diff --git a/client/crashpad_info_note.S b/client/crashpad_info_note.S index ef3d68cc..80de22d6 100644 --- a/client/crashpad_info_note.S +++ b/client/crashpad_info_note.S @@ -17,7 +17,7 @@ // that symbol to be in the dynamic symbol table. #include "util/misc/elf_note_types.h" -#include "util/misc/arm64_bti_note.S" +#include "util/misc/arm64_pac_bti.S" // namespace crashpad { // CrashpadInfo g_crashpad_info; diff --git a/snapshot/crashpad_info_size_test_note.S b/snapshot/crashpad_info_size_test_note.S index 8b1a0bd8..ebc0d8f6 100644 --- a/snapshot/crashpad_info_size_test_note.S +++ b/snapshot/crashpad_info_size_test_note.S @@ -17,7 +17,7 @@ // that symbol to be in the dynamic symbol table. #include "util/misc/elf_note_types.h" -#include "util/misc/arm64_bti_note.S" +#include "util/misc/arm64_pac_bti.S" // namespace crashpad { // CrashpadInfo g_test_crashpad_info; diff --git a/snapshot/elf/elf_image_reader_test_note.S b/snapshot/elf/elf_image_reader_test_note.S index 08f1829f..b6c17ff3 100644 --- a/snapshot/elf/elf_image_reader_test_note.S +++ b/snapshot/elf/elf_image_reader_test_note.S @@ -13,7 +13,7 @@ // limitations under the License. #include "util/misc/elf_note_types.h" -#include "util/misc/arm64_bti_note.S" +#include "util/misc/arm64_pac_bti.S" #define NOTE_ALIGN 4 .section .note.crashpad.test,"a",%note diff --git a/util/misc/arm64_bti_note.S b/util/misc/arm64_pac_bti.S similarity index 63% rename from util/misc/arm64_bti_note.S rename to util/misc/arm64_pac_bti.S index 987493be..ac90f2ab 100644 --- a/util/misc/arm64_bti_note.S +++ b/util/misc/arm64_pac_bti.S @@ -12,16 +12,40 @@ // See the License for the specific language governing permissions and // limitations under the License. -#ifndef CRASHPAD_UTIL_MISC_ARM64_BTI_NOTE_S -#define CRASHPAD_UTIL_MISC_ARM64_BTI_NOTE_S +#ifndef CRASHPAD_UTIL_MISC_ARM64_PAC_BTI_S +#define CRASHPAD_UTIL_MISC_ARM64_PAC_BTI_S -/* Support macros for the Armv8.5-A Branch Target Identification feature which - * requires emitting a .note.gnu.property section with the appropriate +/* Support macros for the Armv8.5-A Branch Target Identification and + * Armv8.3-A Pointer Authentication features which require emitting + * a .note.gnu.property section with the appropriate * architecture-dependent feature bits set. * Read more: "ELF for the ArmĀ® 64-bit Architecture" */ #if defined(__ARM_FEATURE_BTI_DEFAULT) && (__ARM_FEATURE_BTI_DEFAULT == 1) -#define GNU_PROPERTY_AARCH64_BTI (1 << 0) // Has BTI +#define GNU_PROPERTY_AARCH64_BTI 1 // Has BTI +#define CRASHPAD_AARCH64_VALID_JUMP_CALL_TARGET bti jc +#define CRASHPAD_AARCH64_VALID_CALL_TARGET bti c +#define CRASHPAD_AARCH64_VALID_JUMP_TARGET bti j +#else +#define GNU_PROPERTY_AARCH64_BTI 0 // No BTI +#define CRASHPAD_AARCH64_VALID_JUMP_CALL_TARGET +#define CRASHPAD_AARCH64_VALID_CALL_TARGET +#define CRASHPAD_AARCH64_VALID_JUMP_TARGET +#endif + +#if defined(__ARM_FEATURE_PAC_DEFAULT) +#if ((__ARM_FEATURE_PAC_DEFAULT & ((1<<0)|(1<<2))) == 0) +#error Pointer authentication defines no valid key! +#endif +#define GNU_PROPERTY_AARCH64_PAC 1 // Has PAC +#else +#define GNU_PROPERTY_AARCH64_PAC 0 // No PAC +#endif + +/** + * Emit a proper .note.gnu.property section in case of PAC or BTI being enabled. + */ +#if (GNU_PROPERTY_AARCH64_BTI != 0 || GNU_PROPERTY_AARCH64_PAC != 0) .pushsection .note.gnu.property, "a" .balign 4 .long 0x4 /* size of field "GNU" */ @@ -30,17 +54,12 @@ .asciz "GNU" .long 0xc0000000 /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */ .long 0x4 - .long GNU_PROPERTY_AARCH64_BTI + .long ((GNU_PROPERTY_AARCH64_BTI<<0)|(GNU_PROPERTY_AARCH64_PAC<<1)) .long 0x0 .popsection -#define CRASHPAD_AARCH64_VALID_JUMP_CALL_TARGET bti jc -#define CRASHPAD_AARCH64_VALID_CALL_TARGET bti c -#define CRASHPAD_AARCH64_VALID_JUMP_TARGET bti j -#undef GNU_PROPERTY_AARCH64_BTI -#else -#define CRASHPAD_AARCH64_VALID_JUMP_CALL_TARGET -#define CRASHPAD_AARCH64_VALID_CALL_TARGET -#define CRASHPAD_AARCH64_VALID_JUMP_TARGET #endif -#endif /* CRASHPAD_UTIL_MISC_ARM64_BTI_NOTE_S */ +#undef GNU_PROPERTY_AARCH64_BTI +#undef GNU_PROPERTY_AARCH64_PAC + +#endif /* CRASHPAD_UTIL_MISC_ARM64_PAC_BTI_S */ diff --git a/util/misc/capture_context_linux.S b/util/misc/capture_context_linux.S index 0ee561f5..96e030d9 100644 --- a/util/misc/capture_context_linux.S +++ b/util/misc/capture_context_linux.S @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -#include "util/misc/arm64_bti_note.S" +#include "util/misc/arm64_pac_bti.S" // namespace crashpad { // void CaptureContext(ucontext_t* context); @@ -316,14 +316,15 @@ CAPTURECONTEXT_SYMBOL2: stp x26, x27, [x0, #0x188] stp x28, x29, [x0, #0x198] - // The original LR can't be recovered. + // The original LR can't be recovered, therefore no need to sign x30 with PAC. str x30, [x0, #0x1a8] // Use x1 as a scratch register. mov x1, SP str x1, [x0, #0x1b0] // context->uc_mcontext.sp - // The link register holds the return address for this function. + // The link register holds the return address for this function and won't be + // recovered, therefore no need to sign x30 with PAC. str x30, [x0, #0x1b8] // context->uc_mcontext.pc // pstate should hold SPSR but NZCV are the only bits we know about.