[v6,13/14] aarch64: redefine RETURN_ADDRESS to strip PAC

Message ID 61ed62f8934fab4c73c2b6d871a5363eeb2f3c91.1593612309.git.szabolcs.nagy@arm.com
State Superseded
Headers show
Series
  • aarch64: branch protection support
Related show

Commit Message

Szabolcs Nagy July 1, 2020, 2:40 p.m.
RETURN_ADDRESS is used at several places in glibc to mean a valid
code address of the call site, but with pac-ret it may contain a
pointer authentication code (PAC), so its definition is adjusted.

This is gcc PR target/94891: __builtin_return_address should not
expose signed pointers to user code where it can cause ABI issues.
In glibc RETURN_ADDRESS is only changed if it is built with pac-ret.
There is no detection for the specific gcc issue because it is
hard to test and the additional xpac does not cause problems.
---
 sysdeps/aarch64/sysdep.h | 7 +++++++
 1 file changed, 7 insertions(+)

-- 
2.17.1

Comments

H.J. Lu via Libc-alpha July 6, 2020, 6:34 p.m. | #1
On 01/07/2020 11:40, Szabolcs Nagy wrote:
> RETURN_ADDRESS is used at several places in glibc to mean a valid

> code address of the call site, but with pac-ret it may contain a

> pointer authentication code (PAC), so its definition is adjusted.

> 

> This is gcc PR target/94891: __builtin_return_address should not

> expose signed pointers to user code where it can cause ABI issues.

> In glibc RETURN_ADDRESS is only changed if it is built with pac-ret.

> There is no detection for the specific gcc issue because it is

> hard to test and the additional xpac does not cause problems.


LGTM, thanks.

Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>


> ---

>  sysdeps/aarch64/sysdep.h | 7 +++++++

>  1 file changed, 7 insertions(+)

> 

> diff --git a/sysdeps/aarch64/sysdep.h b/sysdeps/aarch64/sysdep.h

> index 2879aeaa5c..48fa8e9e90 100644

> --- a/sysdeps/aarch64/sysdep.h

> +++ b/sysdeps/aarch64/sysdep.h

> @@ -44,6 +44,13 @@ strip_pac (void *p)

>    asm ("hint 7 // xpaclri" : "+r"(ra));

>    return ra;

>  }

> +

> +/* This is needed when glibc is built with -mbranch-protection=pac-ret

> +   with a gcc that is affected by PR target/94891.  */

> +# if HAVE_AARCH64_PAC_RET

> +#  undef RETURN_ADDRESS

> +#  define RETURN_ADDRESS(n) strip_pac (__builtin_return_address (n))

> +# endif

>  #endif

>  

>  #ifdef	__ASSEMBLER__

> 


Ok.

Patch

diff --git a/sysdeps/aarch64/sysdep.h b/sysdeps/aarch64/sysdep.h
index 2879aeaa5c..48fa8e9e90 100644
--- a/sysdeps/aarch64/sysdep.h
+++ b/sysdeps/aarch64/sysdep.h
@@ -44,6 +44,13 @@  strip_pac (void *p)
   asm ("hint 7 // xpaclri" : "+r"(ra));
   return ra;
 }
+
+/* This is needed when glibc is built with -mbranch-protection=pac-ret
+   with a gcc that is affected by PR target/94891.  */
+# if HAVE_AARCH64_PAC_RET
+#  undef RETURN_ADDRESS
+#  define RETURN_ADDRESS(n) strip_pac (__builtin_return_address (n))
+# endif
 #endif
 
 #ifdef	__ASSEMBLER__