[PAC][compiler-rt][UBSan] Strip signed vptr instead of authenticating it#100153
[PAC][compiler-rt][UBSan] Strip signed vptr instead of authenticating it#100153
Conversation
vtpr cannot be authenticated without knowing the class type if it was signed with type discrimination. Co-authored-by: Oliver Hunt <oliver@apple.com>
llvmbot
added
compiler-rt
compiler-rt:ubsan
|
@llvm/pr-subscribers-compiler-rt-sanitizer Author: Akira Hatanaka (ahatanak) Changesvtpr cannot be authenticated without knowing the class type if it was signed with type discrimination. Co-authored-by: Oliver Hunt <oliver@apple.com> Full diff: https://github.com/llvm/llvm-project/pull/100153.diff 1 Files Affected:
diff --git a/compiler-rt/lib/ubsan/ubsan_type_hash_itanium.cpp b/compiler-rt/lib/ubsan/ubsan_type_hash_itanium.cpp
index 468a8fcd603f0..15788574dd995 100644
--- a/compiler-rt/lib/ubsan/ubsan_type_hash_itanium.cpp
+++ b/compiler-rt/lib/ubsan/ubsan_type_hash_itanium.cpp
@@ -207,7 +207,7 @@ struct VtablePrefix {
std::type_info *TypeInfo;
};
VtablePrefix *getVtablePrefix(void *Vtable) {
- Vtable = ptrauth_auth_data(Vtable, ptrauth_key_cxx_vtable_pointer, 0);
+ Vtable = ptrauth_strip(Vtable, ptrauth_key_cxx_vtable_pointer);
VtablePrefix *Vptr = reinterpret_cast<VtablePrefix*>(Vtable);
VtablePrefix *Prefix = Vptr - 1;
if (!IsAccessibleMemoryRange((uptr)Prefix, sizeof(VtablePrefix)))
|
kovdan01
left a comment
kovdan01
left a comment
There was a problem hiding this comment.
Thanks!
I suppose that in future preprocessor conditions against vtable discrimination enabled/disabled might be used, and if disabled, old code with ptrauth_auth_data and zero discriminator should be OK.
It can't know what the discriminator is unless it's explicitly provided, this particular function may not have abi constraints so it could in theory be updated to take the full discriminator as an argument. For dynamic_cast we use ptrauth_strip, but have the codegen for dynamic cast perform a forced load+auth of the vtable pointer prior to the call. It's not perfect but is the only really ABI stable solution. |
|
/cherry-pick 0a6a3c1 |
… it (llvm#100153) vptr cannot be authenticated without knowing the class type if it was signed with type discrimination. Co-authored-by: Oliver Hunt <oliver@apple.com> (cherry picked from commit 0a6a3c1)
|
/pull-request #100219 |
… it (llvm#100153) vptr cannot be authenticated without knowing the class type if it was signed with type discrimination. Co-authored-by: Oliver Hunt <oliver@apple.com> (cherry picked from commit 0a6a3c1)
… it (#100153) vptr cannot be authenticated without knowing the class type if it was signed with type discrimination. Co-authored-by: Oliver Hunt <oliver@apple.com>
ahatanak
requested review from
efriedma-quic
and removed request for
efriedma-quic
5 participants
vptr cannot be authenticated without knowing the class type if it was signed with type discrimination.
Co-authored-by: Oliver Hunt oliver@apple.com