111 lines · c
1//===-- AArch64PointerAuth.h -- Harden code using PAuth ---------*- C++ -*-===//2//3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.4// See https://llvm.org/LICENSE.txt for license information.5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception6//7//===----------------------------------------------------------------------===//8 9#ifndef LLVM_LIB_TARGET_AARCH64_AARCH64POINTERAUTH_H10#define LLVM_LIB_TARGET_AARCH64_AARCH64POINTERAUTH_H11 12#include "llvm/CodeGen/MachineBasicBlock.h"13#include "llvm/CodeGen/Register.h"14 15namespace llvm {16namespace AArch64PAuth {17 18/// Variants of check performed on an authenticated pointer.19///20/// In cases such as authenticating the LR value when performing a tail call21/// or when re-signing a signed pointer with a different signing schema,22/// a failed authentication may not generate an exception on its own and may23/// create an authentication or signing oracle if not checked explicitly.24///25/// A number of check methods modify control flow in a similar way by26/// rewriting the code27///28/// ```29/// <authenticate LR>30/// <more instructions>31/// ```32///33/// as follows:34///35/// ```36/// <authenticate LR>37/// <method-specific checker>38/// on_fail:39/// brk <code>40/// on_success:41/// <more instructions>42///43/// ```44enum class AuthCheckMethod {45 /// Do not check the value at all46 None,47 48 /// Perform a load to a temporary register49 DummyLoad,50 51 /// Check by comparing bits 62 and 61 of the authenticated address.52 ///53 /// This method modifies control flow and inserts the following checker:54 ///55 /// ```56 /// eor Xtmp, Xn, Xn, lsl #157 /// tbz Xtmp, #62, on_success58 /// ```59 HighBitsNoTBI,60 61 /// Check by comparing the authenticated value with an XPAC-ed one without62 /// using PAuth instructions not encoded as HINT. Can only be applied to LR.63 ///64 /// This method modifies control flow and inserts the following checker:65 ///66 /// ```67 /// mov Xtmp, LR68 /// xpaclri ; encoded as "hint #7"69 /// ; Note: at this point, the LR register contains the address as if70 /// ; the authentication succeeded and the temporary register contains the71 /// ; *real* result of authentication.72 /// cmp Xtmp, LR73 /// b.eq on_success74 /// ```75 XPACHint,76 77 /// Similar to XPACHint but using Armv8.3-only XPAC instruction, thus78 /// not restricted to LR:79 /// ```80 /// mov Xtmp, Xn81 /// xpac(i|d) Xn82 /// cmp Xtmp, Xn83 /// b.eq on_success84 /// ```85 XPAC,86};87 88#define AUTH_CHECK_METHOD_CL_VALUES_COMMON \89 clEnumValN(AArch64PAuth::AuthCheckMethod::None, "none", \90 "Do not check authenticated address"), \91 clEnumValN(AArch64PAuth::AuthCheckMethod::DummyLoad, "load", \92 "Perform dummy load from authenticated address"), \93 clEnumValN( \94 AArch64PAuth::AuthCheckMethod::HighBitsNoTBI, "high-bits-notbi", \95 "Compare bits 62 and 61 of address (TBI should be disabled)"), \96 clEnumValN(AArch64PAuth::AuthCheckMethod::XPAC, "xpac", \97 "Compare with the result of XPAC (requires Armv8.3-a)")98 99#define AUTH_CHECK_METHOD_CL_VALUES_LR \100 AUTH_CHECK_METHOD_CL_VALUES_COMMON, \101 clEnumValN(AArch64PAuth::AuthCheckMethod::XPACHint, "xpac-hint", \102 "Compare with the result of XPACLRI")103 104/// Returns the number of bytes added by checkAuthenticatedRegister.105unsigned getCheckerSizeInBytes(AuthCheckMethod Method);106 107} // end namespace AArch64PAuth108} // end namespace llvm109 110#endif111