diff mbox series

[v3,11/13] aarch64: Add pac-ret support to assembly files

Message ID 55c2f030bcb0c66c855e823b60bbd624d7d5bff9.1589552055.git.szabolcs.nagy@arm.com
State Superseded
Headers
Series aarch64: branch protection support |

Commit Message

Szabolcs Nagy May 15, 2020, 2:40 p.m. UTC 
  Use return address signing in assembly files for functions that save
LR when pac-ret is enabled in the compiler.

The GNU property note for PAC-RET is not meaningful to the dynamic
linker so it is not strictly required, but it may be used to track
the security property of binaries. (The PAC-RET property is only set
if BTI is set too because BTI implies working GNU property support.)
---
 sysdeps/aarch64/crti.S          |  8 ++++++++
 sysdeps/aarch64/crtn.S          |  6 ++++++
 sysdeps/aarch64/dl-tlsdesc.S    |  8 ++++++++
 sysdeps/aarch64/dl-trampoline.S | 18 ++++++++++++++++++
 sysdeps/aarch64/sysdep.h        |  8 +++++++-
 5 files changed, 47 insertions(+), 1 deletion(-)

Comments

Adhemerval Zanella May 26, 2020, 11:26 a.m. UTC | #1 
On 15/05/2020 11:40, Szabolcs Nagy wrote:
> Use return address signing in assembly files for functions that save
> LR when pac-ret is enabled in the compiler.
> 
> The GNU property note for PAC-RET is not meaningful to the dynamic
> linker so it is not strictly required, but it may be used to track
> the security property of binaries. (The PAC-RET property is only set
> if BTI is set too because BTI implies working GNU property support.)

With the suggestion from previous HAVE_AARCH64_PAC_RET patch,
these tests could be used as #if HAVE_AARCH64_PAC_RET.

Besides that, LGTM.

Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>

> ---
>  sysdeps/aarch64/crti.S          |  8 ++++++++
>  sysdeps/aarch64/crtn.S          |  6 ++++++
>  sysdeps/aarch64/dl-tlsdesc.S    |  8 ++++++++
>  sysdeps/aarch64/dl-trampoline.S | 18 ++++++++++++++++++
>  sysdeps/aarch64/sysdep.h        |  8 +++++++-
>  5 files changed, 47 insertions(+), 1 deletion(-)
> 
> diff --git a/sysdeps/aarch64/crti.S b/sysdeps/aarch64/crti.S
> index c346bcad72..02ec7d015e 100644
> --- a/sysdeps/aarch64/crti.S
> +++ b/sysdeps/aarch64/crti.S
> @@ -75,7 +75,11 @@ call_weak_fn:
>  	.hidden	_init
>  	.type	_init, %function
>  _init:
> +#ifdef HAVE_AARCH64_PAC_RET
> +	PACIASP
> +#else
>  	BTI_C
> +#endif
>  	stp	x29, x30, [sp, -16]!
>  	mov	x29, sp
>  #if PREINIT_FUNCTION_WEAK
> @@ -90,6 +94,10 @@ _init:
>  	.hidden	_fini
>  	.type	_fini, %function
>  _fini:
> +#ifdef HAVE_AARCH64_PAC_RET
> +	PACIASP
> +#else
>  	BTI_C
> +#endif
>  	stp	x29, x30, [sp, -16]!
>  	mov	x29, sp

Ok.

> diff --git a/sysdeps/aarch64/crtn.S b/sysdeps/aarch64/crtn.S
> index 0c1ef112c2..4b93b90411 100644
> --- a/sysdeps/aarch64/crtn.S
> +++ b/sysdeps/aarch64/crtn.S
> @@ -41,8 +41,14 @@
>  
>  	.section .init,"ax",%progbits
>  	ldp	x29, x30, [sp], 16
> +#ifdef HAVE_AARCH64_PAC_RET
> +	AUTIASP
> +#endif
>  	RET
>  
>  	.section .fini,"ax",%progbits
>  	ldp	x29, x30, [sp], 16
> +#ifdef HAVE_AARCH64_PAC_RET
> +	AUTIASP
> +#endif
>  	RET

Ok.

> diff --git a/sysdeps/aarch64/dl-tlsdesc.S b/sysdeps/aarch64/dl-tlsdesc.S
> index 9d96c8632a..3746dbec17 100644
> --- a/sysdeps/aarch64/dl-tlsdesc.S
> +++ b/sysdeps/aarch64/dl-tlsdesc.S
> @@ -183,6 +183,10 @@ _dl_tlsdesc_dynamic:
>  	   callee will trash.  */
>  
>  	/* Save the remaining registers that we must treat as caller save.  */
> +# ifdef HAVE_AARCH64_PAC_RET
> +	PACIASP
> +	cfi_window_save
> +# endif
>  # define NSAVEXREGPAIRS 8
>  	stp	x29, x30, [sp,#-16*NSAVEXREGPAIRS]!
>  	cfi_adjust_cfa_offset (16*NSAVEXREGPAIRS)
> @@ -233,6 +237,10 @@ _dl_tlsdesc_dynamic:
>  	cfi_adjust_cfa_offset (-16*NSAVEXREGPAIRS)
>  	cfi_restore (x29)
>  	cfi_restore (x30)
> +# ifdef HAVE_AARCH64_PAC_RET
> +	AUTIASP
> +	cfi_window_save
> +# endif
>  	b	1b
>  	cfi_endproc
>  	.size	_dl_tlsdesc_dynamic, .-_dl_tlsdesc_dynamic

Ok.

> diff --git a/sysdeps/aarch64/dl-trampoline.S b/sysdeps/aarch64/dl-trampoline.S
> index 2cbfa81434..53f92d68bf 100644
> --- a/sysdeps/aarch64/dl-trampoline.S
> +++ b/sysdeps/aarch64/dl-trampoline.S
> @@ -127,7 +127,12 @@ _dl_runtime_resolve:
>  	cfi_startproc
>  	.align 2
>  _dl_runtime_profile:
> +# ifdef HAVE_AARCH64_PAC_RET
> +	PACIASP
> +	cfi_window_save
> +# else
>  	BTI_C
> +# endif
>  	/* AArch64 we get called with:
>  	   ip0		&PLTGOT[2]
>  	   ip1		temp(dl resolver entry point)
> @@ -239,8 +244,17 @@ _dl_runtime_profile:
>  	cfi_restore(x29)
>  	cfi_restore(x30)
>  
> +# ifdef HAVE_AARCH64_PAC_RET
> +	add	sp, sp, SF_SIZE
> +	cfi_adjust_cfa_offset (-SF_SIZE)
> +	AUTIASP
> +	cfi_window_save
> +	add	sp, sp, 16
> +	cfi_adjust_cfa_offset (-16)
> +# else
>  	add	sp, sp, SF_SIZE + 16
>  	cfi_adjust_cfa_offset (- SF_SIZE - 16)
> +# endif
>  
>  	/* Jump to the newly found address.  */
>  	br	ip0
> @@ -287,6 +301,10 @@ _dl_runtime_profile:
>  	/* LR from within La_aarch64_reg */
>  	ldr	lr, [x29, #OFFSET_RG + DL_OFFSET_RG_LR]
>  	cfi_restore(lr)
> +# ifdef HAVE_AARCH64_PAC_RET
> +	/* Note: LR restored from La_aarch64_reg has no PAC.  */
> +	cfi_window_save
> +# endif
>  	mov	sp, x29
>  	cfi_def_cfa_register (sp)
>  	ldr	x29, [x29, #0]

Ok.

> diff --git a/sysdeps/aarch64/sysdep.h b/sysdeps/aarch64/sysdep.h
> index 086fc84b53..c51572a690 100644
> --- a/sysdeps/aarch64/sysdep.h
> +++ b/sysdeps/aarch64/sysdep.h
> @@ -45,6 +45,10 @@
>  #define BTI_C		hint	34
>  #define BTI_J		hint	36
>  
> +/* Return address signing support (pac-ret).  */
> +#define PACIASP		hint	25
> +#define AUTIASP		hint	29
> +
>  /* GNU_PROPERTY_AARCH64_* macros from elf.h for use in asm code.  */
>  #define FEATURE_1_AND 0xc0000000
>  #define FEATURE_1_BTI 1
> @@ -66,7 +70,9 @@
>  
>  /* Add GNU property note with the supported features to all asm code
>     where sysdep.h is included.  */
> -#if defined HAVE_AARCH64_BTI
> +#if defined HAVE_AARCH64_BTI && defined HAVE_AARCH64_PAC_RET
> +GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI|FEATURE_1_PAC)
> +#elif defined HAVE_AARCH64_BTI
>  GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI)
>  #endif
>  
> 

Ok.
diff mbox series

Patch

diff --git a/sysdeps/aarch64/crti.S b/sysdeps/aarch64/crti.S
index c346bcad72..02ec7d015e 100644
--- a/sysdeps/aarch64/crti.S
+++ b/sysdeps/aarch64/crti.S
@@ -75,7 +75,11 @@  call_weak_fn:
 	.hidden	_init
 	.type	_init, %function
 _init:
+#ifdef HAVE_AARCH64_PAC_RET
+	PACIASP
+#else
 	BTI_C
+#endif
 	stp	x29, x30, [sp, -16]!
 	mov	x29, sp
 #if PREINIT_FUNCTION_WEAK
@@ -90,6 +94,10 @@  _init:
 	.hidden	_fini
 	.type	_fini, %function
 _fini:
+#ifdef HAVE_AARCH64_PAC_RET
+	PACIASP
+#else
 	BTI_C
+#endif
 	stp	x29, x30, [sp, -16]!
 	mov	x29, sp
diff --git a/sysdeps/aarch64/crtn.S b/sysdeps/aarch64/crtn.S
index 0c1ef112c2..4b93b90411 100644
--- a/sysdeps/aarch64/crtn.S
+++ b/sysdeps/aarch64/crtn.S
@@ -41,8 +41,14 @@ 
 
 	.section .init,"ax",%progbits
 	ldp	x29, x30, [sp], 16
+#ifdef HAVE_AARCH64_PAC_RET
+	AUTIASP
+#endif
 	RET
 
 	.section .fini,"ax",%progbits
 	ldp	x29, x30, [sp], 16
+#ifdef HAVE_AARCH64_PAC_RET
+	AUTIASP
+#endif
 	RET
diff --git a/sysdeps/aarch64/dl-tlsdesc.S b/sysdeps/aarch64/dl-tlsdesc.S
index 9d96c8632a..3746dbec17 100644
--- a/sysdeps/aarch64/dl-tlsdesc.S
+++ b/sysdeps/aarch64/dl-tlsdesc.S
@@ -183,6 +183,10 @@  _dl_tlsdesc_dynamic:
 	   callee will trash.  */
 
 	/* Save the remaining registers that we must treat as caller save.  */
+# ifdef HAVE_AARCH64_PAC_RET
+	PACIASP
+	cfi_window_save
+# endif
 # define NSAVEXREGPAIRS 8
 	stp	x29, x30, [sp,#-16*NSAVEXREGPAIRS]!
 	cfi_adjust_cfa_offset (16*NSAVEXREGPAIRS)
@@ -233,6 +237,10 @@  _dl_tlsdesc_dynamic:
 	cfi_adjust_cfa_offset (-16*NSAVEXREGPAIRS)
 	cfi_restore (x29)
 	cfi_restore (x30)
+# ifdef HAVE_AARCH64_PAC_RET
+	AUTIASP
+	cfi_window_save
+# endif
 	b	1b
 	cfi_endproc
 	.size	_dl_tlsdesc_dynamic, .-_dl_tlsdesc_dynamic
diff --git a/sysdeps/aarch64/dl-trampoline.S b/sysdeps/aarch64/dl-trampoline.S
index 2cbfa81434..53f92d68bf 100644
--- a/sysdeps/aarch64/dl-trampoline.S
+++ b/sysdeps/aarch64/dl-trampoline.S
@@ -127,7 +127,12 @@  _dl_runtime_resolve:
 	cfi_startproc
 	.align 2
 _dl_runtime_profile:
+# ifdef HAVE_AARCH64_PAC_RET
+	PACIASP
+	cfi_window_save
+# else
 	BTI_C
+# endif
 	/* AArch64 we get called with:
 	   ip0		&PLTGOT[2]
 	   ip1		temp(dl resolver entry point)
@@ -239,8 +244,17 @@  _dl_runtime_profile:
 	cfi_restore(x29)
 	cfi_restore(x30)
 
+# ifdef HAVE_AARCH64_PAC_RET
+	add	sp, sp, SF_SIZE
+	cfi_adjust_cfa_offset (-SF_SIZE)
+	AUTIASP
+	cfi_window_save
+	add	sp, sp, 16
+	cfi_adjust_cfa_offset (-16)
+# else
 	add	sp, sp, SF_SIZE + 16
 	cfi_adjust_cfa_offset (- SF_SIZE - 16)
+# endif
 
 	/* Jump to the newly found address.  */
 	br	ip0
@@ -287,6 +301,10 @@  _dl_runtime_profile:
 	/* LR from within La_aarch64_reg */
 	ldr	lr, [x29, #OFFSET_RG + DL_OFFSET_RG_LR]
 	cfi_restore(lr)
+# ifdef HAVE_AARCH64_PAC_RET
+	/* Note: LR restored from La_aarch64_reg has no PAC.  */
+	cfi_window_save
+# endif
 	mov	sp, x29
 	cfi_def_cfa_register (sp)
 	ldr	x29, [x29, #0]
diff --git a/sysdeps/aarch64/sysdep.h b/sysdeps/aarch64/sysdep.h
index 086fc84b53..c51572a690 100644
--- a/sysdeps/aarch64/sysdep.h
+++ b/sysdeps/aarch64/sysdep.h
@@ -45,6 +45,10 @@ 
 #define BTI_C		hint	34
 #define BTI_J		hint	36
 
+/* Return address signing support (pac-ret).  */
+#define PACIASP		hint	25
+#define AUTIASP		hint	29
+
 /* GNU_PROPERTY_AARCH64_* macros from elf.h for use in asm code.  */
 #define FEATURE_1_AND 0xc0000000
 #define FEATURE_1_BTI 1
@@ -66,7 +70,9 @@ 
 
 /* Add GNU property note with the supported features to all asm code
    where sysdep.h is included.  */
-#if defined HAVE_AARCH64_BTI
+#if defined HAVE_AARCH64_BTI && defined HAVE_AARCH64_PAC_RET
+GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI|FEATURE_1_PAC)
+#elif defined HAVE_AARCH64_BTI
 GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI)
 #endif