• Georgia Kouveli's avatar
    [arm64] Protect return addresses stored on stack · 137bfe47
    Georgia Kouveli authored
    This change uses the Arm v8.3 pointer authentication instructions in
    order to protect return addresses stored on the stack.  The generated
    code signs the return address before storing on the stack and
    authenticates it after loading it. This also changes the stack frame
    iterator in order to authenticate stored return addresses and re-sign
    them when needed, as well as the deoptimizer in order to sign saved
    return addresses when creating new frames. This offers a level of
    protection against ROP attacks.
    
    This functionality is enabled with the v8_control_flow_integrity flag
    that this CL introduces.
    
    The code size effect of this change is small for Octane (up to 2% in
    some cases but mostly much lower) and negligible for larger benchmarks,
    however code size measurements are rather noisy. The performance impact
    on current cores (where the instructions are NOPs) is single digit,
    around 1-2% for ARES-6 and Octane, and tends to be smaller for big
    cores than for little cores.
    
    Bug: v8:10026
    Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782
    Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
    Reviewed-by: 's avatarRoss McIlroy <rmcilroy@chromium.org>
    Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#66239}
    137bfe47
test-unwinder-code-pages.cc 24.3 KB