1 //===-- AArch64PointerAuth.h -- Harden code using PAuth ---------*- C++ -*-===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 9 #ifndef LLVM_LIB_TARGET_AARCH64_AARCH64POINTERAUTH_H 10 #define LLVM_LIB_TARGET_AARCH64_AARCH64POINTERAUTH_H 11 12 #include "llvm/CodeGen/MachineBasicBlock.h" 13 #include "llvm/CodeGen/Register.h" 14 15 namespace llvm { 16 namespace AArch64PAuth { 17 18 /// Variants of check performed on an authenticated pointer. 19 /// 20 /// In cases such as authenticating the LR value when performing a tail call 21 /// or when re-signing a signed pointer with a different signing schema, 22 /// a failed authentication may not generate an exception on its own and may 23 /// create an authentication or signing oracle if not checked explicitly. 24 /// 25 /// A number of check methods modify control flow in a similar way by 26 /// rewriting the code 27 /// 28 /// ``` 29 /// <authenticate LR> 30 /// <more instructions> 31 /// ``` 32 /// 33 /// as follows: 34 /// 35 /// ``` 36 /// <authenticate LR> 37 /// <method-specific checker> 38 /// on_fail: 39 /// brk <code> 40 /// on_success: 41 /// <more instructions> 42 /// 43 /// ``` 44 enum class AuthCheckMethod { 45 /// Do not check the value at all 46 None, 47 48 /// Perform a load to a temporary register 49 DummyLoad, 50 51 /// Check by comparing bits 62 and 61 of the authenticated address. 52 /// 53 /// This method modifies control flow and inserts the following checker: 54 /// 55 /// ``` 56 /// eor Xtmp, Xn, Xn, lsl #1 57 /// tbz Xtmp, #62, on_success 58 /// ``` 59 HighBitsNoTBI, 60 61 /// Check by comparing the authenticated value with an XPAC-ed one without 62 /// using PAuth instructions not encoded as HINT. Can only be applied to LR. 63 /// 64 /// This method modifies control flow and inserts the following checker: 65 /// 66 /// ``` 67 /// mov Xtmp, LR 68 /// xpaclri ; encoded as "hint #7" 69 /// ; Note: at this point, the LR register contains the address as if 70 /// ; the authentication succeeded and the temporary register contains the 71 /// ; *real* result of authentication. 72 /// cmp Xtmp, LR 73 /// b.eq on_success 74 /// ``` 75 XPACHint, 76 77 /// Similar to XPACHint but using Armv8.3-only XPAC instruction, thus 78 /// not restricted to LR: 79 /// ``` 80 /// mov Xtmp, Xn 81 /// xpac(i|d) Xn 82 /// cmp Xtmp, Xn 83 /// b.eq on_success 84 /// ``` 85 XPAC, 86 }; 87 88 #define AUTH_CHECK_METHOD_CL_VALUES_COMMON \ 89 clEnumValN(AArch64PAuth::AuthCheckMethod::None, "none", \ 90 "Do not check authenticated address"), \ 91 clEnumValN(AArch64PAuth::AuthCheckMethod::DummyLoad, "load", \ 92 "Perform dummy load from authenticated address"), \ 93 clEnumValN( \ 94 AArch64PAuth::AuthCheckMethod::HighBitsNoTBI, "high-bits-notbi", \ 95 "Compare bits 62 and 61 of address (TBI should be disabled)"), \ 96 clEnumValN(AArch64PAuth::AuthCheckMethod::XPAC, "xpac", \ 97 "Compare with the result of XPAC (requires Armv8.3-a)") 98 99 #define AUTH_CHECK_METHOD_CL_VALUES_LR \ 100 AUTH_CHECK_METHOD_CL_VALUES_COMMON, \ 101 clEnumValN(AArch64PAuth::AuthCheckMethod::XPACHint, "xpac-hint", \ 102 "Compare with the result of XPACLRI") 103 104 /// Returns the number of bytes added by checkAuthenticatedRegister. 105 unsigned getCheckerSizeInBytes(AuthCheckMethod Method); 106 107 } // end namespace AArch64PAuth 108 } // end namespace llvm 109 110 #endif 111