patches/cherry/201550852be4d4213d733316c38c0a7335b0d14c.patch - toolchain/llvm_android - Git at Google

 From 201550852be4d4213d733316c38c0a7335b0d14c Mon Sep 17 00:00:00 2001
 From: Daniel Kiss <daniel.kiss@arm.com>
 Date: Wed, 10 Mar 2021 16:39:14 +0100
 Subject: [PATCH] [AArch64][compiler-rt] Add Pointer Authentication support for
  VFORK.
 X-ARM-No-Footer: FoSSMail

 The LR is stored to off-stack spill area where it is vulnerable.
 "paciasp" add an auth code to the LR while the "autiasp" verifies that so
 LR can't be modiifed on the spill area.

 Test: build with -DCMAKE_C_FLAGS="-mbranch-protection=standard",
 run on Armv8.3 capable hardware with PAuth.

 Reviewed By: eugenis

 Differential Revision: https://reviews.llvm.org/D98009
 ---
  .../sanitizer_common_interceptors_vfork_aarch64.inc.S        | 5 +++++
  1 file changed, 5 insertions(+)

 diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors_vfork_aarch64.inc.S b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors_vfork_aarch64.inc.S
 index 20f42f1ea94e..8a96e2d4aa95 100644
 --- a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors_vfork_aarch64.inc.S
 +++ b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors_vfork_aarch64.inc.S
 @@ -1,6 +1,7 @@
  #if defined(__aarch64__) && defined(__linux__)

  #include "sanitizer_common/sanitizer_asm.h"
 +#include "builtins/assembly.h"

  ASM_HIDDEN(COMMON_INTERCEPTOR_SPILL_AREA)

 @@ -9,6 +10,7 @@ ASM_HIDDEN(COMMON_INTERCEPTOR_SPILL_AREA)
  ASM_TYPE_FUNCTION(ASM_WRAPPER_NAME(vfork))
  ASM_WRAPPER_NAME(vfork):
          // Save x30 in the off-stack spill area.
 +        paciasp
          stp     xzr, x30, [sp, #-16]!
          bl      COMMON_INTERCEPTOR_SPILL_AREA
          ldp     xzr, x30, [sp], 16
 @@ -33,6 +35,7 @@ ASM_WRAPPER_NAME(vfork):
          bl     COMMON_INTERCEPTOR_SPILL_AREA
          ldr    x30, [x0]
          ldp    x0, xzr, [sp], 16
 +        autiasp

          ret
  ASM_SIZE(vfork)
 @@ -40,4 +43,6 @@ ASM_SIZE(vfork)
  .weak vfork
  .set vfork, ASM_WRAPPER_NAME(vfork)

 +GNU_PROPERTY_BTI_PAC
 +
  #endif
 --
 2.25.1
	From 201550852be4d4213d733316c38c0a7335b0d14c Mon Sep 17 00:00:00 2001
	From: Daniel Kiss <daniel.kiss@arm.com>
	Date: Wed, 10 Mar 2021 16:39:14 +0100
	Subject: [PATCH] [AArch64][compiler-rt] Add Pointer Authentication support for
	VFORK.
	X-ARM-No-Footer: FoSSMail

	The LR is stored to off-stack spill area where it is vulnerable.
	"paciasp" add an auth code to the LR while the "autiasp" verifies that so
	LR can't be modiifed on the spill area.

	Test: build with -DCMAKE_C_FLAGS="-mbranch-protection=standard",
	run on Armv8.3 capable hardware with PAuth.

	Reviewed By: eugenis

	Differential Revision: https://reviews.llvm.org/D98009
	---
	.../sanitizer_common_interceptors_vfork_aarch64.inc.S \| 5 +++++
	1 file changed, 5 insertions(+)

	diff --git a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors_vfork_aarch64.inc.S b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors_vfork_aarch64.inc.S
	index 20f42f1ea94e..8a96e2d4aa95 100644
	--- a/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors_vfork_aarch64.inc.S
	+++ b/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors_vfork_aarch64.inc.S
	@@ -1,6 +1,7 @@
	#if defined(__aarch64__) && defined(__linux__)

	#include "sanitizer_common/sanitizer_asm.h"
	+#include "builtins/assembly.h"

	ASM_HIDDEN(COMMON_INTERCEPTOR_SPILL_AREA)

	@@ -9,6 +10,7 @@ ASM_HIDDEN(COMMON_INTERCEPTOR_SPILL_AREA)
	ASM_TYPE_FUNCTION(ASM_WRAPPER_NAME(vfork))
	ASM_WRAPPER_NAME(vfork):
	// Save x30 in the off-stack spill area.
	+ paciasp
	stp xzr, x30, [sp, #-16]!
	bl COMMON_INTERCEPTOR_SPILL_AREA
	ldp xzr, x30, [sp], 16
	@@ -33,6 +35,7 @@ ASM_WRAPPER_NAME(vfork):
	bl COMMON_INTERCEPTOR_SPILL_AREA
	ldr x30, [x0]
	ldp x0, xzr, [sp], 16
	+ autiasp

	ret
	ASM_SIZE(vfork)
	@@ -40,4 +43,6 @@ ASM_SIZE(vfork)
	.weak vfork
	.set vfork, ASM_WRAPPER_NAME(vfork)

	+GNU_PROPERTY_BTI_PAC
	+
	#endif
	--
	2.25.1