i#1551 ARM, i#1569 AArch64: Fix call_with_retaddr and ret_noncall_tra…

…ce.c. In call_with_retaddr, make a pointer to the return address on the stack. Review-URL: https://codereview.appspot.com/296270044
DynamoRIO · Jun 2, 2016 · 7007d24 · 7007d24
1 parent 8b29fdc
commit 7007d24
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 11 deletions.
diff --git a/suite/tests/CMakeLists.txt b/suite/tests/CMakeLists.txt
@@ -2892,9 +2892,8 @@ if (VPS) # relies on being aborted on .B violation
   tobuild(security-common.jmp_from_trace security-common/jmp_from_trace.c)
   tochcon(security-common.jmp_from_trace textrel_shlib_t)
 endif (VPS)
+tobuild(security-common.ret_noncall_trace security-common/ret_noncall_trace.c)
 if (NOT ARM) # FIXME i#1551: fix bugs on ARM
-  tobuild(security-common.ret_noncall_trace security-common/ret_noncall_trace.c)
-
   # FIXME i#1423: somehow when built with VS2013 x64 you can't catch a fault on
   # jumping to an invalid address!  For now we disable for VS2013 x64.
   # It also seems to fail on win8 x64 with VS2012.

diff --git a/suite/tests/security-common/ret_noncall_trace.c b/suite/tests/security-common/ret_noncall_trace.c
@@ -42,9 +42,8 @@
  *   with default optimization on Linux.
  *
  * Notes: If the compilers change, their default optimization levels are
- *   changed or if this code is optimized, the offset 6, used in next_num() for
+ *   changed or if this code is optimized, the OFFSET, used in next_num() for
  *   saved_eip will change.  The change may be different on Windows and Linux.
- *   The offset value in the code has to be modified.
  */
 
 #include "tools.h"
@@ -53,6 +52,14 @@
 #define INNER_LOOP_COUNT 4
 #define MAX_SUM (NUM_TIMES * (NUM_TIMES + 1) / 2 * INNER_LOOP_COUNT)
 
+#if defined(ARM) || defined(AARCH64)
+# define OFFSET 8
+#elif defined(X86)
+# define OFFSET 6
+#else
+# error NYI
+#endif
+
 static ptr_uint_t saved_eip;
 
 int
@@ -62,7 +69,7 @@ next_num(void **retaddr_p)
 
   counter++;
   saved_eip = (ptr_uint_t)*retaddr_p;
-  saved_eip += 6;                /* Set rp to main()'s do-while loop. */
+  saved_eip += OFFSET;           /* Set rp to main()'s do-while loop. */
   return counter;
 }
 

diff --git a/suite/tests/tools.c b/suite/tests/tools.c
@@ -620,13 +620,20 @@ GLOBAL_LABEL(FUNCNAME:)
         xchg     REG_XAX, ARG1       /* Swap with function pointer in arg1. */
         jmp      REG_XAX             /* Call function, now with &retaddr as arg1. */
 #elif defined(ARM)
-        mov      r1, ARG1
-        mov      r0, lr
-        bx       r1
+        push     {r7, lr}
+        add      r7, sp, #0
+        mov      lr, r0
+        add      r0, sp, #4          /* Make pointer to return address on stack. */
+        blx      lr                  /* Call function, with &retaddr as arg1. */
+        pop      {r7, pc}            /* Return to possibly modified return address. */
 #elif defined(AARCH64)
-        mov      x1, ARG1
-        mov      x0, x30
-        br       x1
+        stp      x29, x30, [sp, #-16]!
+        mov      x29, sp
+        mov      x30, x0
+        add      x0, sp, #8          /* Make pointer to return address on stack. */
+        blr      x30                 /* Call function, with &retaddr as arg1. */
+        ldp      x29, x30, [sp], #16
+        ret                          /* Return to possibly modified return address. */
 #else
 # error NYI
 #endif