[WIP] pac ty disc#158567
Conversation
This comment has been minimized.
This comment has been minimized.
| cv: Scalar, | ||
| layout: abi::Scalar, | ||
| llty: Self::Type, | ||
| schema: Option<PointerAuthSchema>, |
There was a problem hiding this comment.
This function should have access to the Session already through self.tcx.sess.
| fn get_fn_addr( | ||
| &self, | ||
| instance: Instance<'tcx>, | ||
| pointer_auth_schema: Option<PointerAuthSchema>, |
There was a problem hiding this comment.
2d3b257 to
f5fa52a
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
d6ce62a to
755b0b7
Compare
This comment has been minimized.
This comment has been minimized.
755b0b7 to
c3fd17f
Compare
This comment has been minimized.
This comment has been minimized.
c3fd17f to
8b6e351
Compare
This comment has been minimized.
This comment has been minimized.
8b6e351 to
5b8ba19
Compare
This comment has been minimized.
This comment has been minimized.
5b8ba19 to
9545275
Compare
4301abb to
9545275
Compare
| _new_key: u32, | ||
| _new_discriminator: u64, | ||
| ) -> Self::Value { | ||
| bug!("Resigning of pointers not implemented"); |
There was a problem hiding this comment.
Is there a test for this (ensuring that it's not supported) or is it infeasible to reach this path?
There was a problem hiding this comment.
It is not a user facing function, so the only way it could be triggered is if we wrote incorrect code within the compiler itself, hence the bug!. The relevant call chain for this function starts inside codegen_transmute and is guarded by a function pointer support check.
| // Direct function pointer. | ||
| if let Some(input) = build_fn_ptr_type_discriminator_input(tcx, ty) { | ||
| // Only support about extern "C". | ||
| if matches!(input.abi(), ExternAbi::C { .. } | ExternAbi::System { .. }) { |
There was a problem hiding this comment.
Could you please explain what ExternAbi::System stands for? I would appreciate if you also refer me to the corresponding test
There was a problem hiding this comment.
System means the platform’s default system ABI for foreign functions, whatever the platform uses by default for system libraries. I was told in one of the PRs that for all practical cases they should match. Hence the inclusion of both.
The docs.
|
|
||
| let address_space = cx.tcx.global_alloc(prov.alloc_id()).address_space(cx); | ||
| let schema = if cx.sess().pointer_authentication() { | ||
| let mut schema = if cx.sess().pointer_authentication() { |
There was a problem hiding this comment.
Why do we need mut here?
There was a problem hiding this comment.
Because we then retrieve the discriminator and store it in the schema.
| operand: OperandRef<'tcx, Bx::Value>, | ||
| cast: TyAndLayout<'tcx>, | ||
| ) -> OperandValue<Bx::Value> { | ||
| debug!( |
There was a problem hiding this comment.
Is this intended to be included in the PR or is it a development-stage-only debug printing?
There was a problem hiding this comment.
Intended. This serves the same purpose as LLVM_DEBUG(dbgs()...) in llvm.
| pub mod middle; | ||
| pub mod mir; | ||
| pub mod mono; | ||
| pub mod ptrauth; |
There was a problem hiding this comment.
There are no other changes in the file - so, is this actually needed?
There was a problem hiding this comment.
Yes.
This says something along the lines of: "There is a module called ptrauth, and it should be included in the library’s public interface.If you go toptrauthdirectory you'll see themod.rs` which in turns tells us what is publicly exported from the module.
So the flow of visibility is: lib.rs -> ptrauth -> discriminator / llvm_siphash (where the last two are controlled by https://github.com/jchlanda/rust/blob/9545275cededc9e307c61ef9d640d256ae59eab3/compiler/rustc_middle/src/ptrauth/mod.rs#L5)
There was a problem hiding this comment.
This deleted test should also be removed from the markdown documentation file which includes it in test coverage
There was a problem hiding this comment.
Yeap, need to work on that file a bit more.
| pub c_variadic: bool, | ||
|
|
||
| /// Computed type discriminator for pointer authentication purpose. | ||
| pub type_discriminator: u64, |
There was a problem hiding this comment.
It's probably worth prefixing ptrauth-related things with smth like ptrauth_ in such "generic" places (which are not ptrauth-specific). A comment here contains explanation, but when constructing struct objects we have type_discriminator: XXX which non-ptrauth-aware reader would not easily understand
There was a problem hiding this comment.
OK, renamed to ptrauth_type_discriminator.
| fixed_count: self.fixed_count, | ||
| conv: self.conv.stable(tables, cx), | ||
| c_variadic: self.c_variadic, | ||
| type_discriminator: 0, |
There was a problem hiding this comment.
Could you please explain why we have 0 here and are there any cases when non-zero discriminator would be needed here?
There was a problem hiding this comment.
I think you are on to something. There are 3 structs with the same name (FnAbi): public, callconv and gcc. I wonder if we could get away with only extending callconv.
I'll get back to you on this one.
There was a problem hiding this comment.
Yeap, the only one we need is the callconv, refactored.
| fixed_count: 3, | ||
| conv: CanonAbi::C, | ||
| can_unwind: false, | ||
| type_discriminator: 0, |
There was a problem hiding this comment.
Probably deserves a comment that it's just a placeholder value since gcc backend is not supported for pointer authentication (if I got your reasoning right)
| fn_ptr_discriminators.as_ref().and_then(|m| m.get(Size::from_bytes(offset as u64))); | ||
|
|
||
| if let (Some(schema), Some(discr)) = (schema.as_mut(), discr) { | ||
| schema.constant_discriminator = discr as u16; |
There was a problem hiding this comment.
Does this override discriminator value for init/fini if fn ptr type discr is enabled? If so, it looks diverging from how clang handles this - and my understanding is that it actually makes sense to have hard-coded separate discriminator for init/fini since these are (a) known type (b) we need to know discriminator in dynamic loader.
There was a problem hiding this comment.
Are you saying that discriminator for init/fini must always be 0xd9d4, regardless if fn ptr type discrimination is on or not? If so, than we've got a bug, as it would be indeed overridden. Let me see what clang does and come back to you.
There was a problem hiding this comment.
Right, we do have a bug. Clang does:
- no init/fini, no fn ptr ty disc:
@llvm.global_ctors = appending global [1 x { i32, ptr, ptr }] [{ i32, ptr, ptr } { i32 90, ptr @foo, ptr null }]- init/fini, no fn ptr ty disc:
@llvm.global_ctors = appending global [1 x { i32, ptr, ptr }] [{ i32, ptr, ptr } { i32 90, ptr ptrauth (ptr @foo, i32 0, i64 55764, ptr inttoptr (i64 1 to ptr)), ptr null }]- no init/fini, fn ptr ty disc:
@llvm.global_ctors = appending global [1 x { i32, ptr, ptr }] [{ i32, ptr, ptr } { i32 90, ptr @foo, ptr null }]- init/fini, fn ptr ty disc:
@llvm.global_ctors = appending global [1 x { i32, ptr, ptr }] [{ i32, ptr, ptr } { i32 90, ptr ptrauth (ptr @foo, i32 0, i64 55764, ptr inttoptr (i64 1 to ptr)), ptr null }]I'll have to fix that in rust.
There was a problem hiding this comment.
OK, fixed now, extended the test with O{0|3}_PAUTH-INIT-FINI-FN-TY-DISC.
This comment has been minimized.
This comment has been minimized.
3a40e3c to
697c5ce
Compare
This patch brings: * unified handling of pointer authentication options through: `-Zpointer-authentication`, with possible values: `aarch64-jump-table-hardening`, `auth-traps`, `calls`, `elf-got`, `function-pointer-type-discrimination`, `indirect-gotos`, `init-fini`, `init-fini-address-discrimination`, `return-addresses`. Toggled with `+`/`-`. * centralized handling of pointer authentication features. Session holds `pointer_auth_config: Option<PointerAuthConfig>` * encapsulation of schema for function pointers and init/fini through `PointerAuthSchema`. This allowed for retiring of `PacMetadata`. * refactor enabling of pointer authentication in code, instead of relying on the target (`pauthtest`) use the session
- warning on unsupported test - error on type discrimination - removal of PointerAuthKind
Also improve the API design of pointer_authentication_functions, by making it return Option<&PointerAuthSchema>, rather than bool.
697c5ce to
eef2752
Compare
Alongside Rust implementation of LLVM's SipHash-2-4.
This is only to be used when emitting an operand bundle, which might not have access to an Instance of the function, but for which FnAbi is guaranteed to be correct.
Start moving away from global schema, by cloning it into users. Helpers for fn ptr type discrimination status and value of the key.
This is a move away from a blind bitcast between the types. Now, when dealing with function pointers, transmute will detect a domain change (change of fn ptr type) and issue resigning.
eef2752 to
96d5f58
Compare
View all comments