This is an archive of the discontinued LLVM Phabricator instance.

[libunwind,EHABI,ARM] Fix get/set of RA_AUTH_CODE.
ClosedPublic

Authored by simon_tatham on Jun 24 2022, 6:21 AM.

Download Raw Diff

Details

Reviewers

stuij
momchil.velikov
vhscampos
MaskRay
danielkiss
mstorsjo

Group Reviewers

Restricted Project

Commits

rG43c84e463426: [libunwind,EHABI,ARM] Fix get/set of RA_AUTH_CODE.

Summary

According to EHABI32 §8.5.2, the PAC for the return address of a
function described in an exception table is supposed to be addressed
in the _Unwind_VRS_{Get,Set} API by setting regclass=_UVRSC_PSEUDO and
regno=0. (The space of 'regno' values is independent for each
regclass, and for _UVRSC_PSEUDO, there is only one valid regno so far.)

That is indeed what libunwind's _Unwind_VRS_{Get,Set} functions expect
to receive. But at two call sites, the wrong values are passed in:
regno is being set to UNW_ARM_RA_AUTH_CODE (0x8F) instead of 0, and in
one case, regclass is _UVRSC_CORE instead of _UVRSC_PSEUDO.

As a result, those calls to _Unwind_VRS_{Get,Set} return
_UVRSR_FAILED, which their callers ignore. So if you compile in the
AUTG instruction that actually validates the PAC, it will try to
validate what's effectively an uninitialised register as an
authentication code, and trigger a CPU fault even on correct exception
unwinding.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

simon_tatham created this revision.Jun 24 2022, 6:21 AM

Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptJun 24 2022, 6:21 AM

Herald added a reviewer: Restricted Project. · View Herald Transcript

Herald added subscribers: libcxx-commits, StephenFan, kristof.beyls. · View Herald Transcript

simon_tatham requested review of this revision.Jun 24 2022, 6:21 AM

Herald added a project: Restricted Project. · View Herald TranscriptJun 24 2022, 6:21 AM

Herald added a subscriber: llvm-commits. · View Herald Transcript

Harbormaster completed remote builds in B171847: Diff 439725.Jun 24 2022, 7:35 AM

LGTM.

This revision was not accepted when it landed; it landed in state Needs Review.Jun 27 2022, 1:36 AM

Closed by commit rG43c84e463426: [libunwind,EHABI,ARM] Fix get/set of RA_AUTH_CODE. (authored by simon_tatham). · Explain Why

This revision was automatically updated to reflect the committed changes.

simon_tatham added a commit: rG43c84e463426: [libunwind,EHABI,ARM] Fix get/set of RA_AUTH_CODE..

Hmm, Phabricator tells me that some other review should have been done before I landed this. That wasn't obvious, sorry – I saw an email saying someone had accepted the change, and assumed that was enough to push it.

If I violated a procedure, sorry about that! But I hope this change will be considered harmless enough to not revert.

Revision Contents

Path

Size

libunwind/

src/

Unwind-EHABI.cpp

6 lines

Diff 439725

libunwind/src/Unwind-EHABI.cpp

Show First 20 Lines • Show All 426 Lines • ▼ Show 20 Lines	#endif
if (!wrotePC) {		if (!wrotePC) {
uint32_t lr;		uint32_t lr;
_Unwind_VRS_Get(context, _UVRSC_CORE, UNW_ARM_LR, _UVRSD_UINT32, &lr);		_Unwind_VRS_Get(context, _UVRSC_CORE, UNW_ARM_LR, _UVRSD_UINT32, &lr);
#ifdef __ARM_FEATURE_PAUTH		#ifdef __ARM_FEATURE_PAUTH
if (hasReturnAddrAuthCode) {		if (hasReturnAddrAuthCode) {
uint32_t sp;		uint32_t sp;
uint32_t pac;		uint32_t pac;
_Unwind_VRS_Get(context, _UVRSC_CORE, UNW_ARM_SP, _UVRSD_UINT32, &sp);		_Unwind_VRS_Get(context, _UVRSC_CORE, UNW_ARM_SP, _UVRSD_UINT32, &sp);
_Unwind_VRS_Get(context, _UVRSC_PSEUDO, UNW_ARM_RA_AUTH_CODE,		_Unwind_VRS_Get(context, _UVRSC_PSEUDO, 0, _UVRSD_UINT32, &pac);
_UVRSD_UINT32, &pac);
__asm__ __volatile__("autg %0, %1, %2" : : "r"(pac), "r"(lr), "r"(sp) :);		__asm__ __volatile__("autg %0, %1, %2" : : "r"(pac), "r"(lr), "r"(sp) :);
}		}
#else		#else
(void)hasReturnAddrAuthCode;		(void)hasReturnAddrAuthCode;
#endif		#endif
_Unwind_VRS_Set(context, _UVRSC_CORE, UNW_ARM_IP, _UVRSD_UINT32, &lr);		_Unwind_VRS_Set(context, _UVRSC_CORE, UNW_ARM_IP, _UVRSD_UINT32, &lr);
}		}
return _URC_CONTINUE_UNWIND;		return _URC_CONTINUE_UNWIND;
▲ Show 20 Lines • Show All 688 Lines • ▼ Show 20 Lines	case _UVRSC_PSEUDO: {
// Return Address Authentication code (PAC) - discriminator 0		// Return Address Authentication code (PAC) - discriminator 0
uint32_t *sp;		uint32_t *sp;
if (_Unwind_VRS_Get(context, _UVRSC_CORE, UNW_ARM_SP, _UVRSD_UINT32,		if (_Unwind_VRS_Get(context, _UVRSC_CORE, UNW_ARM_SP, _UVRSD_UINT32,
&sp) != _UVRSR_OK) {		&sp) != _UVRSR_OK) {
return _UVRSR_FAILED;		return _UVRSR_FAILED;
}		}
uint32_t pac = *sp++;		uint32_t pac = *sp++;
_Unwind_VRS_Set(context, _UVRSC_CORE, UNW_ARM_SP, _UVRSD_UINT32, &sp);		_Unwind_VRS_Set(context, _UVRSC_CORE, UNW_ARM_SP, _UVRSD_UINT32, &sp);
return _Unwind_VRS_Set(context, _UVRSC_CORE, UNW_ARM_RA_AUTH_CODE,		return _Unwind_VRS_Set(context, _UVRSC_PSEUDO, 0, _UVRSD_UINT32, &pac);
_UVRSD_UINT32, &pac);
}		}
}		}
_LIBUNWIND_ABORT("unsupported register class");		_LIBUNWIND_ABORT("unsupported register class");
}		}

/// Not used by C++.		/// Not used by C++.
/// Unwinds stack, calling "stop" function at each frame.		/// Unwinds stack, calling "stop" function at each frame.
/// Could be used to implement longjmp().		/// Could be used to implement longjmp().
▲ Show 20 Lines • Show All 60 Lines • Show Last 20 Lines