This is an archive of the discontinued LLVM Phabricator instance.

Differential D100142

[compiler-rt][aarch64] Add PAC-RET/BTI support to TSan.
Needs ReviewPublic

Authored by danielkiss on Apr 8 2021, 2:42 PM.

Details

Reviewers
tamas.petz
pbarrio
kubamracek
eugenis
dberris
yln
delcypher
aralisza
dvyukov
ab
Summary

Support for -mbranch-protection on aarch64.

Diff Detail

Event Timeline

danielkiss created this revision.Apr 8 2021, 2:42 PM
Herald added a subscriber: kristof.beyls. · View Herald TranscriptApr 8 2021, 2:42 PM
danielkiss requested review of this revision.Apr 8 2021, 2:42 PM
Harbormaster completed remote builds in B97822: Diff 336234.Apr 8 2021, 3:14 PM
kubamracek added reviewers: yln, delcypher, aralisza.Apr 8 2021, 3:43 PM
kubamracek added a reviewer: dvyukov.Apr 8 2021, 3:47 PM
dvyukov added a comment.Apr 13 2021, 8:00 AM

I am not much knowledgeable about PAC and would otherwise leave this to somebody else.

compiler-rt/lib/tsan/rtl/tsan_rtl_aarch64.S
42

Since this is a compile-time check, are we supposed to provide 2 builds of tsan runtime after this change? If yes, should this also include some cmake changes?

yln added a reviewer: qikon.Apr 13 2021, 9:28 AM
qikon resigned from this revision.Apr 13 2021, 10:01 AM
qikon edited reviewers, added: ab; removed: qikon.
ab added inline comments.May 11 2021, 10:47 AM
compiler-rt/lib/tsan/rtl/tsan_rtl_aarch64.S
42

Yeah, I would go further: the instructions are hints and no-ops, can't they always be used? Though it would need a mechanism to disable it by default: I see PAC_FLAG is based on the new PAC/BTI feature macros; we'd want to disable this for darwin.

I'm not familiar with the contract around the GNU property and the CFI info and all that, so maybe there's some complication there.

pbarrio added inline comments.Jul 27 2021, 9:39 AM
compiler-rt/lib/tsan/rtl/tsan_rtl_aarch64.S
43

Minor comment: if this is only meant to work with the clang integrated assembler (i.e. compatibility with other assemblers such as GNU not needed), then you can just use PACIASP directly. Same for the other hints. The integrated assembler should understand all the PAC mnemonics as an *input*, even at Armv8.0-A. Obviously, it will only emit them as an *output* above Armv8.3-A. This decision was made to ensure assembly code was as understandable as possible.

Revision Contents

PathSize
compiler-rt/
lib/
tsan/
rtl/
41 lines

Diff 336234

compiler-rt/lib/tsan/rtl/tsan_rtl_aarch64.S

// The content of this file is AArch64-only: // The content of this file is AArch64-only:
#if defined(__aarch64__) #if defined(__aarch64__)
#include "sanitizer_common/sanitizer_asm.h" #include "sanitizer_common/sanitizer_asm.h"
#include "builtins/assembly.h"
#if defined(__APPLE__) #if defined(__APPLE__)
.align 2 .align 2
.section __DATA,__nl_symbol_ptr,non_lazy_symbol_pointers .section __DATA,__nl_symbol_ptr,non_lazy_symbol_pointers
.long _setjmp$non_lazy_ptr .long _setjmp$non_lazy_ptr
_setjmp$non_lazy_ptr: _setjmp$non_lazy_ptr:
.indirect_symbol _setjmp .indirect_symbol _setjmp
Show All 20 Lines
#endif #endif
ASM_HIDDEN(__tsan_setjmp) ASM_HIDDEN(__tsan_setjmp)
.comm _ZN14__interception11real_setjmpE,8,8 .comm _ZN14__interception11real_setjmpE,8,8
.globl ASM_SYMBOL_INTERCEPTOR(setjmp) .globl ASM_SYMBOL_INTERCEPTOR(setjmp)
ASM_TYPE_FUNCTION(ASM_SYMBOL_INTERCEPTOR(setjmp)) ASM_TYPE_FUNCTION(ASM_SYMBOL_INTERCEPTOR(setjmp))
ASM_SYMBOL_INTERCEPTOR(setjmp): ASM_SYMBOL_INTERCEPTOR(setjmp):
CFI_STARTPROC CFI_STARTPROC
#if PAC_FLAG
dvyukovUnsubmitted
Not Done
ReplyInline Actions

Since this is a compile-time check, are we supposed to provide 2 builds of tsan runtime after this change? If yes, should this also include some cmake changes?

dvyukov: Since this is a compile-time check, are we supposed to provide 2 builds of tsan runtime after…
abUnsubmitted
Not Done
ReplyInline Actions

Yeah, I would go further: the instructions are hints and no-ops, can't they always be used? Though it would need a mechanism to disable it by default: I see PAC_FLAG is based on the new PAC/BTI feature macros; we'd want to disable this for darwin.

I'm not familiar with the contract around the GNU property and the CFI info and all that, so maybe there's some complication there.

ab: Yeah, I would go further: the instructions are hints and no-ops, can't they always be used?
hint #25 // paciasp
pbarrioUnsubmitted
Not Done
ReplyInline Actions

Minor comment: if this is only meant to work with the clang integrated assembler (i.e. compatibility with other assemblers such as GNU not needed), then you can just use PACIASP directly. Same for the other hints. The integrated assembler should understand all the PAC mnemonics as an *input*, even at Armv8.0-A. Obviously, it will only emit them as an *output* above Armv8.3-A. This decision was made to ensure assembly code was as understandable as possible.

pbarrio: Minor comment: if this is only meant to work with the clang integrated assembler (i.e.
.CFI_NEGATE_RA_STATE
#endif
// Save frame/link register // Save frame/link register
stp x29, x30, [sp, -32]! stp x29, x30, [sp, -32]!
CFI_DEF_CFA_OFFSET (32) CFI_DEF_CFA_OFFSET (32)
CFI_OFFSET (29, -32) CFI_OFFSET (29, -32)
CFI_OFFSET (30, -24) CFI_OFFSET (30, -24)
// Adjust the SP for previous frame // Adjust the SP for previous frame
Show All 14 Lines#endif
ldr x0, [sp, 16] ldr x0, [sp, 16]
CFI_RESTORE (0) CFI_RESTORE (0)
// Restore frame/link register // Restore frame/link register
ldp x29, x30, [sp], 32 ldp x29, x30, [sp], 32
CFI_RESTORE (29) CFI_RESTORE (29)
CFI_RESTORE (30) CFI_RESTORE (30)
CFI_DEF_CFA (31, 0) CFI_DEF_CFA (31, 0)
#if PAC_FLAG
hint #29 // autiasp
.CFI_NEGATE_RA_STATE
#endif
// tail jump to libc setjmp // tail jump to libc setjmp
#if !defined(__APPLE__) #if !defined(__APPLE__)
adrp x1, :got:_ZN14__interception11real_setjmpE adrp x1, :got:_ZN14__interception11real_setjmpE
ldr x1, [x1, #:got_lo12:_ZN14__interception11real_setjmpE] ldr x1, [x1, #:got_lo12:_ZN14__interception11real_setjmpE]
ldr x1, [x1] ldr x1, [x1]
#else #else
adrp x1, _setjmp$non_lazy_ptr@page adrp x1, _setjmp$non_lazy_ptr@page
add x1, x1, _setjmp$non_lazy_ptr@pageoff add x1, x1, _setjmp$non_lazy_ptr@pageoff
ldr x1, [x1] ldr x1, [x1]
#endif #endif
br x1 br x1
CFI_ENDPROC CFI_ENDPROC
ASM_SIZE(ASM_SYMBOL_INTERCEPTOR(setjmp)) ASM_SIZE(ASM_SYMBOL_INTERCEPTOR(setjmp))
.comm _ZN14__interception12real__setjmpE,8,8 .comm _ZN14__interception12real__setjmpE,8,8
.globl ASM_SYMBOL_INTERCEPTOR(_setjmp) .globl ASM_SYMBOL_INTERCEPTOR(_setjmp)
ASM_TYPE_FUNCTION(ASM_SYMBOL_INTERCEPTOR(_setjmp)) ASM_TYPE_FUNCTION(ASM_SYMBOL_INTERCEPTOR(_setjmp))
ASM_SYMBOL_INTERCEPTOR(_setjmp): ASM_SYMBOL_INTERCEPTOR(_setjmp):
CFI_STARTPROC CFI_STARTPROC
#if PAC_FLAG
hint #25 // paciasp
.CFI_NEGATE_RA_STATE
#endif
// Save frame/link register // Save frame/link register
stp x29, x30, [sp, -32]! stp x29, x30, [sp, -32]!
CFI_DEF_CFA_OFFSET (32) CFI_DEF_CFA_OFFSET (32)
CFI_OFFSET (29, -32) CFI_OFFSET (29, -32)
CFI_OFFSET (30, -24) CFI_OFFSET (30, -24)
// Adjust the SP for previous frame // Adjust the SP for previous frame
add x29, sp, 0 add x29, sp, 0
Show All 13 Lines#endif
ldr x0, [sp, 16] ldr x0, [sp, 16]
CFI_RESTORE (0) CFI_RESTORE (0)
// Restore frame/link register // Restore frame/link register
ldp x29, x30, [sp], 32 ldp x29, x30, [sp], 32
CFI_RESTORE (29) CFI_RESTORE (29)
CFI_RESTORE (30) CFI_RESTORE (30)
CFI_DEF_CFA (31, 0) CFI_DEF_CFA (31, 0)
#if PAC_FLAG
hint #29 // autiasp
.CFI_NEGATE_RA_STATE
#endif
// tail jump to libc setjmp // tail jump to libc setjmp
#if !defined(__APPLE__) #if !defined(__APPLE__)
adrp x1, :got:_ZN14__interception12real__setjmpE adrp x1, :got:_ZN14__interception12real__setjmpE
ldr x1, [x1, #:got_lo12:_ZN14__interception12real__setjmpE] ldr x1, [x1, #:got_lo12:_ZN14__interception12real__setjmpE]
ldr x1, [x1] ldr x1, [x1]
#else #else
adrp x1, __setjmp$non_lazy_ptr@page adrp x1, __setjmp$non_lazy_ptr@page
add x1, x1, __setjmp$non_lazy_ptr@pageoff add x1, x1, __setjmp$non_lazy_ptr@pageoff
ldr x1, [x1] ldr x1, [x1]
#endif #endif
br x1 br x1
CFI_ENDPROC CFI_ENDPROC
ASM_SIZE(ASM_SYMBOL_INTERCEPTOR(_setjmp)) ASM_SIZE(ASM_SYMBOL_INTERCEPTOR(_setjmp))
.comm _ZN14__interception14real_sigsetjmpE,8,8 .comm _ZN14__interception14real_sigsetjmpE,8,8
.globl ASM_SYMBOL_INTERCEPTOR(sigsetjmp) .globl ASM_SYMBOL_INTERCEPTOR(sigsetjmp)
ASM_TYPE_FUNCTION(ASM_SYMBOL_INTERCEPTOR(sigsetjmp)) ASM_TYPE_FUNCTION(ASM_SYMBOL_INTERCEPTOR(sigsetjmp))
ASM_SYMBOL_INTERCEPTOR(sigsetjmp): ASM_SYMBOL_INTERCEPTOR(sigsetjmp):
CFI_STARTPROC CFI_STARTPROC
#if PAC_FLAG
hint #25 // paciasp
.CFI_NEGATE_RA_STATE
#endif
// Save frame/link register // Save frame/link register
stp x29, x30, [sp, -32]! stp x29, x30, [sp, -32]!
CFI_DEF_CFA_OFFSET (32) CFI_DEF_CFA_OFFSET (32)
CFI_OFFSET (29, -32) CFI_OFFSET (29, -32)
CFI_OFFSET (30, -24) CFI_OFFSET (30, -24)
// Adjust the SP for previous frame // Adjust the SP for previous frame
add x29, sp, 0 add x29, sp, 0
Show All 15 Lines#endif
CFI_RESTORE (0) CFI_RESTORE (0)
CFI_RESTORE (1) CFI_RESTORE (1)
// Restore frame/link register // Restore frame/link register
ldp x29, x30, [sp], 32 ldp x29, x30, [sp], 32
CFI_RESTORE (29) CFI_RESTORE (29)
CFI_RESTORE (30) CFI_RESTORE (30)
CFI_DEF_CFA (31, 0) CFI_DEF_CFA (31, 0)
#if PAC_FLAG
hint #29 // autiasp
.CFI_NEGATE_RA_STATE
#endif
// tail jump to libc sigsetjmp // tail jump to libc sigsetjmp
#if !defined(__APPLE__) #if !defined(__APPLE__)
adrp x2, :got:_ZN14__interception14real_sigsetjmpE adrp x2, :got:_ZN14__interception14real_sigsetjmpE
ldr x2, [x2, #:got_lo12:_ZN14__interception14real_sigsetjmpE] ldr x2, [x2, #:got_lo12:_ZN14__interception14real_sigsetjmpE]
ldr x2, [x2] ldr x2, [x2]
#else #else
adrp x2, _sigsetjmp$non_lazy_ptr@page adrp x2, _sigsetjmp$non_lazy_ptr@page
add x2, x2, _sigsetjmp$non_lazy_ptr@pageoff add x2, x2, _sigsetjmp$non_lazy_ptr@pageoff
ldr x2, [x2] ldr x2, [x2]
#endif #endif
br x2 br x2
CFI_ENDPROC CFI_ENDPROC
ASM_SIZE(ASM_SYMBOL_INTERCEPTOR(sigsetjmp)) ASM_SIZE(ASM_SYMBOL_INTERCEPTOR(sigsetjmp))
#if !defined(__APPLE__) #if !defined(__APPLE__)
.comm _ZN14__interception16real___sigsetjmpE,8,8 .comm _ZN14__interception16real___sigsetjmpE,8,8
.globl ASM_SYMBOL_INTERCEPTOR(__sigsetjmp) .globl ASM_SYMBOL_INTERCEPTOR(__sigsetjmp)
ASM_TYPE_FUNCTION(ASM_SYMBOL_INTERCEPTOR(__sigsetjmp)) ASM_TYPE_FUNCTION(ASM_SYMBOL_INTERCEPTOR(__sigsetjmp))
ASM_SYMBOL_INTERCEPTOR(__sigsetjmp): ASM_SYMBOL_INTERCEPTOR(__sigsetjmp):
CFI_STARTPROC CFI_STARTPROC
#if PAC_FLAG
hint #25 // paciasp
.CFI_NEGATE_RA_STATE
#endif
// Save frame/link register // Save frame/link register
stp x29, x30, [sp, -32]! stp x29, x30, [sp, -32]!
CFI_DEF_CFA_OFFSET (32) CFI_DEF_CFA_OFFSET (32)
CFI_OFFSET (29, -32) CFI_OFFSET (29, -32)
CFI_OFFSET (30, -24) CFI_OFFSET (30, -24)
// Adjust the SP for previous frame // Adjust the SP for previous frame
add x29, sp, 0 add x29, sp, 0
Show All 15 Lines#endif
CFI_RESTORE (0) CFI_RESTORE (0)
CFI_RESTORE (1) CFI_RESTORE (1)
// Restore frame/link register // Restore frame/link register
ldp x29, x30, [sp], 32 ldp x29, x30, [sp], 32
CFI_RESTORE (29) CFI_RESTORE (29)
CFI_RESTORE (30) CFI_RESTORE (30)
CFI_DEF_CFA (31, 0) CFI_DEF_CFA (31, 0)
#if PAC_FLAG
hint #29 // autiasp
.CFI_NEGATE_RA_STATE
#endif
// tail jump to libc __sigsetjmp // tail jump to libc __sigsetjmp
#if !defined(__APPLE__) #if !defined(__APPLE__)
adrp x2, :got:_ZN14__interception16real___sigsetjmpE adrp x2, :got:_ZN14__interception16real___sigsetjmpE
ldr x2, [x2, #:got_lo12:_ZN14__interception16real___sigsetjmpE] ldr x2, [x2, #:got_lo12:_ZN14__interception16real___sigsetjmpE]
ldr x2, [x2] ldr x2, [x2]
#else #else
adrp x2, ASM_SYMBOL(__sigsetjmp)@page adrp x2, ASM_SYMBOL(__sigsetjmp)@page
add x2, x2, ASM_SYMBOL(__sigsetjmp)@pageoff add x2, x2, ASM_SYMBOL(__sigsetjmp)@pageoff
#endif #endif
br x2 br x2
CFI_ENDPROC CFI_ENDPROC
ASM_SIZE(ASM_SYMBOL_INTERCEPTOR(__sigsetjmp)) ASM_SIZE(ASM_SYMBOL_INTERCEPTOR(__sigsetjmp))
#endif #endif
NO_EXEC_STACK_DIRECTIVE NO_EXEC_STACK_DIRECTIVE
GNU_PROPERTY_BTI_PAC
#endif #endif