Commit 35b4f3a0 authored by Georgia Kouveli's avatar Georgia Kouveli Committed by Commit Bot

[arm64][cfi] Enable `sim_abort_on_bad_auth` by default.

This requires a small fix in {Push,Pop}CalleeSavedRegisters, where
the return address was signed/authenticated at the wrong point,
which meant the stack pointer used as modifier was different from
the one the StackFrameIterator expected.

Bug: v8:10026
Change-Id: Idebd2ee8f07312b5e99dd2ea5181fc7a7e4a87bc
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2667861
Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com>
Reviewed-by: 's avatarJakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#72542}
parent 831fa62b
...@@ -1199,10 +1199,6 @@ void MacroAssembler::PeekPair(const CPURegister& dst1, const CPURegister& dst2, ...@@ -1199,10 +1199,6 @@ void MacroAssembler::PeekPair(const CPURegister& dst1, const CPURegister& dst2,
} }
void MacroAssembler::PushCalleeSavedRegisters() { void MacroAssembler::PushCalleeSavedRegisters() {
#ifdef V8_ENABLE_CONTROL_FLOW_INTEGRITY
Pacibsp();
#endif
{ {
// Ensure that the macro-assembler doesn't use any scratch registers. // Ensure that the macro-assembler doesn't use any scratch registers.
InstructionAccurateScope scope(this); InstructionAccurateScope scope(this);
...@@ -1224,6 +1220,12 @@ void MacroAssembler::PushCalleeSavedRegisters() { ...@@ -1224,6 +1220,12 @@ void MacroAssembler::PushCalleeSavedRegisters() {
EntryFrameConstants::kCalleeSavedRegisterBytesPushedBeforeFpLrPair == EntryFrameConstants::kCalleeSavedRegisterBytesPushedBeforeFpLrPair ==
18 * kSystemPointerSize); 18 * kSystemPointerSize);
#ifdef V8_ENABLE_CONTROL_FLOW_INTEGRITY
// Use the stack pointer's value immediately before pushing the LR as the
// context for signing it. This is what the StackFrameIterator expects.
pacibsp();
#endif
stp(x29, x30, tos); // fp, lr stp(x29, x30, tos); // fp, lr
STATIC_ASSERT( STATIC_ASSERT(
...@@ -1240,6 +1242,12 @@ void MacroAssembler::PopCalleeSavedRegisters() { ...@@ -1240,6 +1242,12 @@ void MacroAssembler::PopCalleeSavedRegisters() {
ldp(x29, x30, tos); // fp, lr ldp(x29, x30, tos); // fp, lr
#ifdef V8_ENABLE_CONTROL_FLOW_INTEGRITY
// The context (stack pointer value) for authenticating the LR here must
// match the one used for signing it (see `PushCalleeSavedRegisters`).
autibsp();
#endif
ldp(x19, x20, tos); ldp(x19, x20, tos);
ldp(x21, x22, tos); ldp(x21, x22, tos);
ldp(x23, x24, tos); ldp(x23, x24, tos);
...@@ -1251,10 +1259,6 @@ void MacroAssembler::PopCalleeSavedRegisters() { ...@@ -1251,10 +1259,6 @@ void MacroAssembler::PopCalleeSavedRegisters() {
ldp(d12, d13, tos); ldp(d12, d13, tos);
ldp(d14, d15, tos); ldp(d14, d15, tos);
} }
#ifdef V8_ENABLE_CONTROL_FLOW_INTEGRITY
Autibsp();
#endif
} }
void TurboAssembler::AssertSpAligned() { void TurboAssembler::AssertSpAligned() {
......
...@@ -1415,9 +1415,9 @@ DEFINE_BOOL(trace_sim_messages, false, ...@@ -1415,9 +1415,9 @@ DEFINE_BOOL(trace_sim_messages, false,
#if defined V8_TARGET_ARCH_ARM64 #if defined V8_TARGET_ARCH_ARM64
// pointer-auth-arm64.cc // pointer-auth-arm64.cc
DEFINE_DEBUG_BOOL(sim_abort_on_bad_auth, false, DEFINE_BOOL(sim_abort_on_bad_auth, true,
"Stop execution when a pointer authentication fails in the " "Stop execution when a pointer authentication fails in the "
"ARM64 simulator.") "ARM64 simulator.")
#endif #endif
// isolate.cc // isolate.cc
......
...@@ -11861,9 +11861,7 @@ TEST(system_msr) { ...@@ -11861,9 +11861,7 @@ TEST(system_msr) {
} }
TEST(system_pauth_b) { TEST(system_pauth_b) {
#ifdef DEBUG
i::FLAG_sim_abort_on_bad_auth = false; i::FLAG_sim_abort_on_bad_auth = false;
#endif
SETUP(); SETUP();
START(); START();
......
...@@ -30,9 +30,7 @@ TEST(compute_pac) { ...@@ -30,9 +30,7 @@ TEST(compute_pac) {
} }
TEST(add_and_auth_pac) { TEST(add_and_auth_pac) {
#ifdef DEBUG
i::FLAG_sim_abort_on_bad_auth = false; i::FLAG_sim_abort_on_bad_auth = false;
#endif
Decoder<DispatchingDecoderVisitor>* decoder = Decoder<DispatchingDecoderVisitor>* decoder =
new Decoder<DispatchingDecoderVisitor>(); new Decoder<DispatchingDecoderVisitor>();
Simulator simulator(decoder); Simulator simulator(decoder);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment