hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-23 03:21:06 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

arm64: Add PAC instruction macros

Browse Source 
To support Pointer Authentication (PAC) in assembly files add a pair of
macros that sign the link register. When used before storing to the
stack it will allow hardware to detect if it has changed before using
it in the return instruction.

Reviewed by:	markj, emaste
Sponsored by:	Arm Ltd
Differential Revision:	https://reviews.freebsd.org/D42226
This commit is contained in:
Andrew Turner 2023-10-12 10:48:38 +01:00
parent 82597d2102
commit 2b39a6f68c
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
sys/arm64/include/asm.h
View File

@ -142,6 +142,28 @@
#define BTI_J
#endif
/*
* To help protect against ROP attacks we can use Pointer Authentication
* to sign the return address before pushing it to the stack.
*
* PAC_LR_SIGN can be used at the start of a function to sign the link
* register with the stack pointer as the modifier. As this is in the hint
* space it is safe to use on CPUs that don't implement pointer
* authentication. It can be used in place of the BTI_C instruction above as
* a valid BTI landing pad instruction.
*
* PAC_LR_AUTH is used to authenticate the link register using the stack
* pointer as the modifier. It should be used in any function that uses
* PAC_LR_SIGN. The stack pointer must be identical in each case.
*/
#ifdef __ARM_FEATURE_PAC_DEFAULT
#define PAC_LR_SIGN hint #25 /* paciasp */
#define PAC_LR_AUTH hint #29 /* autiasp */
#else
#define PAC_LR_SIGN
#define PAC_LR_AUTH
#endif
/*
* GNU_PROPERTY_AARCH64_FEATURE_1_NOTE can be used to insert a note that
* the current assembly file is built with Pointer Authentication (PAC) or