arm64e/ptrauth unified patch: libunwind

Author: ahmedbougacha

libunwind/src/AddressSpace.hpp

@@ -196,7 +196,8 @@ class _LIBUNWIND_HIDDEN LocalAddressSpace {
   static int64_t  getSLEB128(pint_t &addr, pint_t end);
 
   pint_t getEncodedP(pint_t &addr, pint_t end, uint8_t encoding,
-                     pint_t datarelBase = 0);
+                     pint_t datarelBase = 0,
+                     pint_t *resultAddr = nullptr);
   bool findFunctionName(pint_t addr, char *buf, size_t bufLen,
                         unw_word_t *offset);
   bool findUnwindSections(pint_t targetAddr, UnwindInfoSections &info);
@@ -269,7 +270,7 @@ inline int64_t LocalAddressSpace::getSLEB128(pint_t &addr, pint_t end) {
 
 inline LocalAddressSpace::pint_t
 LocalAddressSpace::getEncodedP(pint_t &addr, pint_t end, uint8_t encoding,
-                               pint_t datarelBase) {
+                               pint_t datarelBase, pint_t *resultAddr) {
   pint_t startAddr = addr;
   const uint8_t *p = (uint8_t *)addr;
   pint_t result;
@@ -353,8 +354,14 @@ LocalAddressSpace::getEncodedP(pint_t &addr, pint_t end, uint8_t encoding,
     break;
   }
 
-  if (encoding & DW_EH_PE_indirect)
+  if (encoding & DW_EH_PE_indirect) {
+    if (resultAddr)
+      *resultAddr = result;
     result = getP(result);
+  } else {
+    if (resultAddr)
+      *resultAddr = startAddr;
+  }
 
   return result;
 }

libunwind/src/CompactUnwinder.hpp

@@ -499,38 +499,39 @@ class CompactUnwinder_arm64 {
 
   static int stepWithCompactEncoding(compact_unwind_encoding_t compactEncoding,
                                      uint64_t functionStart, A &addressSpace,
-                                     Registers_arm64 &registers);
+                                     unw_word_t procInfoFlags, Registers_arm64 &registers);
 
 private:
   typename A::pint_t pint_t;
 
   static int
       stepWithCompactEncodingFrame(compact_unwind_encoding_t compactEncoding,
                                    uint64_t functionStart, A &addressSpace,
-                                   Registers_arm64 &registers);
+                                   unw_word_t procInfoFlags, Registers_arm64 &registers);
   static int stepWithCompactEncodingFrameless(
       compact_unwind_encoding_t compactEncoding, uint64_t functionStart,
-      A &addressSpace, Registers_arm64 &registers);
+      A &addressSpace, unw_word_t procInfoFlags, Registers_arm64 &registers);
 };
 
 template <typename A>
 int CompactUnwinder_arm64<A>::stepWithCompactEncoding(
     compact_unwind_encoding_t compactEncoding, uint64_t functionStart,
-    A &addressSpace, Registers_arm64 &registers) {
+    A &addressSpace, unw_word_t procInfoFlags, Registers_arm64 &registers) {
   switch (compactEncoding & UNWIND_ARM64_MODE_MASK) {
   case UNWIND_ARM64_MODE_FRAME:
     return stepWithCompactEncodingFrame(compactEncoding, functionStart,
-                                        addressSpace, registers);
+                                        addressSpace, procInfoFlags, registers);
   case UNWIND_ARM64_MODE_FRAMELESS:
     return stepWithCompactEncodingFrameless(compactEncoding, functionStart,
-                                            addressSpace, registers);
+                                            addressSpace, procInfoFlags, registers);
   }
   _LIBUNWIND_ABORT("invalid compact unwind encoding");
 }
 
 template <typename A>
 int CompactUnwinder_arm64<A>::stepWithCompactEncodingFrameless(
     compact_unwind_encoding_t encoding, uint64_t, A &addressSpace,
+    unw_word_t procInfoFlags,
     Registers_arm64 &registers) {
   uint32_t stackSize =
       16 * EXTRACT_BITS(encoding, UNWIND_ARM64_FRAMELESS_STACK_SIZE_MASK);
@@ -601,19 +602,23 @@ int CompactUnwinder_arm64<A>::stepWithCompactEncodingFrameless(
     savedRegisterLoc -= 8;
   }
 
+  Registers_arm64::reg_t linkRegister = registers.getRegister(UNW_AARCH64_LR);
+
   // subtract stack size off of sp
   registers.setSP(savedRegisterLoc);
 
+  registers.normalizeNewLinkRegister(linkRegister, procInfoFlags);
+
   // set pc to be value in lr
-  registers.setIP(registers.getRegister(UNW_AARCH64_LR));
+  registers.setIP(linkRegister);
 
   return UNW_STEP_SUCCESS;
 }
 
 template <typename A>
 int CompactUnwinder_arm64<A>::stepWithCompactEncodingFrame(
     compact_unwind_encoding_t encoding, uint64_t, A &addressSpace,
-    Registers_arm64 &registers) {
+    unw_word_t procInfoFlags, Registers_arm64 &registers) {
   uint64_t savedRegisterLoc = registers.getFP() - 8;
 
   if (encoding & UNWIND_ARM64_FRAME_X19_X20_PAIR) {
@@ -685,8 +690,13 @@ int CompactUnwinder_arm64<A>::stepWithCompactEncodingFrame(
   registers.setFP(addressSpace.get64(fp));
   // old sp is fp less saved fp and lr
   registers.setSP(fp + 16);
+
   // pop return address into pc
-  registers.setIP(addressSpace.get64(fp + 8));
+  Registers_arm64::reg_t linkRegister = addressSpace.get64(fp + 8);
+
+  registers.normalizeNewLinkRegister(linkRegister, procInfoFlags);
+
+  registers.setIP(linkRegister);
 
   return UNW_STEP_SUCCESS;
 }

libunwind/src/DwarfInstructions.hpp

@@ -22,6 +22,9 @@
 #include "dwarf2.h"
 #include "libunwind_ext.h"
 
+#if __has_feature(ptrauth_calls)
+#include <ptrauth.h>
+#endif
 
 namespace libunwind {
 
@@ -35,6 +38,7 @@ class DwarfInstructions {
   typedef typename A::sint_t sint_t;
 
   static int stepWithDwarf(A &addressSpace, pint_t pc, pint_t fdeStart,
+                           unw_word_t procInfoFlags,
                            R &registers, bool &isSignalFrame, bool stage2);
 
 private:
@@ -189,7 +193,9 @@ bool DwarfInstructions<A, R>::getRA_SIGN_STATE(A &addressSpace, R registers,
 
 template <typename A, typename R>
 int DwarfInstructions<A, R>::stepWithDwarf(A &addressSpace, pint_t pc,
-                                           pint_t fdeStart, R &registers,
+                                           pint_t fdeStart,
+                                           unw_word_t procInfoFlags,
+                                           R &registers,
                                            bool &isSignalFrame, bool stage2) {
   FDE_Info fdeInfo;
   CIE_Info cieInfo;
@@ -245,7 +251,7 @@ int DwarfInstructions<A, R>::stepWithDwarf(A &addressSpace, pint_t pc,
       // by a CFI directive later on.
       newRegisters.setSP(cfa);
 
-      pint_t returnAddress = 0;
+      typename R::reg_t returnAddress = 0;
       constexpr int lastReg = R::lastDwarfRegNum();
       static_assert(static_cast<int>(CFI_Parser<A>::kMaxRegisterNumber) >=
                         lastReg,
@@ -363,6 +369,8 @@ int DwarfInstructions<A, R>::stepWithDwarf(A &addressSpace, pint_t pc,
       }
 #endif
 
+      newRegisters.normalizeNewLinkRegister(returnAddress, procInfoFlags);
+
       // Return address is address after call site instruction, so setting IP to
       // that does simulates a return.
       newRegisters.setIP(returnAddress);

libunwind/src/DwarfParser.hpp

@@ -23,6 +23,10 @@
 
 #include "config.h"
 
+#if __has_feature(ptrauth_calls)
+#include <ptrauth.h>
+#endif
+
 namespace libunwind {
 
 /// CFI_Parser does basic parsing of a CFI (Call Frame Information) records.
@@ -366,6 +370,7 @@ const char *CFI_Parser<A>::parseCIE(A &addressSpace, pint_t cie,
   cieInfo->returnAddressRegister = (uint8_t)raReg;
   // parse augmentation data based on augmentation string
   const char *result = NULL;
+  pint_t resultAddr = 0;
   if (addressSpace.get8(strStart) == 'z') {
     // parse augmentation data length
     addressSpace.getULEB128(p, cieContentEnd);
@@ -379,7 +384,20 @@ const char *CFI_Parser<A>::parseCIE(A &addressSpace, pint_t cie,
         ++p;
         cieInfo->personalityOffsetInCIE = (uint8_t)(p - cie);
         cieInfo->personality = addressSpace
-            .getEncodedP(p, cieContentEnd, cieInfo->personalityEncoding);
+            .getEncodedP(p, cieContentEnd, cieInfo->personalityEncoding,
+                         /*datarelBase=*/0, &resultAddr);
+#if __has_feature(ptrauth_calls)
+              // The GOT for the personality function was signed address authenticated.
+              // Resign is as a regular function pointer.
+              if (cieInfo->personality) {
+                  void* signedPtr = ptrauth_auth_and_resign((void*)cieInfo->personality,
+                                                            ptrauth_key_function_pointer,
+                                                            resultAddr,
+                                                            ptrauth_key_function_pointer,
+                                                            0);
+                  cieInfo->personality = (__typeof(cieInfo->personality))signedPtr;
+              }
+#endif
         break;
       case 'L':
         cieInfo->lsdaEncoding = addressSpace.get8(p);

libunwind/src/Registers.hpp

@@ -18,6 +18,11 @@
 #include "cet_unwind.h"
 #include "config.h"
 #include "libunwind.h"
+#include "libunwind_ext.h"
+
+#if __has_feature(ptrauth_calls)
+#include <ptrauth.h>
+#endif
 
 namespace libunwind {
 
@@ -93,6 +98,10 @@ class _LIBUNWIND_HIDDEN Registers_x86 {
   uint32_t  getEDI() const         { return _registers.__edi; }
   void      setEDI(uint32_t value) { _registers.__edi = value; }
 
+  typedef uint32_t reg_t;
+  void      normalizeNewLinkRegister(reg_t&, unw_word_t) { }
+  void      normalizeExistingLinkRegister(reg_t&) { }
+
 private:
   struct GPRs {
     unsigned int __eax;
@@ -311,6 +320,10 @@ class _LIBUNWIND_HIDDEN Registers_x86_64 {
   uint64_t  getR15() const         { return _registers.__r15; }
   void      setR15(uint64_t value) { _registers.__r15 = value; }
 
+  typedef uint64_t reg_t;
+  void      normalizeNewLinkRegister(reg_t&, unw_word_t) { }
+  void      normalizeExistingLinkRegister(reg_t&) { }
+
 private:
   struct GPRs {
     uint64_t __rax;
@@ -620,6 +633,10 @@ class _LIBUNWIND_HIDDEN Registers_ppc {
   uint64_t  getCR() const         { return _registers.__cr; }
   void      setCR(uint32_t value) { _registers.__cr = value; }
 
+  typedef uint32_t reg_t;
+  void      normalizeNewLinkRegister(reg_t&, unw_word_t) { }
+  void      normalizeExistingLinkRegister(reg_t&) { }
+
 private:
   struct ppc_thread_state_t {
     unsigned int __srr0; /* Instruction address register (PC) */
@@ -1815,6 +1832,8 @@ class _LIBUNWIND_HIDDEN Registers_arm64 {
 public:
   Registers_arm64();
   Registers_arm64(const void *registers);
+  Registers_arm64(const Registers_arm64&);
+  Registers_arm64& operator=(const Registers_arm64&);
 
   bool        validRegister(int num) const;
   uint64_t    getRegister(int num) const;
@@ -1834,11 +1853,63 @@ class _LIBUNWIND_HIDDEN Registers_arm64 {
 
   uint64_t  getSP() const         { return _registers.__sp; }
   void      setSP(uint64_t value) { _registers.__sp = value; }
-  uint64_t  getIP() const         { return _registers.__pc; }
-  void      setIP(uint64_t value) { _registers.__pc = value; }
+  uint64_t  getIP() const         {
+      uint64_t value = _registers.__pc;
+#if __has_feature(ptrauth_calls)
+    // Note the value of the PC was signed to its address in the register state
+    // but everyone else expects it to be sign by the SP, so convert on return.
+    value = (uint64_t)ptrauth_auth_and_resign((void*)_registers.__pc,
+                                              ptrauth_key_return_address,
+                                              &_registers.__pc,
+                                              ptrauth_key_return_address,
+                                              getSP());
+#endif
+    return value;
+  }
+  void      setIP(uint64_t value) {
+#if __has_feature(ptrauth_calls)
+    // Note the value which was set should have been signed with the SP.
+    // We then resign with the slot we are being stored in to so that both SP and LR
+    // can't be spoofed at the same time.
+    value = (uint64_t)ptrauth_auth_and_resign((void*)value,
+                                              ptrauth_key_return_address,
+                                              getSP(),
+                                              ptrauth_key_return_address,
+                                              &_registers.__pc);
+#endif
+      _registers.__pc = value;
+  }
   uint64_t  getFP() const         { return _registers.__fp; }
   void      setFP(uint64_t value) { _registers.__fp = value; }
 
+  typedef uint64_t reg_t;
+  void      normalizeNewLinkRegister(reg_t& linkRegister, unw_word_t procInfoFlags) {
+    (void)linkRegister;
+    (void)procInfoFlags;
+#if __has_feature(ptrauth_calls)
+    if (procInfoFlags == ProcInfoFlags_IsARM64Image) {
+      // If the current frame is arm64e then the LR should have been signed by
+      // the SP.  In this case, we'll just leave it as is.  For other frames,
+      // we'll now sign the LR so that setIP below can assume all inputs are signed.
+      linkRegister = (uint64_t)ptrauth_sign_unauthenticated((void*)linkRegister,
+                                                            ptrauth_key_return_address,
+                                                            _registers.__sp);
+    }
+#endif
+  }
+
+  void      normalizeExistingLinkRegister(reg_t& linkRegister) {
+    (void)linkRegister;
+#if __has_feature(ptrauth_calls)
+    // If we are in an arm64/arm64e frame, then the PC should have been signed with the SP
+    linkRegister = (uint64_t)ptrauth_auth_data((void*)linkRegister, ptrauth_key_return_address, _registers.__sp);
+#endif
+  }
+
+  // arm64_32 and i386 simulator hack
+  void      normalizeNewLinkRegister(uint32_t&, unw_word_t) { }
+  void      normalizeExistingLinkRegister(uint32_t&) { }
+
 private:
   struct GPRs {
     uint64_t __x[29]; // x0-x28
@@ -1866,6 +1937,25 @@ inline Registers_arm64::Registers_arm64(const void *registers) {
   memcpy(_vectorHalfRegisters,
          static_cast<const uint8_t *>(registers) + sizeof(GPRs),
          sizeof(_vectorHalfRegisters));
+#if __has_feature(ptrauth_calls)
+  uint64_t pcRegister = 0;
+  memcpy(&pcRegister, ((uint8_t*)&_registers) + offsetof(GPRs, __pc), sizeof(pcRegister));
+  setIP(pcRegister);
+#endif
+}
+
+inline Registers_arm64::Registers_arm64(const Registers_arm64& other) {
+  *this = other;
+}
+
+inline Registers_arm64& Registers_arm64::operator=(const Registers_arm64& other) {
+  memcpy(&_registers, &other._registers, sizeof(_registers));
+  memcpy(_vectorHalfRegisters, &other._vectorHalfRegisters,
+         sizeof(_vectorHalfRegisters));
+#if __has_feature(ptrauth_calls)
+  setIP(other.getIP());
+#endif
+  return *this;
 }
 
 inline Registers_arm64::Registers_arm64() {
@@ -1891,7 +1981,7 @@ inline bool Registers_arm64::validRegister(int regNum) const {
 
 inline uint64_t Registers_arm64::getRegister(int regNum) const {
   if (regNum == UNW_REG_IP || regNum == UNW_AARCH64_PC)
-    return _registers.__pc;
+    return getIP();
   if (regNum == UNW_REG_SP || regNum == UNW_AARCH64_SP)
     return _registers.__sp;
   if (regNum == UNW_AARCH64_RA_SIGN_STATE)
@@ -1907,7 +1997,7 @@ inline uint64_t Registers_arm64::getRegister(int regNum) const {
 
 inline void Registers_arm64::setRegister(int regNum, uint64_t value) {
   if (regNum == UNW_REG_IP || regNum == UNW_AARCH64_PC)
-    _registers.__pc = value;
+    setIP(value);
   else if (regNum == UNW_REG_SP || regNum == UNW_AARCH64_SP)
     _registers.__sp = value;
   else if (regNum == UNW_AARCH64_RA_SIGN_STATE)
@@ -2129,6 +2219,10 @@ class _LIBUNWIND_HIDDEN Registers_arm {
   uint32_t  getIP() const         { return _registers.__pc; }
   void      setIP(uint32_t value) { _registers.__pc = value; }
 
+  typedef uint32_t reg_t;
+  void normalizeNewLinkRegister(reg_t&, unw_word_t) { }
+  void normalizeExistingLinkRegister(reg_t&) { }
+
   void saveVFPAsX() {
     assert(_use_X_for_vfp_save || !_saved_vfp_d0_d15);
     _use_X_for_vfp_save = true;