- When return address signing is enabled, the LR may be signed on function entry
- When an exception is thrown the return address is inspected used to unwind the call stack
- Before this happens, the return address must be correctly authenticated to avoid causing an abort by dereferencing the signed pointer
Details
Diff Detail
- Repository
- rL LLVM
Event Timeline
src/DwarfInstructions.hpp | ||
---|---|---|
210 ↗ | (On Diff #163099) | I don't think this will work for cross-unwinding builds: for them, _LIBUNWIND_TARGET_AARCH64 is defined even when the compilation target is not AArch64, so this instruction won't exist. Fully supporting cross-unwinding looks non-trivial: we'd need to either provide some way to ask the client to authenticate a pointer on the target, or strip the high bits of the pointer (which requires knowing the virtual address size of the target). For now, I think it's OK to not support cross-unwinding. |
src/Registers.hpp | ||
1835 ↗ | (On Diff #163099) | When regNum == UNW_ARM64_RA_SIGN_STATE, the index into __x is out of range. We'll need to add new storage to hold this value, I'd suggest replacing the current padding value in the GPRs struct, as that will avoid changing the layout expected by the context save/restore functions. |
1845 ↗ | (On Diff #163099) | Ditto. |
src/Registers.hpp | ||
---|---|---|
1835 ↗ | (On Diff #163099) | Good catch. Thanks, I didn't check the struct definition. |