-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add AArch64 support for -fpatchable-function-entry #788
Comments
It's probably worth mentioning that the GCC implementation of this seems to be broken when used in combination with |
GCC BTI issue: |
@MaskRay has implemented this in:
The question about interplay between BTI and PFE still remains. |
The above patches have landed. It sounds like there may be more work involved for BTI interplay, and supporting a non-zero offset. |
Looks like Linaro's CI shows this regresses https://groups.google.com/d/msg/clang-built-linux/d8z5F3bkfR8/ZgU3gkKvBwAJ
creduce spits out... (lol) a() {} Original preprocessed file and interestingness test available here. |
cc @MaskRay (I added some more info to the report above). |
Should be fixed by llvm/llvm-project@7fa5290 GNU as and GNU ld lack important features that make such metadata sections work reliably. Without the features, I reported these a few months ago and now with Linux kernel, we see a strong need for them... https://sourceware.org/ml/binutils/2019-11/msg00266.html |
AArch64
support for-fpatchable-function-entry=N
was implemented in GCC in 2017 [1] and provides a mechanism to insert NOPs at the very beginning of each function, which in turn can be patched at runtime to allow functions to be 'hooked' prior to the prologue, along with their argument values. This is not something that can be done with the more traditional-pg
/'mcount'
approach, since the call to_mcount()
is only defined to occur as "as one of its [the function's] first operations" [2]. Some other architectures (notablyx86
), implement-mfentry
to solve this issue, but it's considerably less flexible.The
arm64
Linux kernel requires toolchain support for-fpatchable-function-entry
in order to support kernel live-patching viaCONFIG_FTRACE_WITH_REGS
, however it will also be needed in order to support the function graph tracer in the presence of pointer authentication for kernel functions. In this situation, it is necessary to rewrite the return address of the function from the entry hook, meaning that the return address must be authenticated/descrambled from the hook function which requires the unmodified stack pointer on entry to the function being hooked. For the same reasons as before, this is not something that is guaranteed by-pg
.[1] https://gcc.gnu.org/ml/gcc-patches/2017-07/msg00391.html
[2] https://sourceware.org/binutils/docs/gprof/Implementation.html#Implementation
The text was updated successfully, but these errors were encountered: