From 9e84621321447c9d9c3ce7b0ffafff3c5ee7fcbe Mon Sep 17 00:00:00 2001 From: Swapnil Gaikwad Date: Mon, 8 Jun 2026 15:00:08 +0100 Subject: [PATCH 1/2] Arm64:[PAC-RET] Use hint-space instruction for stripping return address Fixes #7079 --- src/coreclr/vm/arm64/asmhelpers.S | 13 +++++++++---- src/coreclr/vm/arm64/asmhelpers.asm | 13 +++++++++---- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/src/coreclr/vm/arm64/asmhelpers.S b/src/coreclr/vm/arm64/asmhelpers.S index 880849df5c4564..6a52214aebe103 100644 --- a/src/coreclr/vm/arm64/asmhelpers.S +++ b/src/coreclr/vm/arm64/asmhelpers.S @@ -160,11 +160,16 @@ NESTED_END OnHijackTripThread, _TEXT // void* PacStripPtr(void *); // This function strips the pointer of PAC info that is passed as an argument. // We prefer to strip a pointer where it's not going to be used to branch execution to. +// It is a no-op on non-PAC enabled machines. .arch_extension pauth - LEAF_ENTRY PacStripPtr, _TEXT - xpaci x0 - ret - LEAF_END PacStripPtr, _TEXT + NESTED_ENTRY PacStripPtr, _TEXT, NoHandler + PROLOG_SAVE_REG_PAIR_INDEXED fp, lr, -16 + mov lr, x0 + xpaclri + mov x0, lr + EPILOG_RESTORE_REG_PAIR_INDEXED fp, lr, 16 + EPILOG_RETURN + NESTED_END PacStripPtr, _TEXT // void* PacSignPtr(void *, void *); // This function signs the input pointer using x1 as salt. It is a no-op on non-PAC enabled machines. diff --git a/src/coreclr/vm/arm64/asmhelpers.asm b/src/coreclr/vm/arm64/asmhelpers.asm index 429037381b0040..f1e8174ced6795 100644 --- a/src/coreclr/vm/arm64/asmhelpers.asm +++ b/src/coreclr/vm/arm64/asmhelpers.asm @@ -323,10 +323,15 @@ OnHijackTripThreadReturn ; void* PacStripPtr(void *); ; This function strips the pointer of PAC info that is passed as an argument. ; We prefer to strip a pointer where it's not going to be used to branch execution to. - LEAF_ENTRY PacStripPtr - DCD 0xDAC143E0 ; xpaci x0 instruction in binary to avoid requiring PAC-enabled assemblers - ret - LEAF_END PacStripPtr +; It is a no-op on non-PAC enabled machines. + NESTED_ENTRY PacStripPtr + PROLOG_SAVE_REG_PAIR_INDEXED fp, lr, #-16! + mov lr, x0 + DCD 0xD50320FF ; xpaclri instruction in binary to avoid requiring PAC-enabled assemblers + mov x0, lr + EPILOG_RESTORE_REG_PAIR_INDEXED fp, lr, 16 + EPILOG_RETURN + NESTED_END ; void* PacSignPtr(void *, void *); ; This function signs the input pointer using x1 as salt. It is a no-op on non-PAC enabled machines. From 19f10f21020c5b14dafaa3573be2d65929e83544 Mon Sep 17 00:00:00 2001 From: Swapnil Gaikwad Date: Mon, 8 Jun 2026 16:13:35 +0100 Subject: [PATCH 2/2] Fix build errors on Windows --- src/coreclr/vm/arm64/asmhelpers.asm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/coreclr/vm/arm64/asmhelpers.asm b/src/coreclr/vm/arm64/asmhelpers.asm index f1e8174ced6795..39cd2b2046ae38 100644 --- a/src/coreclr/vm/arm64/asmhelpers.asm +++ b/src/coreclr/vm/arm64/asmhelpers.asm @@ -325,11 +325,11 @@ OnHijackTripThreadReturn ; We prefer to strip a pointer where it's not going to be used to branch execution to. ; It is a no-op on non-PAC enabled machines. NESTED_ENTRY PacStripPtr - PROLOG_SAVE_REG_PAIR_INDEXED fp, lr, #-16! + PROLOG_SAVE_REG_PAIR fp, lr, #-16! mov lr, x0 DCD 0xD50320FF ; xpaclri instruction in binary to avoid requiring PAC-enabled assemblers mov x0, lr - EPILOG_RESTORE_REG_PAIR_INDEXED fp, lr, 16 + EPILOG_RESTORE_REG_PAIR fp, lr, #16! EPILOG_RETURN NESTED_END