This is an archive of the discontinued LLVM Phabricator instance.

libunwind: Don't attempt to authenticate a null return address.
ClosedPublic

Authored by pcc on Feb 11 2021, 4:25 PM.

Download Raw Diff

Details

Reviewers

rprichard
danielkiss
mstorsjo

Group Reviewers

Restricted Project

Commits

rGcddc53ef088b: libunwind: Don't attempt to authenticate a null return address.

Summary

Null return addresses can appear at the bottom of the stack (i.e. the
frame corresponding to the entry point). Authenticating these addresses
will set the error code in the address, which will lead to a segfault
in the sigreturn trampoline detection code. Fix this problem by not
authenticating null addresses.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

pcc created this revision.Feb 11 2021, 4:25 PM

Herald added a project: Restricted Project. · View Herald TranscriptFeb 11 2021, 4:25 PM

Herald added a reviewer: Restricted Project. · View Herald Transcript

Herald added a subscriber: libcxx-commits. · View Herald Transcript

pcc requested review of this revision.Feb 11 2021, 4:25 PM

Herald added a project: Restricted Project. · View Herald TranscriptFeb 11 2021, 4:25 PM

It seems OK to me. Does it make sense to also skip (pc == 0) in UnwindCursor<A, R>::setInfoForSigReturn?

In D96560#2558596, @rprichard wrote:

It seems OK to me. Does it make sense to also skip (pc == 0) in UnwindCursor<A, R>::setInfoForSigReturn?

Hmm, that seems redundant with the check that I'm adding here. Let's start with one and we can reconsider if we find another bug here.

In D96560#2558737, @pcc wrote:

In D96560#2558596, @rprichard wrote:

It seems OK to me. Does it make sense to also skip (pc == 0) in UnwindCursor<A, R>::setInfoForSigReturn?

Hmm, that seems redundant with the check that I'm adding here. Let's start with one and we can reconsider if we find another bug here.

Oh, yeah, it would be redundant with this check earlier in setInfoBasedOnIPRegister:

// Exit early if at the top of the stack.
if (pc == 0) {
  _unwindInfoMissing = true;
  return;
}

Harbormaster completed remote builds in B88906: Diff 323185.Feb 11 2021, 6:40 PM

LGTM, Thanks.

LGTM too

This revision is now accepted and ready to land.Feb 15 2021, 2:24 AM

This revision was landed with ongoing or failed builds.Feb 16 2021, 11:18 AM

Closed by commit rGcddc53ef088b: libunwind: Don't attempt to authenticate a null return address. (authored by pcc). · Explain Why

This revision was automatically updated to reflect the committed changes.

pcc added a commit: rGcddc53ef088b: libunwind: Don't attempt to authenticate a null return address..

Revision Contents

Path

Size

libunwind/

src/

DwarfInstructions.hpp

3 lines

Diff 324061

libunwind/src/DwarfInstructions.hpp

	Show First 20 Lines • Show All 207 Lines • ▼ Show 20 Lines

	#if defined(_LIBUNWIND_TARGET_AARCH64)			#if defined(_LIBUNWIND_TARGET_AARCH64)
	// If the target is aarch64 then the return address may have been signed			// If the target is aarch64 then the return address may have been signed
	// using the v8.3 pointer authentication extensions. The original			// using the v8.3 pointer authentication extensions. The original
	// return address needs to be authenticated before the return address is			// return address needs to be authenticated before the return address is
	// restored. autia1716 is used instead of autia as autia1716 assembles			// restored. autia1716 is used instead of autia as autia1716 assembles
	// to a NOP on pre-v8.3a architectures.			// to a NOP on pre-v8.3a architectures.
	if ((R::getArch() == REGISTERS_ARM64) &&			if ((R::getArch() == REGISTERS_ARM64) &&
	prolog.savedRegisters[UNW_ARM64_RA_SIGN_STATE].value) {			prolog.savedRegisters[UNW_ARM64_RA_SIGN_STATE].value &&
				returnAddress != 0) {
	#if !defined(_LIBUNWIND_IS_NATIVE_ONLY)			#if !defined(_LIBUNWIND_IS_NATIVE_ONLY)
	return UNW_ECROSSRASIGNING;			return UNW_ECROSSRASIGNING;
	#else			#else
	register unsigned long long x17 __asm("x17") = returnAddress;			register unsigned long long x17 __asm("x17") = returnAddress;
	register unsigned long long x16 __asm("x16") = cfa;			register unsigned long long x16 __asm("x16") = cfa;

	// These are the autia1716/autib1716 instructions. The hint instructions			// These are the autia1716/autib1716 instructions. The hint instructions
	// are used here as gcc does not assemble autia1716/autib1716 for pre			// are used here as gcc does not assemble autia1716/autib1716 for pre
	▲ Show 20 Lines • Show All 604 Lines • Show Last 20 Lines