Skip to content

make: Disable branch-protection for PIE code on ARM64 #2712

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 15, 2025
Merged

make: Disable branch-protection for PIE code on ARM64 #2712

merged 1 commit into from
Aug 15, 2025

Conversation

@avagin
Copy link
Member

@avagin avagin commented Aug 15, 2025

Branch protection uses PAC. It cryptographically "signs" a function's return address before it is stored on the stack. Upon return, the address is authenticated using a secret key. If the signature is invalid, the program will fault.

The PIE code is used for the parasite and the restorer. In both cases, it runs in a foreign process. The case of the restorer is even trickier because it needs to restore the original PAC keys, which invalidates all previously "signed" pointers within the restorer itself.

Fixes #2709

@avagin avagin force-pushed the arm64-branch-protection branch from d4918b9 to 4747113 Compare August 15, 2025 02:15
@avagin avagin mentioned this pull request Aug 15, 2025
Closed
@avagin avagin force-pushed the arm64-branch-protection branch from 4747113 to f046b73 Compare August 15, 2025 04:26
@avagin avagin requested review from 0x7f454c46 and rst0git August 15, 2025 04:27
@rst0git
Copy link
Member

rst0git commented Aug 15, 2025

@avagin Compiling CRIU with this patch fails on Debian 10 / Raspbian 10 with the following error:

gcc: error: unrecognized command line option '-mbranch-protection=none'; did you mean '-fcf-protection=none'?

The branch-protection option was introduced relatively recently and these distributions use gcc 8.3.0.
https://gcc.gnu.org/pipermail/gcc-patches/2022-April/593736.html

@avagin
make: Disable branch-protection for PIE code on ARM64
aececb2 
Branch protection uses PAC. It cryptographically "signs" a function's
return address before it is stored on the stack. Upon return, the address
is authenticated using a secret key. If the signature is invalid, the
program will fault.

The PIE code is used for the parasite and the restorer. In both cases, it
runs in a foreign process. The case of the restorer is even trickier
because it needs to restore the original PAC keys, which invalidates
all previously "signed" pointers within the restorer itself.

Fixes checkpoint-restore#2709

Signed-off-by: Andrei Vagin <avagin@gmail.com>
@avagin avagin force-pushed the arm64-branch-protection branch from f046b73 to aececb2 Compare August 15, 2025 07:41
@avagin
Copy link
Member Author

avagin commented Aug 15, 2025

@rst0git I uploaded a new version. Please try it out.

rst0git
rst0git approved these changes Aug 15, 2025
View reviewed changes
Copy link
Member

@rst0git rst0git left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

mihalicyn
mihalicyn approved these changes Aug 15, 2025
View reviewed changes
Copy link
Member

@mihalicyn mihalicyn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool stuff!

LGTM

@avagin avagin merged commit d8c3492 into checkpoint-restore:criu-dev Aug 15, 2025
37 of 42 checks passed
@rst0git rst0git mentioned this pull request Sep 3, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mihalicyn mihalicyn mihalicyn approved these changes

@rst0git rst0git rst0git approved these changes

@0x7f454c46 0x7f454c46 Awaiting requested review from 0x7f454c46

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

criu 4.1.1 times out in runc c/r tests on GHA arm (ubuntu-24.04-arm)

3 participants

@avagin @rst0git @mihalicyn