forked from OSchip/llvm-project
43c84e4634
According to EHABI32 §8.5.2, the PAC for the return address of a
function described in an exception table is supposed to be addressed
in the _Unwind_VRS_{Get,Set} API by setting regclass=_UVRSC_PSEUDO and
regno=0. (The space of 'regno' values is independent for each
regclass, and for _UVRSC_PSEUDO, there is only one valid regno so far.)
That is indeed what libunwind's _Unwind_VRS_{Get,Set} functions expect
to receive. But at two call sites, the wrong values are passed in:
regno is being set to UNW_ARM_RA_AUTH_CODE (0x8F) instead of 0, and in
one case, regclass is _UVRSC_CORE instead of _UVRSC_PSEUDO.
As a result, those calls to _Unwind_VRS_{Get,Set} return
_UVRSR_FAILED, which their callers ignore. So if you compile in the
AUTG instruction that actually validates the PAC, it will try to
validate what's effectively an uninitialised register as an
authentication code, and trigger a CPU fault even on correct exception
unwinding.
Reviewed By: danielkiss
Differential Revision: https://reviews.llvm.org/D128522
|
||
|---|---|---|
| .. | ||
| AddressSpace.hpp | ||
| CMakeLists.txt | ||
| CompactUnwinder.hpp | ||
| DwarfInstructions.hpp | ||
| DwarfParser.hpp | ||
| EHHeaderParser.hpp | ||
| FrameHeaderCache.hpp | ||
| RWMutex.hpp | ||
| Registers.hpp | ||
| Unwind-EHABI.cpp | ||
| Unwind-EHABI.h | ||
| Unwind-seh.cpp | ||
| Unwind-sjlj.c | ||
| UnwindCursor.hpp | ||
| UnwindLevel1-gcc-ext.c | ||
| UnwindLevel1.c | ||
| UnwindRegistersRestore.S | ||
| UnwindRegistersSave.S | ||
| Unwind_AIXExtras.cpp | ||
| Unwind_AppleExtras.cpp | ||
| assembly.h | ||
| cet_unwind.h | ||
| config.h | ||
| dwarf2.h | ||
| libunwind.cpp | ||
| libunwind_ext.h | ||