Page MenuHomePhabricator

Pass pointer authentication code mask from minidump and use to strip pac from pc.
Needs ReviewPublic

Authored by justincohen on Mar 18 2021, 12:24 PM.

Details

Summary

Pipe pointer authentication code mask from Crashpad thru minidumps into the ABI plugin.

To work with Crashpad change: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2773358

Diff Detail

Event Timeline

justincohen requested review of this revision.Mar 18 2021, 12:24 PM
justincohen created this revision.
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptMar 18 2021, 12:24 PM
justincohen edited the summary of this revision. (Show Details)Mar 18 2021, 12:26 PM
justincohen edited the summary of this revision. (Show Details)

Fix length of crashpad structure / use ulittleXX

markmentovai added inline comments.Mar 25 2021, 11:57 AM
lldb/source/Plugins/Process/minidump/MinidumpParser.cpp
241–242

Check that crashpad_info->version is 1 before attempting to treat what follows as pointer_authentication_address_mask.

lldb/source/Plugins/Process/minidump/MinidumpTypes.h
113

Ensure alignment is compatible with what Crashpad uses.

justincohen retitled this revision from Strip pointer authentication codes from MacOSX arc pc. to Past pointer authentication code mask from minidump and use to strip pac from pc..Mar 25 2021, 12:27 PM
justincohen retitled this revision from Past pointer authentication code mask from minidump and use to strip pac from pc. to Pass pointer authentication code mask from minidump and use to strip pac from pc..Mar 25 2021, 1:09 PM

Inverted mask.

Check CrashpadInfo version.

justincohen marked 2 inline comments as done.Mar 26 2021, 12:18 PM
justincohen added inline comments.
lldb/source/Plugins/Process/minidump/MinidumpTypes.h
113

Confirmed manually.

justincohen marked an inline comment as done.
justincohen added a subscriber: pcc.
omjavaid added inline comments.Mar 30 2021, 2:57 PM
lldb/include/lldb/Target/Process.h
79

This function name is too specific to AArch64 architecture. IMO, we should have information on significant address bits rather than PAuth mask. This is because we have to cover for the top byte in case of AArch64 Top Byte Ignore feature as well as any other memory management features.

From user process perspective we should figure out how many bits of the process memory address are significant for addressing while the others store extra information like PAC, Tags or any information inserted by software in top byte.

I propose to add a new variable (may be call it address_bits_in_use) in process class which is populated by default equal to process address width in our case 64 bit. In case a we choose to update address_bits_in_use we may do it on when process is created or through set method during execution as well.

pcc added inline comments.Mar 30 2021, 3:42 PM
lldb/include/lldb/Target/Process.h
79

I don't think we want to clear the top byte if TBI is enabled. This is because the top byte may contain a pointer tag that is necessary in order to access the pointer with MTE. That is exactly what a mask would let us do. The top byte of the mask is clear when TBI is enabled so that the pointer tag is left unchanged.

omjavaid added inline comments.Mar 30 2021, 3:51 PM
lldb/include/lldb/Target/Process.h
79

We dont really want to clear the top byte but rather have the information on "address bits used for addressing" vs "address bits used for extra features" and for the purpose of unwinding all extra information from the address needs to cleared.

On top of my head I think this information is needed to ensure LLDB does not use multiple watchpoints for watching a single address which has extra info in some of its top bits. There could be more uses of this in memory reads and breakpoints management as well for code pointers.

omjavaid resigned from this revision.Jul 11 2021, 9:28 PM