context_t *uc, unw_cursor_t *cursor, _Unwind_Exception *exception_object) {
__unw_init_local(cursor, uc);
@@ -147,8 +164,7 @@ unwind_phase1(unw_context_t *uc, unw_cursor_t *cursor, _Unwind_Exception *except
// If there is a personality routine, ask it if it will want to stop at
// this frame.
if (frameInfo.handler != 0) {
- _Unwind_Personality_Fn p =
- (_Unwind_Personality_Fn)(uintptr_t)(frameInfo.handler);
+ _Unwind_Personality_Fn p = get_handler_function(&frameInfo);
_LIBUNWIND_TRACE_UNWINDING(
"unwind_phase1(ex_obj=%p): calling personality function %p",
(void *)exception_object, (void *)(uintptr_t)p);
@@ -276,8 +292,7 @@ unwind_phase2(unw_context_t *uc, unw_cursor_t *cursor,
++framesWalked;
// If there is a personality routine, tell it we are unwinding.
if (frameInfo.handler != 0) {
- _Unwind_Personality_Fn p =
- (_Unwind_Personality_Fn)(uintptr_t)(frameInfo.handler);
+ _Unwind_Personality_Fn p = get_handler_function(&frameInfo);
_Unwind_Action action = _UA_CLEANUP_PHASE;
if (sp == exception_object->private_2) {
// Tell personality this was the frame it marked in phase 1.
@@ -394,8 +409,7 @@ unwind_phase2_forced(unw_context_t *uc, unw_cursor_t *cursor,
++framesWalked;
// If there is a personality routine, tell it we are unwinding.
if (frameInfo.handler != 0) {
- _Unwind_Personality_Fn p =
- (_Unwind_Personality_Fn)(intptr_t)(frameInfo.handler);
+ _Unwind_Personality_Fn p = get_handler_function(&frameInfo);
_LIBUNWIND_TRACE_UNWINDING(
"unwind_phase2_forced(ex_obj=%p): calling personality function %p",
(void *)exception_object, (void *)(uintptr_t)p);
@@ -597,6 +611,18 @@ _LIBUNWIND_EXPORT uintptr_t _Unwind_GetIP(struct _Unwind_Context *context) {
unw_cursor_t *cursor = (unw_cursor_t *)context;
unw_word_t result;
__unw_get_reg(cursor, UNW_REG_IP, &result);
+
+#if defined(_LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING)
+ // If we are in an arm64e frame, then the PC should have been signed with the
+ // sp
+ {
+ unw_word_t sp;
+ __unw_get_reg(cursor, UNW_REG_SP, &sp);
+ result = (unw_word_t)ptrauth_auth_data((void *)result,
+ ptrauth_key_return_address, sp);
+ }
+#endif
+
_LIBUNWIND_TRACE_API("_Unwind_GetIP(context=%p) => 0x%" PRIxPTR,
(void *)context, result);
return (uintptr_t)result;
diff --git a/libunwind/src/UnwindRegistersRestore.S b/libunwind/src/UnwindRegistersRestore.S
index 1077d80bc90de..5d71d2cf61ad9 100644
--- a/libunwind/src/UnwindRegistersRestore.S
+++ b/libunwind/src/UnwindRegistersRestore.S
@@ -659,7 +659,7 @@ DEFINE_LIBUNWIND_FUNCTION(__libunwind_Registers_arm64_jumpto)
ldp x24,x25, [x0, #0x0C0]
ldp x26,x27, [x0, #0x0D0]
ldp x28,x29, [x0, #0x0E0]
- ldr x30, [x0, #0x100] // restore pc into lr
+
#if defined(__ARM_FP) && __ARM_FP != 0
ldp d0, d1, [x0, #0x110]
ldp d2, d3, [x0, #0x120]
@@ -683,7 +683,18 @@ DEFINE_LIBUNWIND_FUNCTION(__libunwind_Registers_arm64_jumpto)
// context struct, because it is allocated on the stack, and an exception
// could clobber the de-allocated portion of the stack after sp has been
// restored.
- ldr x16, [x0, #0x0F8]
+
+ ldr x16, [x0, #0x0F8] // load sp into scratch
+ ldr lr, [x0, #0x100] // restore pc into lr
+
+#if __has_feature(ptrauth_calls)
+ // The LR is signed with its address inside the register state. Time
+ // to resign to be a regular ROP protected signed pointer
+ add x1, x0, #0x100
+ autib lr, x1
+ pacib lr, x16 // signed the scratch register for sp
+#endif
+
ldp x0, x1, [x0, #0x000] // restore x0,x1
mov sp,x16 // restore sp
#if defined(__ARM_FEATURE_GCS_DEFAULT)
@@ -696,7 +707,12 @@ DEFINE_LIBUNWIND_FUNCTION(__libunwind_Registers_arm64_jumpto)
gcspushm x30
Lnogcs:
#endif
+
+#if __has_feature(ptrauth_calls)
+ retab
+#else
ret x30 // jump to pc
+#endif
#elif defined(__arm__) && !defined(__APPLE__)
diff --git a/libunwind/src/UnwindRegistersSave.S b/libunwind/src/UnwindRegistersSave.S
index 8bf99ebd942fa..fe3ba7842619f 100644
--- a/libunwind/src/UnwindRegistersSave.S
+++ b/libunwind/src/UnwindRegistersSave.S
@@ -769,6 +769,11 @@ LnoR2Fix:
//
.p2align 2
DEFINE_LIBUNWIND_FUNCTION(__unw_getcontext)
+
+#if __has_feature(ptrauth_calls)
+ pacibsp
+#endif
+
stp x0, x1, [x0, #0x000]
stp x2, x3, [x0, #0x010]
stp x4, x5, [x0, #0x020]
@@ -809,7 +814,12 @@ DEFINE_LIBUNWIND_FUNCTION(__unw_getcontext)
str d31, [x0, #0x208]
#endif
mov x0, #0 // return UNW_ESUCCESS
+
+#if __has_feature(ptrauth_calls)
+ retab
+#else
ret
+#endif
#elif defined(__arm__) && !defined(__APPLE__)
diff --git a/libunwind/src/libunwind.cpp b/libunwind/src/libunwind.cpp
index cf39ec5f7dbdf..951d87db868bc 100644
--- a/libunwind/src/libunwind.cpp
+++ b/libunwind/src/libunwind.cpp
@@ -118,14 +118,52 @@ _LIBUNWIND_HIDDEN int __unw_set_reg(unw_cursor_t *cursor, unw_regnum_t regNum,
typedef LocalAddressSpace::pint_t pint_t;
AbstractUnwindCursor *co = (AbstractUnwindCursor *)cursor;
if (co->validReg(regNum)) {
- co->setReg(regNum, (pint_t)value);
// special case altering IP to re-find info (being called by personality
// function)
if (regNum == UNW_REG_IP) {
unw_proc_info_t info;
// First, get the FDE for the old location and then update it.
co->getInfo(&info);
- co->setInfoBasedOnIPRegister(false);
+
+ pint_t sp = (pint_t)co->getReg(UNW_REG_SP);
+
+#if defined(_LIBUNWIND_TARGET_AARCH64_AUTHENTICATED_UNWINDING)
+ {
+ // It is only valid to set the IP within the current function. This is
+ // important for ptrauth, otherwise the IP cannot be correctly signed.
+ // The current signature of `value` is via the schema:
+ // __ptrauth(ptrauth_key_return_address, <<sp>>, 0)
+ // For this to be generally usable we manually re-sign it to the
+ // directly supported schema:
+ // __ptrauth(ptrauth_key_return_address, 1, 0)
+ unw_word_t
+ __unwind_ptrauth_restricted_intptr(ptrauth_key_return_address, 1,
+ 0) authenticated_value;
+ unw_word_t opaque_value = (uint64_t)ptrauth_auth_and_resign(
+ (void *)value, ptrauth_key_return_address, sp,
+ ptrauth_key_return_address, &authenticated_value);
+ memmove(reinterpret_cast<void *>(&authenticated_value),
+ reinterpret_cast<void *>(&opaque_value),
+ sizeof(authenticated_value));
+ if (authenticated_value < info.start_ip ||
+ authenticated_value > info.end_ip)
+ _LIBUNWIND_ABORT("PC vs frame info mismatch");
+
+ // PC should have been signed with the sp, so we verify that
+ // roundtripping does not fail.
+ pint_t pc = (pint_t)co->getReg(UNW_REG_IP);
+ if (ptrauth_auth_and_resign((void *)pc, ptrauth_key_return_address, sp,
+ ptrauth_key_return_address,
+ sp) != (void *)pc) {
+ _LIBUNWIND_LOG("Bad unwind through arm64e (0x%zX, 0x%zX)->0x%zX\n",
+ pc, sp,
+ (pint_t)ptrauth_auth_data(
+ (void *)pc, ptrauth_key_return_address, sp));
+ _LIBUNWIND_ABORT("Bad unwind through arm64e");
+ }
+ }
+#endif
+
// If the original call expects stack adjustment, perform this now.
// Normal frame unwinding would have included the offset already in the
// CFA computation.
@@ -133,7 +171,11 @@ _LIBUNWIND_HIDDEN int __unw_set_reg(unw_cursor_t *cursor, unw_regnum_t regNum,
// this should actually be - info.gp. LLVM doesn't currently support
// any such platforms and Clang doesn't export a macro for them.
if (info.gp)
- co->setReg(UNW_REG_SP, co->getReg(UNW_REG_SP) + info.gp);
+ co->setReg(UNW_REG_SP, sp + info.gp);
+ co->setReg(UNW_REG_IP, value);
+ co->setInfoBasedOnIPRegister(false);
+ } else {
+ co->setReg(regNum, (pint_t)value);
}
return UNW_ESUCCESS;
}
More information about the llvm-commits
mailing list