RFR: 8264130: PAC-RET protection for Linux/AArch64 [v4]
Andrew Haley
aph at openjdk.java.net
Mon Nov 15 11:33:41 UTC 2021
On Mon, 15 Nov 2021 11:21:37 GMT, Alan Hayward <duke at openjdk.java.net> wrote:
>> src/hotspot/cpu/aarch64/c1_Runtime1_aarch64.cpp line 452:
>>
>>> 450: // patch the return address, this stub will directly return to the exception handler
>>> 451: __ str(r0, Address(rfp, 1*BytesPerWord));
>>> 452:
>>
>> Please explain the reason for this change, that leaves `lr` live across `restore_live_registers()`.
>
> In the original code:
> *save r0 to the lr location on the stack
> *restore_live_registers
> *Standard return: remove stack frame, load lr and fp off the stack, jump to lr.
>
> With PAC it would now be:
> *Sign r0 then save it to the lr location on the stack
> *restore_live_registers
> *Standard return: remove stack frame, load lr and fp off the stack, auth lr, jump to lr.
>
> After reading the code in restore_live_registers, it doesn't touch lr and so seemed odd to have the save to the stack, only to restore it directly afterwards.
That's an optimization, though. You shouldn't need to read the code in `restore_live_registers()` to see if it's safe to keep the return address in LR: at best it's pathological coupling, in the sense that the correctness of this code depends on the internal details of `restore_live_registers()`. Let's keep LR live ranges as short as possible.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6334
More information about the build-dev
mailing list