AArch64 BTI support - No BTI after setjmp #48888
Comments
|
As I understand it there is a trade off between adding a BTI after a call to setjmp which permits setjmp to return with an indirect jump, but also means there are more gadgets in the program, the address in the jump_buf could be retrieved and branched to. For example the Bionic implementation of longjump returns with a ret which means a BTI is not needed https://android.googlesource.com/platform/bionic/+/refs/heads/master/libc/arch-arm64/bionic/setjmp.S Having said that, if the compiler doesn't know what libc is being used it should assume that it might need a BTI and insert one after setjmp. If it does happen to know, such as when Android is used, then it won't need to. So I agree we should do this. I couldn't give you a commitment of when it will happen though. |
|
I've just started to look at doing this. https://reviews.llvm.org/D112427 did the same thing for Arm 32 bit M profile targets so I will base it on that. Then we can have the clang side drivers set it if we know what that platform's C lib does. Showing the difference: https://godbolt.org/z/PzMhvo6WM |
|
@llvm/issue-subscribers-backend-AArch64 |
Reverting to using swapcontext() when compiling with clang on BTI-enabled builds fixes the BTI setjmp() failure seen when running asynctest. The issue with setjmp/longjmp is a known clang bug: see llvm/llvm-project#48888 Change-Id: I6eeaaa2e15f402789f1b3e742038f84bef846e29
Reverting to using swapcontext() when compiling with clang on BTI-enabled builds fixes the BTI setjmp() failure seen when running asynctest. The issue with setjmp/longjmp is a known clang bug: see llvm/llvm-project#48888 Change-Id: I6eeaaa2e15f402789f1b3e742038f84bef846e29 Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from #17698) (cherry picked from commit d2d2401)
Reverting to using swapcontext() when compiling with clang on BTI-enabled builds fixes the BTI setjmp() failure seen when running asynctest. The issue with setjmp/longjmp is a known clang bug: see llvm/llvm-project#48888 Change-Id: I6eeaaa2e15f402789f1b3e742038f84bef846e29 Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from #17698)
DavidSpickett
changed the title
|
OP-TEE workaround for future reference: OP-TEE/optee_os@30e743f I now have a working patch just need to see how to add GlobalIsel support as well. |
|
This has landed on main, I will request a backport to 14 tomorrow if the buildbots don't bring up anything else. |
|
/cherry-pick c3b9819 |
|
Failed to cherry-pick: c3b9819 https://github.com/llvm/llvm-project/actions/runs/2033442748 Please manually backport the fix and push it to your github fork. Once this is done, please add a comment like this:
|
|
/branch DavidSpickett/llvm-project/setjmp-bti-llvm-14 |
|
/pull-request llvmbot#132 |
|
@TNorthover What do you think about backporting this? c3b9819 |
|
I think it looks OK. |
|
@DavidSpickett Can you rebase your branch. |
|
Done. |
|
I see the change on 14.x now so I've removed it from main's release notes 218b5c8. |
|
Closing now that this has gone into 14.0.2. |
Extended Description
When enabling the -mbranch-protection={bti,standard} option in Clang, BTI/PAC instruction are well inserted at each function entry, which works well.
However, the setjmp/longjmp API is not supported while it is in the GNU GCC compiler (see https://gcc.gnu.org/legacy-ml/gcc-patches/2018-11/msg02472.html).
To work properly, a BTI instruction must be added after each call to setjmp function. I have not found any reference to similar in Clang.
While this code is under fixing, is it possible to build a Clang/LLVM module to add instruction right after these setjmp calls ?
The text was updated successfully, but these errors were encountered: