RFR: 8264130: PAC-RET protection for Linux/AArch64 [v2]
Andrew Haley
aph at openjdk.java.net
Thu Nov 11 11:55:34 UTC 2021
On Thu, 11 Nov 2021 11:44:09 GMT, Alan Hayward <duke at openjdk.java.net> wrote:
>> Correction:
>> Using the most up to date ARM ARM G [ARM DDI 0487G.a (ID011921)]
>>
>> - The PAC functionality is described in ARM-ARM Section D5.1.5
>> - Overview of the PAC instructions is provided in section C3.1.10
>> - Detailed PAC instruction descriptions are provided in C6.2.208 - C6.2.212
>
> I'm thinking for references to the Arm Arm to use header titles instead of section numbers, as the titles should be more stable.
>
> Also probably need some description around the code in the pauth_aarch64.hpp too. But I want to make sure I'm not duplicating comments - maybe the macroassembler comments should point to the pauth_aarch64 comments.
>
> It didn't seen common in the code to describe instruction functionality, which is why I didn't add any. Agreed it needs something added though.
Yeah. At the definitions of `authenticate_return_address()` et al you can say what you expect in the normal case and what you expect when you've been hacked, along with an overview. I realize that it was a bit tricky to make this work with HotSpot because we're synthesizing return addresses just like hackers do, so a comment where we're patching return addresses would be nice.
As long as the instructions are easily findable in the docs that's good.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6334
More information about the build-dev
mailing list