Page MenuHomePhabricator

[ARM][libunwind] add PACBTI-M support for libunwind
AcceptedPublic

Authored by stuij on Oct 25 2021, 3:35 AM.

Details

Reviewers
abdulras
momchil.velikov
vhscampos
MaskRay
danielkiss
mstorsjo
compnerd
Group Reviewers
Restricted Project
Summary

This patch implements the following:

  • Emit PACBTI-M build attributes in libunwind asm files
  • Authenticate LR in DWARF32 using PACBTI

Use Armv8.1-M.Main PACBTI extension to authenticate the return address
(stored in the LR register) before moving it to the PC (IP) register.

The AUTG instruction is used with the candidate return address, the CFA,
and the authentication code that is retrieved from the saved
pseudo-register RA_AUTH_CODE.

  • Authenticate LR in EHABI using PACBTI

Authenticate the contents of the LR register using Armv8.1-M.Main PACBTI
extension.

A new frame unwinding instruction is introduced (0xb4). This
instruction pops out of the stack the return address authentication
code, which is then used in conjunction with the SP and the next-to-be
instruction pointer to perform authentication.

This authentication code is popped into a new register,
UNW_ARM_PSEUDO_PAC, which is a pseudo-register.

This patch is part of a series that adds support for the PACBTI-M extension of
the Armv8.1-M architecture, as detailed here:

https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/armv8-1-m-pointer-authentication-and-branch-target-identification-extension

The PACBTI-M specification can be found in the Armv8-M Architecture Reference
Manual:

https://developer.arm.com/documentation/ddi0553/latest

The following people contributed to this patch:

  • Momchil Velikov
  • Victor Campos
  • Ties Stuij

Diff Detail

Event Timeline

stuij created this revision.Oct 25 2021, 3:35 AM
Herald added a project: Restricted Project. · View Herald TranscriptOct 25 2021, 3:35 AM
Herald added a reviewer: Restricted Project. · View Herald Transcript
stuij requested review of this revision.Oct 25 2021, 3:35 AM
Herald added a project: Restricted Project. · View Herald TranscriptOct 25 2021, 3:35 AM
Herald added a subscriber: cfe-commits. · View Herald Transcript
danielkiss added inline comments.
libunwind/src/Registers.hpp
2245–2246

Maybe we could gate this on __ARM_FEATURE_PAUTH because it won't work anyway without the feature enabled for libunwind.

2276–2277

ditto, maybe better to run into a _LIBUNWIND_ABORT instead debugging a silently skipping the authentication.

stuij updated this revision to Diff 387237.Mon, Nov 15, 6:32 AM

addressed review comments

stuij marked 2 inline comments as done.Mon, Nov 15, 6:36 AM
danielkiss accepted this revision.Mon, Nov 15, 7:43 AM

LGTM, Thanks.

Looks overall ok, without diving in very deep, except for this one change that seemed unrelated.

libunwind/src/Unwind-EHABI.cpp
317

This particular change looks unrelated to the rest, on a quick glance

chill added a subscriber: chill.Wed, Nov 24, 4:44 AM
chill added inline comments.
libunwind/src/Unwind-EHABI.cpp
317

Indeed, that change is a leftover from when the encoding of the instruction to pop return address authentication code was <0xb1,0x00>

stuij updated this revision to Diff 389481.Wed, Nov 24, 6:18 AM

address review comments

stuij marked an inline comment as done.Wed, Nov 24, 6:19 AM
mstorsjo accepted this revision.Thu, Nov 25, 1:45 PM

I guess this is ok then. I can't say I've followed every bit in detail, but it looks sensible overall.

This revision is now accepted and ready to land.Thu, Nov 25, 1:45 PM

Please rebase onto main and re-upload before submitting, so that the CI runs. There was a flaky failure previously, but I'd like to see it run before merging.

stuij updated this revision to Diff 390333.Mon, Nov 29, 6:20 AM

uploading after rebase as per reviewer request (no changes in the patch itself)