[Bug target/94891] aarch64: there is no way to strip PAC from a return address in c code

cvs-commit at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Mon Jul 13 12:50:17 GMT 2020


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94891

--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Szabolcs Nagy <nsz@gcc.gnu.org>:

https://gcc.gnu.org/g:b097c7a27fb0796b2653a1d003cbf6b7a69d8961

commit r11-2058-gb097c7a27fb0796b2653a1d003cbf6b7a69d8961
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date:   Thu Jun 4 09:33:35 2020 +0100

    libgcc: fix the handling of return address mangling [PR94891]

    Mangling, currently only used on AArch64 for return address signing,
    is an internal representation that should not be exposed via

      __builtin_return_address return value,
      __builtin_eh_return handler argument,
      _Unwind_DebugHook handler argument.

    Note that a mangled address might not even fit into a void *, e.g.
    with AArch64 ilp32 ABI the return address is stored as 64bit, so
    the mangled return address cannot be accessed via _Unwind_GetPtr.

    This patch changes the unwinder hooks as follows:

    MD_POST_EXTRACT_ROOT_ADDR is removed: root address comes from
    __builtin_return_address which is not mangled.

    MD_POST_EXTRACT_FRAME_ADDR is renamed to MD_DEMANGLE_RETURN_ADDR,
    it now operates on _Unwind_Word instead of void *, so the hook
    should work when return address signing is enabled on AArch64 ilp32.
    (But for that __builtin_aarch64_autia1716 should be fixed to operate
    on 64bit input instead of a void *.)

    MD_POST_FROB_EH_HANDLER_ADDR is removed: it is the responsibility of
    __builtin_eh_return to do the mangling if necessary.

    2020-07-13  Szabolcs Nagy  <szabolcs.nagy@arm.com>

    libgcc/ChangeLog:

            PR target/94891
            * config/aarch64/aarch64-unwind.h (MD_POST_EXTRACT_ROOT_ADDR):
Remove.
            (MD_POST_FROB_EH_HANDLER_ADDR): Remove.
            (MD_POST_EXTRACT_FRAME_ADDR): Rename to ...
            (MD_DEMANGLE_RETURN_ADDR): This.
            (aarch64_post_extract_frame_addr): Rename to ...
            (aarch64_demangle_return_addr): This.
            (aarch64_post_frob_eh_handler_addr): Remove.
            * unwind-dw2.c (uw_update_context): Demangle return address.
            (uw_frob_return_addr): Remove.


More information about the Gcc-bugs mailing list