Skip to content

Commit

Permalink
i#5623 AArch64: Improve PAUTH transparency (DynamoRIO#6856)
Browse files Browse the repository at this point in the history
Previously direct/indirect branches with pointer authentication would be
mangled to strip the pointer authentication code from the address using
an xpaci instruction.

This means that code that might fail when running natively (because the
pointer authentication doesn't pass) could succeed under DynamoRIO
because the pointer was not being authenticated.

This commit changes the mangling code to use auti* instructions to
authenticate the pointer instead, and adds tests to check that it
behaves correctly for all the branch and authenticate instructions.

Issue: DynamoRIO#5623
Fixes: DynamoRIO#5623
Co-authored-by: Phil Ramsey <[email protected]>
  • Loading branch information
jackgallagher-arm and philramsey-arm authored Jun 28, 2024
1 parent 1b5bb42 commit 2e1d96b
Show file tree
Hide file tree
Showing 13 changed files with 772 additions and 51 deletions.
3 changes: 3 additions & 0 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -630,13 +630,16 @@ endif ()

set(proc_supports_sve OFF)
set(proc_supports_sve2 OFF)
set(proc_supports_pauth OFF)
if (AARCH64 AND UNIX)
set(CFLAGS_SVE "-march=armv8-a+sve")
set(CFLAGS_SVE2 "-march=armv8-a+sve2")
set(CFLAGS_PAUTH "-march=armv8.3-a -mbranch-protection=standard")
set(ASMFLAGS_SVE "-march=armv8-a+sve")
set(ASMFLAGS_SVE2 "-march=armv8-a+sve2")
check_sve_processor_and_compiler_support(proc_supports_sve proc_sve_vl)
check_sve2_processor_and_compiler_support(proc_supports_sve2)
check_pauth_processor_and_compiler_support(proc_supports_pauth)
endif ()

# Ensure that _AMD64_ or _X86_ are defined on Microsoft Windows, as otherwise
Expand Down
52 changes: 31 additions & 21 deletions api/samples/opcode_count.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -67,21 +67,32 @@ static droption_t<int>
"The opcode to consider when counting the number of times "
"the instruction is executed. Default opcode is set to add.");

#ifdef SHOW_RESULTS
static bool show_results_default = true;
#else
static bool show_results_default = false;
#endif

static droption_t<bool> show_results(DROPTION_SCOPE_CLIENT, "show_results",
show_results_default, "Print results to STDOUT",
"Print results to STDOUT.");

static uintptr_t global_opcode_count = 0;
static uintptr_t global_total_count = 0;

static void
event_exit(void)
{
#ifdef SHOW_RESULTS
char msg[512];
int len;
len = dr_snprintf(msg, sizeof(msg) / sizeof(msg[0]), "%u/%u instructions executed.",
global_opcode_count, global_total_count);
DR_ASSERT(len > 0);
NULL_TERMINATE(msg);
DISPLAY_STRING(msg);
#endif /* SHOW_RESULTS */
if (show_results.get_value()) {
char msg[512];
int len;
len =
dr_snprintf(msg, sizeof(msg) / sizeof(msg[0]), "%u/%u instructions executed.",
global_opcode_count, global_total_count);
DR_ASSERT(len > 0);
NULL_TERMINATE(msg);
DISPLAY_STRING(msg);
}
drx_exit();
drreg_exit();
drmgr_exit();
Expand Down Expand Up @@ -163,10 +174,8 @@ dr_client_main(client_id_t id, int argc, const char *argv[])
/* Get opcode and check if valid. */
int valid_opcode = dynamorio::samples::opcode.get_value();
if (valid_opcode < OP_FIRST || valid_opcode > OP_LAST) {
#ifdef SHOW_RESULTS
dr_fprintf(STDERR, "Error: give a valid opcode as a parameter.\n");
dr_abort();
#endif
}

drreg_options_t ops = { sizeof(ops), 1 /*max slots needed: aflags*/, false };
Expand All @@ -186,15 +195,16 @@ dr_client_main(client_id_t id, int argc, const char *argv[])

/* Make it easy to tell, by looking at log file, which client executed. */
dr_log(NULL, DR_LOG_ALL, 1, "Client 'opcode_count' initializing\n");
#ifdef SHOW_RESULTS
/* also give notification to stderr */
if (dr_is_notify_on()) {
# ifdef WINDOWS
/* Ask for best-effort printing to cmd window. This must be called at init. */
dr_enable_console_printing();
# endif
dr_fprintf(STDERR, "Client opcode_count is running and considering opcode: %d.\n",
valid_opcode);
}
if (dynamorio::samples::show_results.get_value()) {
/* also give notification to stderr */
if (dr_is_notify_on()) {
#ifdef WINDOWS
/* Ask for best-effort printing to cmd window. This must be called at init. */
dr_enable_console_printing();
#endif
dr_fprintf(STDERR,
"Client opcode_count is running and considering opcode: %d.\n",
valid_opcode);
}
}
}
33 changes: 23 additions & 10 deletions core/arch/aarch64/proc.c
Original file line number Diff line number Diff line change
Expand Up @@ -233,6 +233,8 @@ proc_init_arch(void)
LOG(GLOBAL, LOG_TOP, 1, "ID_AA64ISAR2_EL1 = 0x%016lx\n",
cpu_info.features.isa_features[AA64ISAR2]);
LOG_FEATURE(FEATURE_PAUTH2);
LOG_FEATURE(FEATURE_FPAC);
LOG_FEATURE(FEATURE_FPACCOMBINE);
LOG_FEATURE(FEATURE_CONSTPACFIELD);
LOG_FEATURE(FEATURE_WFxT);

Expand Down Expand Up @@ -276,16 +278,17 @@ void
enable_all_test_cpu_features()
{
const feature_bit_t features[] = {
FEATURE_LSE, FEATURE_RDM, FEATURE_FP16, FEATURE_DotProd,
FEATURE_SVE, FEATURE_LOR, FEATURE_FHM, FEATURE_SM3,
FEATURE_SM4, FEATURE_SHA512, FEATURE_SHA3, FEATURE_RAS,
FEATURE_SPE, FEATURE_PAUTH, FEATURE_LRCPC, FEATURE_LRCPC2,
FEATURE_BF16, FEATURE_I8MM, FEATURE_F64MM, FEATURE_FlagM,
FEATURE_JSCVT, FEATURE_DPB, FEATURE_DPB2, FEATURE_SVE2,
FEATURE_SVEAES, FEATURE_SVEBitPerm, FEATURE_SVESHA3, FEATURE_SVESM4,
FEATURE_MTE, FEATURE_BTI, FEATURE_FRINTTS, FEATURE_PAUTH2,
FEATURE_MTE2, FEATURE_FlagM2, FEATURE_CONSTPACFIELD, FEATURE_SSBS,
FEATURE_SSBS2, FEATURE_DIT, FEATURE_LSE2, FEATURE_WFxT
FEATURE_LSE, FEATURE_RDM, FEATURE_FP16, FEATURE_DotProd,
FEATURE_SVE, FEATURE_LOR, FEATURE_FHM, FEATURE_SM3,
FEATURE_SM4, FEATURE_SHA512, FEATURE_SHA3, FEATURE_RAS,
FEATURE_SPE, FEATURE_PAUTH, FEATURE_LRCPC, FEATURE_LRCPC2,
FEATURE_BF16, FEATURE_I8MM, FEATURE_F64MM, FEATURE_FlagM,
FEATURE_JSCVT, FEATURE_DPB, FEATURE_DPB2, FEATURE_SVE2,
FEATURE_SVEAES, FEATURE_SVEBitPerm, FEATURE_SVESHA3, FEATURE_SVESM4,
FEATURE_MTE, FEATURE_BTI, FEATURE_FRINTTS, FEATURE_PAUTH2,
FEATURE_MTE2, FEATURE_FlagM2, FEATURE_CONSTPACFIELD, FEATURE_SSBS,
FEATURE_SSBS2, FEATURE_DIT, FEATURE_LSE2, FEATURE_WFxT,
FEATURE_FPAC, FEATURE_FPACCOMBINE,
};
for (int i = 0; i < BUFFER_SIZE_ELEMENTS(features); ++i) {
proc_set_feature(features[i], true);
Expand Down Expand Up @@ -353,6 +356,16 @@ static uint32 feature_ids[] = {
DEF_FEAT(AA64ISAR1, 2, 3, FEAT_GR_EQ), /* API (IMP DEF algorithm) */
(FEATURE_I8MM << 16) |
DEF_FEAT(AA64ISAR1, 13, 1, FEAT_EQ), /* I8MM (Int8 Matrix mul.) */

(FEATURE_FPAC << 16) |
DEF_FEAT(AA64ISAR1, 1, 4, FEAT_GR_EQ), /* APA (QARMA5 - FPAC) */
(FEATURE_FPAC << 16) |
DEF_FEAT(AA64ISAR1, 2, 4, FEAT_GR_EQ), /* API (IMP DEF algorithm - FPAC) */

(FEATURE_FPACCOMBINE << 16) |
DEF_FEAT(AA64ISAR1, 1, 5, FEAT_GR_EQ), /* APA (QARMA5 - FPACCOMBINE) */
(FEATURE_FPACCOMBINE << 16) |
DEF_FEAT(AA64ISAR1, 2, 5, FEAT_GR_EQ), /* API (IMP DEF algorithm - FPACCOMBINE) */
};

static bool
Expand Down
Loading

0 comments on commit 2e1d96b

Please sign in to comment.