Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for a crasher due to misaligned stack on x86-32. #32

Merged
merged 1 commit into from
Mar 16, 2013
Merged

Fix for a crasher due to misaligned stack on x86-32. #32

merged 1 commit into from
Mar 16, 2013

Conversation

alex
Copy link
Contributor

@alex alex commented Mar 14, 2013

Full information on reproduction (using Python's ctypes available here: http://bugs.python.org/issue17423)

@alex
Fix for a crasher due to misaligned stack on x86-32.
ee18766 
Full information on reproduction (using Python's ctypes available here: http://bugs.python.org/issue17423)
@ghost ghost assigned atgreen Mar 16, 2013
atgreen added a commit that referenced this pull request Mar 16, 2013
@atgreen
Merge pull request #32 from alex/patch-1
7e1b326 
Fix for a crasher due to misaligned stack on x86-32.
@atgreen atgreen merged commit 7e1b326 into libffi:master Mar 16, 2013
atgreen added a commit that referenced this pull request Mar 16, 2013
@atgreen
Merge pull request #32 from alex/patch-1
211a9eb 
Fix for a crasher due to misaligned stack on x86-32.
@alex alex deleted the patch-1 branch March 16, 2013 15:14
This was referenced Jul 19, 2019
Closed
Merged
billatarm added a commit to billatarm/libffi that referenced this pull request May 10, 2024
@billatarm
aarch64: fix callstack in ffi_call_SYSV
5b75608 
The debug stack gets corrupted between the frame and stack pivots, update
the CFI directives so the call stack stays correct in the debugger.

str     x9, [x1, libffi#32] // stack is ffi_call_SYSV() -> ffi_call_int() -> ffi_call_int() -> main() (good)
mov     x29, x1       // stack is ffi_call_SYSV() -> ffi_call_int() -> ffi_call_int() -> ffi_call() -> main() (bad)
mov     sp, x0        // stack is ffi_call_SYSV() -> ffi_call_int() -> ffi_call_int() -> main() (good)

The CFA data needs to be updated around the pivots, after this patch the
callstack stays correct.

Signed-off-by: Bill Roberts <bill.roberts@arm.com>
atgreen pushed a commit that referenced this pull request Jun 1, 2024
@billatarm
aarch64: support pointer authentication (#834)
45d284f 
* aarch64: fix callstack in ffi_call_SYSV

The debug stack gets corrupted between the frame and stack pivots, update
the CFI directives so the call stack stays correct in the debugger.

str     x9, [x1, #32] // stack is ffi_call_SYSV() -> ffi_call_int() -> ffi_call_int() -> main() (good)
mov     x29, x1       // stack is ffi_call_SYSV() -> ffi_call_int() -> ffi_call_int() -> ffi_call() -> main() (bad)
mov     sp, x0        // stack is ffi_call_SYSV() -> ffi_call_int() -> ffi_call_int() -> main() (good)

The CFA data needs to be updated around the pivots, after this patch the
callstack stays correct.

Signed-off-by: Bill Roberts <bill.roberts@arm.com>

* aarch64: remove uneeded CFI directive

This directive doesn't actually set the CFA to anything valid, and
during unwinding this isn't even used. Note that the PAC/Darwin usage
is quite suspect as well, as the CFA is either x1 or x29 after the frame
pivot, and the CFA address is what's used as the modifier when verifying
the PAC. At least this is the behavior on Linux with PAC, I need to
verify ARME ABI unwinding. So for now leave Darwin as is.

Signed-off-by: Bill Roberts <bill.roberts@arm.com>

* ptrauth: rename define for clarity

Rename the HAVE_PTRAUTH define for clarity that its associated with the
ARM64E ABI and not the ARM64 ABI that can be supported on Linux and
enabled with -mbranch-protection=standard.

Signed-off-by: Bill Roberts <bill.roberts@arm.com>

* aarch64: add PAC support to ffi_call_SYSV

Support AARCH64 Pointer Authentication Codes (PAC) within ffi_call_SYSV
and support exception unwinding.

The Linux ABI for PAC is to use paciasp/autiasp instructions which also
have hint space equivelent instructions. They sign the LR (x30) with the
A key and the current stack pointer as the salt. Note that this can also be
configured to use the B key and will use pacibsp/autibsp hint instructions.

The Linux ABI for exception frame data when PAC is enabled assumes that the
Connonical Frame Address, or CFA is equal to the stack pointer. I.E sp is
equal to x29 (fp). When the unwinder is invoked the cfa will point to
the frame which will include the *signed* return address from the LR.
This will then be passed to __builtin_aarch64_autia1716 where the CFA
will be used as the salt and stored to register x16 and register x17
will contain the signed address to demangle. This can be noted in:
  - https://github.com/gcc-mirror/gcc/blob/d6d7afcdbc04adb0ec42a44b2d7e05600945af42/libgcc/config/aarch64/aarch64-unwind.h#L56

The other required portion of this is to indicate to the unwinder that
this is a signed address that needs to go the special demangle route in
the unwinder. This is accomplished by using CFI directive "cfi_window_save"
which marks that frame as being signed.

Putting all of this together is a bit tricky, as the internals of
ffi_call_SYSV the callee allocates its stack and frame and passes it in
arg1 (x0) and arg2 (x1) to the called function, where that function
pivots its stack, so care must be taken to get the sp == fp before
paciasp is called and also restore that state before autiasp is called.

Signed-off-by: Bill Roberts <bill.roberts@arm.com>

---------

Signed-off-by: Bill Roberts <bill.roberts@arm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@atgreen atgreen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alex @atgreen