Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8277204: Implement PAC-RET branch protection on Linux/AArch64 #6334

Closed
wants to merge 34 commits into from
+1,445 −903
Closed

8277204: Implement PAC-RET branch protection on Linux/AArch64 #6334

Changes from 2 commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
9b05854
Build with branch protection
a74nh Oct 12, 2020
66b05a6
Add AArch64 ROP protection runtime flag
a74nh Oct 14, 2020
2c7e273
Add PAC assembly instructions
a74nh Nov 25, 2020
e0e3f66
8264130: PAC-RET protection for Linux/AArch64
a74nh Oct 19, 2020
29471d3
Simplify branch protection configure check
a74nh Nov 10, 2021
cfad2fe
Update UseROPProtection description
a74nh Nov 12, 2021
25e6249
Document pauth functions && remove OS split
a74nh Nov 11, 2021
2c27eb5
Merge master
a74nh Nov 15, 2021
a810ea7
Don't keep LR live across restore_live_registers
a74nh Nov 15, 2021
6f501e6
Fix windows aarch64 by restoring pauth file split
a74nh Nov 15, 2021
dbd6bda
Rename pauth_authenticate_or_strip_return_address
a74nh Nov 15, 2021
deb17a5
Merge master
a74nh Nov 16, 2021
280abc4
Merge master
a74nh Nov 22, 2021
995d8aa
Fix up UseROPProtection flag
a74nh Dec 1, 2021
38c08ef
Default to building without branch-protection
a74nh Dec 10, 2021
63f7515
Remove BSD/Apple specific code
a74nh Dec 10, 2021
9c4f349
Change UseROPProtection to UseBranchProtection
a74nh Dec 13, 2021
3cc2c5e
Fix assembler for post-merge
a74nh Jan 19, 2022
f6f8041
Merge master
a74nh Jan 20, 2022
83d2167
Fix GC issues
a74nh Jan 6, 2022
1479942
Fix jvmci tests
a74nh Jan 18, 2022
0b47654
Fix popframe failures
a74nh Jan 20, 2022
b792561
Fix up nits
a74nh Feb 1, 2022
78da1bd
Change pac-ret defaults on non PAC machines
a74nh Feb 2, 2022
6255d4c
Update copyrights to 2022
a74nh Feb 2, 2022
d97883b
Documentation updates
a74nh Feb 3, 2022
614a326
Review fixups
a74nh Feb 7, 2022
f779513
Merge enter_subframe into enter
a74nh Feb 8, 2022
001a8f1
Set PreserveFramePointer if use_rop_protection is set
a74nh Feb 7, 2022
2062cce
Add comments to enter calls
a74nh Feb 10, 2022
7f80f28
Error on -XX:-PreserveFramePointer -XX:UseBranchProtection=pac-ret
a74nh Feb 11, 2022
f9882ff
Merge master
a74nh Feb 21, 2022
97ae934
Merge master
a74nh Feb 22, 2022
c4e0ee3
Merge master
a74nh Feb 22, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions src/hotspot/cpu/aarch64/aarch64.ad
View file
Original file line number Diff line number Diff line change
@@ -1369,8 +1369,8 @@ source %{
_NO_SPECIAL_PTR_REG_mask.SUBTRACT(_HEAPBASE_REG_mask);
}

// r29 is not allocatable when PreserveFramePointer or ROP protection is on
if (PreserveFramePointer || VM_Version::use_rop_protection()) {
// r29 is not allocatable when PreserveFramePointer is on
if (PreserveFramePointer) {
_NO_SPECIAL_REG32_mask.Remove(OptoReg::as_OptoReg(r29->as_VMReg()));
_NO_SPECIAL_REG_mask.SUBTRACT(_FP_REG_mask);
_NO_SPECIAL_PTR_REG_mask.SUBTRACT(_FP_REG_mask);
@@ -1856,6 +1856,10 @@ void MachPrologNode::format(PhaseRegAlloc *ra_, outputStream *st) const {
if (C->output()->need_stack_bang(framesize))
st->print("# stack bang size=%d\n\t", framesize);

if (VM_Version::use_rop_protection()) {
st->print("ldr zr, [lr]\n\t");
st->print("pacia lr, rfp\n\t");
}
if (framesize < ((1 << 9) + 2 * wordSize)) {
st->print("sub sp, sp, #%d\n\t", framesize);
st->print("stp rfp, lr, [sp, #%d]", framesize - 2 * wordSize);
@@ -1964,6 +1968,10 @@ void MachEpilogNode::format(PhaseRegAlloc *ra_, outputStream *st) const {
st->print("add sp, sp, rscratch1\n\t");
st->print("ldp lr, rfp, [sp],#%d\n\t", (2 * wordSize));
}
if (VM_Version::use_rop_protection()) {
st->print("autia lr, rfp\n\t");
st->print("ldr zr, [lr]\n\t");
}

if (do_polling() && C->is_method_compilation()) {
st->print("# test polling word\n\t");
2 changes: 1 addition & 1 deletion src/hotspot/cpu/aarch64/gc/g1/g1BarrierSetAssembler_aarch64.cpp
View file
Original file line number Diff line number Diff line change
@@ -271,7 +271,7 @@ void G1BarrierSetAssembler::load_at(MacroAssembler* masm, DecoratorSet decorator
ModRefBarrierSetAssembler::load_at(masm, decorators, type, dst, src, tmp1, tmp_thread);
if (on_oop && on_reference) {
// LR is live. It must be saved around calls.
__ enter(true); // barrier may call runtime
__ enter(/*strip_ret_addr*/true); // barrier may call runtime
// Generate the G1 pre-barrier code to log the value of
// the referent field in an SATB buffer.
g1_write_barrier_pre(masm /* masm */,
4 changes: 2 additions & 2 deletions src/hotspot/cpu/aarch64/gc/shenandoah/shenandoahBarrierSetAssembler_aarch64.cpp
View file
Original file line number Diff line number Diff line change
@@ -237,7 +237,7 @@ void ShenandoahBarrierSetAssembler::load_reference_barrier(MacroAssembler* masm,
bool is_narrow = UseCompressedOops && !is_native;

Label heap_stable, not_cset;
__ enter(true);
__ enter(/*strip_ret_addr*/true);
Address gc_state(rthread, in_bytes(ShenandoahThreadLocalData::gc_state_offset()));
__ ldrb(rscratch2, gc_state);

@@ -359,7 +359,7 @@ void ShenandoahBarrierSetAssembler::load_at(MacroAssembler* masm, DecoratorSet d

// 3: apply keep-alive barrier if needed
if (ShenandoahBarrierSet::need_keep_alive_barrier(decorators, type)) {
__ enter(true);
__ enter(/*strip_ret_addr*/true);
__ push_call_clobbered_registers();
satb_write_barrier_pre(masm /* masm */,
noreg /* obj */,
2 changes: 1 addition & 1 deletion src/hotspot/cpu/aarch64/gc/z/zBarrierSetAssembler_aarch64.cpp
View file
Original file line number Diff line number Diff line change
@@ -78,7 +78,7 @@ void ZBarrierSetAssembler::load_at(MacroAssembler* masm,
__ tst(dst, rscratch1);
__ br(Assembler::EQ, done);

__ enter(true);
__ enter(/*strip_ret_addr*/true);

__ push_call_clobbered_registers_except(RegSet::of(dst));

8 changes: 5 additions & 3 deletions src/hotspot/cpu/aarch64/macroAssembler_aarch64.cpp
View file
Original file line number Diff line number Diff line change
@@ -5325,6 +5325,7 @@ void MacroAssembler::protect_return_address() {
//
void MacroAssembler::protect_return_address(Register return_reg, Register temp_reg) {
if (VM_Version::use_rop_protection()) {
assert(PreserveFramePointer, "PreserveFramePointer must be set for ROP protection");
check_return_address(return_reg);
ldr(temp_reg, Address(rfp));
pacia(return_reg, temp_reg);
@@ -5333,10 +5334,10 @@ void MacroAssembler::protect_return_address(Register return_reg, Register temp_r

// Authenticate the LR. Use before function return, after restoring FP and loading LR from memory.
//
void MacroAssembler::authenticate_return_address() {
void MacroAssembler::authenticate_return_address(Register return_reg) {
if (VM_Version::use_rop_protection()) {
autia(lr, rfp);
check_return_address();
autia(return_reg, rfp);
check_return_address(return_reg);
}
}

@@ -5347,6 +5348,7 @@ void MacroAssembler::authenticate_return_address() {
//
void MacroAssembler::authenticate_return_address(Register return_reg, Register temp_reg) {
if (VM_Version::use_rop_protection()) {
assert(PreserveFramePointer, "PreserveFramePointer must be set for ROP protection");
ldr(temp_reg, Address(rfp));
autia(return_reg, temp_reg);
check_return_address(return_reg);
2 changes: 1 addition & 1 deletion src/hotspot/cpu/aarch64/macroAssembler_aarch64.hpp
View file
Original file line number Diff line number Diff line change
@@ -694,7 +694,7 @@ class MacroAssembler: public Assembler {
// ROP Protection
void protect_return_address();
void protect_return_address(Register return_reg, Register temp_reg);
void authenticate_return_address();
void authenticate_return_address(Register return_reg = lr);
void authenticate_return_address(Register return_reg, Register temp_reg);
void strip_return_address();
void check_return_address(Register return_reg=lr) PRODUCT_RETURN;
1 change: 1 addition & 0 deletions src/hotspot/cpu/aarch64/sharedRuntime_aarch64.cpp
View file
Original file line number Diff line number Diff line change
@@ -2923,6 +2923,7 @@ void OptoRuntime::generate_exception_blob() {
// there are no callee save registers now that adapter frames are gone.
// and we dont' expect an arg reg save area
__ ldp(rfp, r3, Address(__ post(sp, 2 * wordSize)));
__ authenticate_return_address(r3);

// r0: exception handler

5 changes: 5 additions & 0 deletions src/hotspot/cpu/aarch64/vm_version_aarch64.cpp
View file
Original file line number Diff line number Diff line change
@@ -433,6 +433,11 @@ void VM_Version::initialize() {
vm_exit_during_initialization(err_msg("Unsupported UseBranchProtection: %s", UseBranchProtection));
}

// The frame pointer must be preserved for ROP protection.
if (_rop_protection == true) {
PreserveFramePointer = true;
}

#ifdef COMPILER2
if (FLAG_IS_DEFAULT(UseMultiplyToLenIntrinsic)) {
UseMultiplyToLenIntrinsic = true;