- 08 Jan, 2021 1 commit
-
-
Georgia Kouveli authored
In a couple of places we cast between uintptr_t and uint64_t with a reinterpret_cast. While this is correct when these types are aliased to the same type, if they are defined to be different integral types (while still of the same size), reinterpet_cast won't work. Change-Id: I6e935c6c263d8df16f88659ac285faeb5e073add Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2614678Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#71988}
-
- 19 Aug, 2020 1 commit
-
-
Salome Thirot authored
When CFI is enabled this adds a check against this list whenever a new return address must be set in a deoptimized frame, as a mitigation for ROP attacks. The list is known at linking time so that its content and the pointer to it can be stored in a read-only memory section. The check is performed in the signing function, which is no longer generic, as well as when setting the current pc of the frame. Since the pc is now only signed when setting the caller's pc, there is no need for ReplaceContext anymore. Bug: v8:10026 Change-Id: I5e85a62b94722051716fdeba476db383c702a318 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2287490Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Rodolph Perfetta <rodolph.perfetta@arm.com> Cr-Commit-Position: refs/heads/master@{#69478}
-
- 16 Jun, 2020 1 commit
-
-
Georgia Kouveli authored
The C++ code uses the A instruction key for return address signing, which is the default for Clang and GCC when the -mbranch-protection option is used (although this can be configured to use the B key). Using the B key for JS means that it's not possible to use an A key signing gadget to replace a return address signed with the B key and vice-versa. This should offer a degree of separation from the C++ side. Bug: v8:10026 Change-Id: Ia9dcc7ae7096c96b4a271efbe25fc02940f6fc8e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2242953Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#68360}
-
- 13 Feb, 2020 1 commit
-
-
Georgia Kouveli authored
This is a reland of 137bfe47 Original change's description: > [arm64] Protect return addresses stored on stack > > This change uses the Arm v8.3 pointer authentication instructions in > order to protect return addresses stored on the stack. The generated > code signs the return address before storing on the stack and > authenticates it after loading it. This also changes the stack frame > iterator in order to authenticate stored return addresses and re-sign > them when needed, as well as the deoptimizer in order to sign saved > return addresses when creating new frames. This offers a level of > protection against ROP attacks. > > This functionality is enabled with the v8_control_flow_integrity flag > that this CL introduces. > > The code size effect of this change is small for Octane (up to 2% in > some cases but mostly much lower) and negligible for larger benchmarks, > however code size measurements are rather noisy. The performance impact > on current cores (where the instructions are NOPs) is single digit, > around 1-2% for ARES-6 and Octane, and tends to be smaller for big > cores than for little cores. > > Bug: v8:10026 > Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 > Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66239} Bug: v8:10026 Change-Id: Id1adfa2e6c713f6977d69aa467986e48fe67b3c2 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051958Reviewed-by:
Georg Neis <neis@chromium.org> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Cr-Commit-Position: refs/heads/master@{#66254}
-
- 12 Feb, 2020 2 commits
-
-
Nico Hartmann authored
This reverts commit 137bfe47. Reason for revert: https://ci.chromium.org/p/v8/builders/ci/V8%20Arm%20-%20debug/13072 Original change's description: > [arm64] Protect return addresses stored on stack > > This change uses the Arm v8.3 pointer authentication instructions in > order to protect return addresses stored on the stack. The generated > code signs the return address before storing on the stack and > authenticates it after loading it. This also changes the stack frame > iterator in order to authenticate stored return addresses and re-sign > them when needed, as well as the deoptimizer in order to sign saved > return addresses when creating new frames. This offers a level of > protection against ROP attacks. > > This functionality is enabled with the v8_control_flow_integrity flag > that this CL introduces. > > The code size effect of this change is small for Octane (up to 2% in > some cases but mostly much lower) and negligible for larger benchmarks, > however code size measurements are rather noisy. The performance impact > on current cores (where the instructions are NOPs) is single digit, > around 1-2% for ARES-6 and Octane, and tends to be smaller for big > cores than for little cores. > > Bug: v8:10026 > Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 > Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> > Reviewed-by: Ross McIlroy <rmcilroy@chromium.org> > Reviewed-by: Georg Neis <neis@chromium.org> > Cr-Commit-Position: refs/heads/master@{#66239} TBR=rmcilroy@chromium.org,mstarzinger@chromium.org,neis@chromium.org,georgia.kouveli@arm.com Change-Id: I57d5928949b0d403774550b9bf7dc0b08ce4e703 No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: v8:10026 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2051952Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Nico Hartmann <nicohartmann@chromium.org> Cr-Commit-Position: refs/heads/master@{#66242}
-
Georgia Kouveli authored
This change uses the Arm v8.3 pointer authentication instructions in order to protect return addresses stored on the stack. The generated code signs the return address before storing on the stack and authenticates it after loading it. This also changes the stack frame iterator in order to authenticate stored return addresses and re-sign them when needed, as well as the deoptimizer in order to sign saved return addresses when creating new frames. This offers a level of protection against ROP attacks. This functionality is enabled with the v8_control_flow_integrity flag that this CL introduces. The code size effect of this change is small for Octane (up to 2% in some cases but mostly much lower) and negligible for larger benchmarks, however code size measurements are rather noisy. The performance impact on current cores (where the instructions are NOPs) is single digit, around 1-2% for ARES-6 and Octane, and tends to be smaller for big cores than for little cores. Bug: v8:10026 Change-Id: I0081f3938c56e2f24d8227e4640032749f4f8368 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1373782 Commit-Queue: Georgia Kouveli <georgia.kouveli@arm.com> Reviewed-by:
Ross McIlroy <rmcilroy@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#66239}
-