From patchwork Tue May 12 10:14:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Szabolcs Nagy X-Patchwork-Id: 38965 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 3F929393C8AC; Tue, 12 May 2020 10:15:15 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40076.outbound.protection.outlook.com [40.107.4.76]) by sourceware.org (Postfix) with ESMTPS id 72002395383D for ; Tue, 12 May 2020 10:15:11 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 72002395383D Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=Szabolcs.Nagy@arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q+9dftFW6tCilO5oddjucx4wzEQ19EYrlh6w6k3261c=; b=Mu/z9AnKJEmhc5WtXqtn1D1sVre0KRIELilKdjweZgkwJbJwMtcRD8iAeFe1dPIPIo5ACSVPHyOR39cFQuDyoVAtOvukCYiQ0XlpxupEHBKtEVRn2kSqkSy1EjCejARMmoS8ba9UNqjoJTwo6K4xTVL5b0VHyV29pro5cDqC8T0= Received: from AM0PR03CA0014.eurprd03.prod.outlook.com (2603:10a6:208:14::27) by AM7PR08MB5511.eurprd08.prod.outlook.com (2603:10a6:20b:10d::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.34; Tue, 12 May 2020 10:15:09 +0000 Received: from AM5EUR03FT064.eop-EUR03.prod.protection.outlook.com (2603:10a6:208:14:cafe::e4) by AM0PR03CA0014.outlook.office365.com (2603:10a6:208:14::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.28 via Frontend Transport; Tue, 12 May 2020 10:15:09 +0000 Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; sourceware.org; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT064.mail.protection.outlook.com (10.152.17.53) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27 via Frontend Transport; Tue, 12 May 2020 10:15:09 +0000 Received: ("Tessian outbound e88319d7ccd0:v54"); Tue, 12 May 2020 10:15:09 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: c8fbb37af3f63bd5 X-CR-MTA-TID: 64aa7808 Received: from 2e6d7bcb9a12.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id AE3EEA93-CA37-4476-A71C-D37647429C48.1; Tue, 12 May 2020 10:15:03 +0000 Received: from EUR04-DB3-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 2e6d7bcb9a12.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 12 May 2020 10:15:03 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TC5rafnoRB2cErm7pwH1EBtNMEi1KmPEOnUc+kyC74Sj/2RXqSvD5eDGzLCYPNShrUqBCHtzXOVhqMjD/K+4apVVJu4uReSM8tWinBGvmY+rV53I2X0so6thBJafUYMwliBaBG6vmjexE2vh8at9OQxbd3Gj0QOt4pIyR04BHIjv5Usu6402GUil0SPTbIW9C+tmP+yXWQ8Thth5NB9r2Jw4x5Ii0n8oGXd6o2yo1PmRRYgjSZtjstaKyTI95CKD99IzssBQdaQERDs3AzFCcdK+8do8n3ZVeOzn5KETmSKZCf5TbwqaVIfHe9d0AEfn0tCQyLtERfB2MT5j3T3qwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q+9dftFW6tCilO5oddjucx4wzEQ19EYrlh6w6k3261c=; b=FmJCXuLyVK8sxTvOj/x/zc2o4TYkCXlUD313HjYg9QxiM7mIJI/bnwXJ9d23RuxVligxHGloY/f1coFrYd1P6CaLi6jKLCYyVE2vttr+nFUui10t5DPgmccahfJ1CGPJgD6I7IpqrM/EWcA08hZx6eZ7Deibdd4D6hjFPJD6iQDxYGnGTXKhH6Cs7sUmK66/uycV5PZKmWCGPhAtSeRzaeaeGCAuK4U+7KcgLPuaoJqQJh8VDvwiW6AnZQmnquerSy51OLLP0m+n1m5WJERajrD3I7kqtmPJg8Vxa9G2zxDGVOJtIDXuD2SKJA7LwwXzwuM6ZLjJMUdwHEQN9kfQTg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Q+9dftFW6tCilO5oddjucx4wzEQ19EYrlh6w6k3261c=; b=Mu/z9AnKJEmhc5WtXqtn1D1sVre0KRIELilKdjweZgkwJbJwMtcRD8iAeFe1dPIPIo5ACSVPHyOR39cFQuDyoVAtOvukCYiQ0XlpxupEHBKtEVRn2kSqkSy1EjCejARMmoS8ba9UNqjoJTwo6K4xTVL5b0VHyV29pro5cDqC8T0= Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) by AM6PR08MB2982.eurprd08.prod.outlook.com (2603:10a6:209:43::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.28; Tue, 12 May 2020 10:15:02 +0000 Received: from AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::49fd:6ded:4da7:8862]) by AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::49fd:6ded:4da7:8862%7]) with mapi id 15.20.2979.033; Tue, 12 May 2020 10:15:02 +0000 From: Szabolcs Nagy To: libc-alpha@sourceware.org Subject: [PATCH v2 12/13] aarch64: Add pac-ret support to asm files Date: Tue, 12 May 2020 11:14:48 +0100 Message-Id: <989dc57137130a177cce15b181d2a95e3214a8b3.1589277641.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-ClientProxiedBy: CWLP123CA0056.GBRP123.PROD.OUTLOOK.COM (2603:10a6:401:59::20) To AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (217.140.106.55) by CWLP123CA0056.GBRP123.PROD.OUTLOOK.COM (2603:10a6:401:59::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2979.27 via Frontend Transport; Tue, 12 May 2020 10:15:00 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [217.140.106.55] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 749e324f-2e0d-462f-7f3c-08d7f65d59c8 X-MS-TrafficTypeDiagnostic: AM6PR08MB2982:|AM7PR08MB5511: X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:8882;OLM:8882; X-Forefront-PRVS: 0401647B7F X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: eBqZRpELa3luhpk0wBmqbFHY0g6vlaHdGooaBeKrvQ0DqizECCtB+LNgI10+G0t+1gwLoP9JF0A1tlPM3SPcWdVumhfXawGt1PGuGuptYmJ8l3/ja6YEQ1aSHidH8JiUzsEmaXglUJtEabbJH326scT5jKZuGrDHwcexJJPmARwTlSSmkBlqgZv85YJ5uG7n3A9O0qC9onxddO875d8x6L+a7GN85tZo5Uu/Dmdy5zQJleVpKRAZ6m8oT+x+Kme1iP4S1iHpDSDAPZd9iicNhjpIuNDeh4NJRlzzxgm/fBQ87YZ+iQ2gm7p+dr+qaxUaWlGNPPlbTJD1CtHaZTlYscg5uMwoIMygh78ooYlJcO9QX0Sa5sx0SP5U0u6HMCZVL/uWDQfgWS6lajLTJa2I8TxlZuHJyLED7rf90L+W9bQWJmjARZr3xHXx172EfcKXWItUU+T9P5hiVczJdD4MzOrFcnK4RV83iuzURnG7OgUirLrvHXKK4we6NeWPrgmYGNV2Dk6+jnweUpUiukgnzO0sj1Ya3EdmQkgTXRqPU6+SvpJ3UnKMFQGVM75W6om26wKHk6c/2x/nmVsmgAC60JD4LoxQwdyN6FBhpsDUe0c= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3047.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(39860400002)(136003)(376002)(396003)(346002)(366004)(33430700001)(6916009)(16526019)(66556008)(66476007)(36756003)(44832011)(5660300002)(52116002)(86362001)(956004)(8676002)(66946007)(69590400007)(2906002)(6486002)(186003)(316002)(2616005)(33440700001)(6666004)(478600001)(6506007)(6512007)(8936002)(26005)(136400200001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: p0QuLFHnUOTP5WM4hbNT/rGmV2A+hCwXnD8uaqoMcj8bXV7SRvL4sTqXO52moVnt0yMIQYqQEp4I8qRkitpoo87efJ1brtxCkY8Rl+tIPso8tzutUUTd/eSfjDXKARsN6ydDl/vbP027XtWLlu2o8ImSshN85eTfZLA1nb3qjY4PqfRnf9Dh01lj8GDKf7FvQW4CYLkDUCk6LDZWfyDms0VE00kFaCP1YJz8NkuwJ70E/QmCz29auAvV7oWP4dKNunO2pSWe/V+XzXRguDxQz0vCLzPefPDNEaGSvf1/K6wXmodxm64Cm/IaVShkGRWhurMn7ttA4VRnItFA01bFe6Ue3CgtOaNasGGWqksQID8a1AHyc/k/N4BV7gSZbUE3bn949iX0QSH2ntuOh/prEkfn64KUelaGfC0bmCAhmAcGpuzQgZ9GVrC1nfr6u9qI/25swzIiC+VJNxqfNhI21MaiAZQoLeWVZUXWP6JsZ80= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB2982 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT064.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(346002)(39860400002)(376002)(136003)(396003)(46966005)(33430700001)(186003)(44832011)(6486002)(36906005)(33440700001)(316002)(82310400002)(16526019)(2616005)(81166007)(6512007)(6666004)(8936002)(8676002)(70586007)(86362001)(6506007)(36756003)(26005)(47076004)(5660300002)(82740400003)(6916009)(70206006)(356005)(2906002)(956004)(478600001)(69590400007)(336012)(136400200001); DIR:OUT; SFP:1101; X-MS-Office365-Filtering-Correlation-Id-Prvs: 37ada92f-f6e5-4a7a-27f9-08d7f65d54a9 X-Forefront-PRVS: 0401647B7F X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: JKIQ0774aDa9g+BR/Q7I/8MUWmqXPbtQzuSIgaSnMIbU8WqGnwUo41rXeqwXYm/1bDmJHTv3GzCG3MVBu3prZDtekTHGKal1LdAumphk0BkLYgvOqWv2ua1t2qNx713FYHut4TJW0RsEQIK+GnvfbIbM0UAlV9XsMvNglQ/JhexIDO0y3O3LF9pWFwkjvXsX23Cx2ESLGnlDn8Qeaq55tbc3X3bRETgPLh6yQDFP6CGKznDrlj5u7gUBdnCmRLnh9Eg/+GzbBFLzV+CL0zKSusJoAWBayNMo+phZnCosE62wH2ttOwKZHqMSAXTq/sUFXbe4AZHvuOAPMfOtnmSDj5zRBSCiSBQPIf9MT4EwHY7SOz50yWOMP8NcW+mqExJ2TvLaEvJfXCUiQSL/6bOVI66HHe92/mRC3+ygAGu+1klGbAoKJ4chiCzKJdaXylU62bmpGj02b6/Ix3aBpy6TUk0wPxDPFDgb8BjW4seCag4OONt/cN74SR8vciElvO/lswzTJqU+FmX5WwuQ55hlm73NvuivovS1FlNl6x+Y9J4JKR5ozt7zuQIkomEANSQWRhxSkR9OUnp6e025ihAIzGH2b/YA+brlxwwCDFWJZGctbSnM1cNmXkY+zzROMv23TTlbcMKcHiM+5djB7oP03g== X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 May 2020 10:15:09.4308 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 749e324f-2e0d-462f-7f3c-08d7f65d59c8 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR08MB5511 X-Spam-Status: No, score=-19.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" Use return address signing in assembly files when pac-ret is enabled in the compiler. The GNU property note for PAC-RET is not meaningful to the dynamic linker so it is not strictly required, but it may be used to track the security property of binaries. (The PAC-RET property is only set if BTI is set too because BTI implies working GNU property support.) --- sysdeps/aarch64/crti.S | 8 ++++++++ sysdeps/aarch64/crtn.S | 6 ++++++ sysdeps/aarch64/dl-tlsdesc.S | 8 ++++++++ sysdeps/aarch64/dl-trampoline.S | 18 ++++++++++++++++++ sysdeps/aarch64/sysdep.h | 8 +++++++- 5 files changed, 47 insertions(+), 1 deletion(-) diff --git a/sysdeps/aarch64/crti.S b/sysdeps/aarch64/crti.S index 89a9e25f5b..1ac3d26c75 100644 --- a/sysdeps/aarch64/crti.S +++ b/sysdeps/aarch64/crti.S @@ -75,7 +75,11 @@ call_weak_fn: .hidden _init .type _init, %function _init: +#ifdef HAVE_AARCH64_PAC_RET + PACIASP +#else BTI_C +#endif stp x29, x30, [sp, -16]! mov x29, sp #if PREINIT_FUNCTION_WEAK @@ -90,7 +94,11 @@ _init: .hidden _fini .type _fini, %function _fini: +#ifdef HAVE_AARCH64_PAC_RET + PACIASP +#else BTI_C +#endif stp x29, x30, [sp, -16]! mov x29, sp diff --git a/sysdeps/aarch64/crtn.S b/sysdeps/aarch64/crtn.S index 94a6f970ef..84741701f3 100644 --- a/sysdeps/aarch64/crtn.S +++ b/sysdeps/aarch64/crtn.S @@ -41,10 +41,16 @@ .section .init,"ax",%progbits ldp x29, x30, [sp], 16 +#ifdef HAVE_AARCH64_PAC_RET + AUTIASP +#endif RET .section .fini,"ax",%progbits ldp x29, x30, [sp], 16 +#ifdef HAVE_AARCH64_PAC_RET + AUTIASP +#endif RET END_FILE diff --git a/sysdeps/aarch64/dl-tlsdesc.S b/sysdeps/aarch64/dl-tlsdesc.S index d55e0443aa..272952e4f5 100644 --- a/sysdeps/aarch64/dl-tlsdesc.S +++ b/sysdeps/aarch64/dl-tlsdesc.S @@ -183,6 +183,10 @@ _dl_tlsdesc_dynamic: callee will trash. */ /* Save the remaining registers that we must treat as caller save. */ +# ifdef HAVE_AARCH64_PAC_RET + PACIASP + cfi_window_save +# endif # define NSAVEXREGPAIRS 8 stp x29, x30, [sp,#-16*NSAVEXREGPAIRS]! cfi_adjust_cfa_offset (16*NSAVEXREGPAIRS) @@ -233,6 +237,10 @@ _dl_tlsdesc_dynamic: cfi_adjust_cfa_offset (-16*NSAVEXREGPAIRS) cfi_restore (x29) cfi_restore (x30) +# ifdef HAVE_AARCH64_PAC_RET + AUTIASP + cfi_window_save +# endif b 1b cfi_endproc .size _dl_tlsdesc_dynamic, .-_dl_tlsdesc_dynamic diff --git a/sysdeps/aarch64/dl-trampoline.S b/sysdeps/aarch64/dl-trampoline.S index fba5689d09..3ff9bddc7b 100644 --- a/sysdeps/aarch64/dl-trampoline.S +++ b/sysdeps/aarch64/dl-trampoline.S @@ -127,7 +127,12 @@ _dl_runtime_resolve: cfi_startproc .align 2 _dl_runtime_profile: +# ifdef HAVE_AARCH64_PAC_RET + PACIASP + cfi_window_save +# else BTI_C +# endif /* AArch64 we get called with: ip0 &PLTGOT[2] ip1 temp(dl resolver entry point) @@ -239,8 +244,17 @@ _dl_runtime_profile: cfi_restore(x29) cfi_restore(x30) +# ifdef HAVE_AARCH64_PAC_RET + add sp, sp, SF_SIZE + cfi_adjust_cfa_offset (-SF_SIZE) + AUTIASP + cfi_window_save + add sp, sp, 16 + cfi_adjust_cfa_offset (-16) +# else add sp, sp, SF_SIZE + 16 cfi_adjust_cfa_offset (- SF_SIZE - 16) +# endif /* Jump to the newly found address. */ br ip0 @@ -287,6 +301,10 @@ _dl_runtime_profile: /* LR from within La_aarch64_reg */ ldr lr, [x29, #OFFSET_RG + DL_OFFSET_RG_LR] cfi_restore(lr) +# ifdef HAVE_AARCH64_PAC_RET + /* Note: LR restored from La_aarch64_reg has no PAC. */ + cfi_window_save +# endif mov sp, x29 cfi_def_cfa_register (sp) ldr x29, [x29, #0] diff --git a/sysdeps/aarch64/sysdep.h b/sysdeps/aarch64/sysdep.h index 161d63c782..d8a5445b7e 100644 --- a/sysdeps/aarch64/sysdep.h +++ b/sysdeps/aarch64/sysdep.h @@ -45,6 +45,10 @@ #define BTI_C hint 34 #define BTI_J hint 36 +/* Return address signing support (pac-ret). */ +#define PACIASP hint 25 +#define AUTIASP hint 29 + #define FEATURE_1_BTI 1 #define FEATURE_1_PAC 2 @@ -62,7 +66,9 @@ .word 0; /* GNU property note with the supported features. */ -#ifdef HAVE_AARCH64_BTI +#if defined HAVE_AARCH64_BTI && defined HAVE_AARCH64_PAC_RET +# define END_FILE GNU_PROPERTY (FEATURE_1_BTI|FEATURE_1_PAC) +#elif defined HAVE_AARCH64_BTI # define END_FILE GNU_PROPERTY (FEATURE_1_BTI) #else # define END_FILE