Revert "Disable pointer authentication in app processes."
Revert "[automerged blank] Disable pointer authentication in app..." Revert submission 16712509-sc-dev-I3030c47be9d02a27505bd4775c1982a20755758c-sc-v2-dev Reason for revert: PAC has shipped with S, and we're going with app compat outreach rather than regressing security. Reverted Changes: I3030c47be:Disable pointer authentication in app processes. I3030c47be:Disable pointer authentication in app processes. I84a696428:[automerged blank] Disable pointer authentication ... Ibc52deaf3:[automerged blank] Disable pointer authentication ... Change-Id: I637d453a5b137841bcb794264b6f6c393fb924da
This commit is contained in:
Elliott Hughes
parent
b81b50bf2c
commit
af2f109a9c
2 changed files with 3 additions and 48 deletions
|
|
@ -45,7 +45,6 @@
|
|||
#include "private/bionic_defs.h"
|
||||
#include "private/bionic_globals.h"
|
||||
#include "platform/bionic/macros.h"
|
||||
#include "platform/bionic/pac.h"
|
||||
#include "private/bionic_ssp.h"
|
||||
#include "private/bionic_systrace.h"
|
||||
#include "private/bionic_tls.h"
|
||||
|
|
@ -332,9 +331,11 @@ void __set_stack_and_tls_vma_name(bool is_main_thread) {
|
|||
extern "C" int __rt_sigprocmask(int, const sigset64_t*, sigset64_t*, size_t);
|
||||
|
||||
__attribute__((no_sanitize("hwaddress")))
|
||||
#ifdef __aarch64__
|
||||
// This function doesn't return, but it does appear in stack traces. Avoid using return PAC in this
|
||||
// function because we may end up resetting IA, which may confuse unwinders due to mismatching keys.
|
||||
__BIONIC_DISABLE_PAUTH
|
||||
__attribute__((target("branch-protection=bti")))
|
||||
#endif
|
||||
static int __pthread_start(void* arg) {
|
||||
pthread_internal_t* thread = reinterpret_cast<pthread_internal_t*>(arg);
|
||||
|
||||
|
|
|
|||
|
|
@ -29,7 +29,6 @@
|
|||
#pragma once
|
||||
|
||||
#include <stddef.h>
|
||||
#include <sys/prctl.h>
|
||||
|
||||
inline uintptr_t __bionic_clear_pac_bits(uintptr_t ptr) {
|
||||
#if defined(__aarch64__)
|
||||
|
|
@ -41,48 +40,3 @@ inline uintptr_t __bionic_clear_pac_bits(uintptr_t ptr) {
|
|||
return ptr;
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef __aarch64__
|
||||
// The default setting for branch-protection enables both PAC and BTI, so by
|
||||
// overriding it to only enable BTI we disable PAC.
|
||||
#define __BIONIC_DISABLE_PAUTH __attribute__((target("branch-protection=bti")))
|
||||
#else
|
||||
#define __BIONIC_DISABLE_PAUTH
|
||||
#endif
|
||||
|
||||
#ifdef __aarch64__
|
||||
|
||||
#ifndef PR_PAC_SET_ENABLED_KEYS
|
||||
#define PR_PAC_SET_ENABLED_KEYS 60
|
||||
#endif
|
||||
|
||||
#ifndef PR_PAC_GET_ENABLED_KEYS
|
||||
#define PR_PAC_GET_ENABLED_KEYS 61
|
||||
#endif
|
||||
|
||||
// Disable PAC (i.e. make the signing and authentication instructions into no-ops) for the lifetime
|
||||
// of this object.
|
||||
class ScopedDisablePAC {
|
||||
int prev_enabled_keys_;
|
||||
|
||||
public:
|
||||
// Disabling IA will invalidate the return address in this function if it is signed, so we need to
|
||||
// make sure that this function does not sign its return address. Likewise for the destructor.
|
||||
__BIONIC_DISABLE_PAUTH
|
||||
ScopedDisablePAC() {
|
||||
// These prctls will fail (resulting in a no-op, the intended behavior) if PAC is not supported.
|
||||
prev_enabled_keys_ = prctl(PR_PAC_GET_ENABLED_KEYS, 0, 0, 0, 0);
|
||||
prctl(PR_PAC_SET_ENABLED_KEYS, prev_enabled_keys_, 0, 0, 0);
|
||||
}
|
||||
|
||||
__BIONIC_DISABLE_PAUTH
|
||||
~ScopedDisablePAC() {
|
||||
prctl(PR_PAC_SET_ENABLED_KEYS, prev_enabled_keys_, prev_enabled_keys_, 0, 0);
|
||||
}
|
||||
};
|
||||
#else
|
||||
struct ScopedDisablePAC {
|
||||
// Silence unused variable warnings in non-aarch64 builds.
|
||||
ScopedDisablePAC() {}
|
||||
};
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Reference in a new issue