[clang][ObjC][PAC] Add ptrauth protections to objective-c #147899
+983
−42
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
llvmbot
added
clang
|
@llvm/pr-subscribers-clang-codegen Author: Oliver Hunt (ojhunt) ChangesThis PR introduces the use of pointer authentication to objective-c[++]. This includes:
Patch is 76.83 KiB, truncated to 20.00 KiB below, full version: https://github.com/llvm/llvm-project/pull/147899.diff 30 Files Affected:
diff --git a/clang/include/clang/AST/ASTContext.h b/clang/include/clang/AST/ASTContext.h
index 2b9cd035623cc..8c27728c404dd 100644
--- a/clang/include/clang/AST/ASTContext.h
+++ b/clang/include/clang/AST/ASTContext.h
@@ -2300,6 +2300,8 @@ class ASTContext : public RefCountedBase<ASTContext> {
return getTypeDeclType(getObjCSelDecl());
}
+ PointerAuthQualifier getObjCMemberSelTypePtrAuth();
+
/// Retrieve the typedef declaration corresponding to the predefined
/// Objective-C 'Class' type.
TypedefDecl *getObjCClassDecl() const;
diff --git a/clang/include/clang/Basic/Features.def b/clang/include/clang/Basic/Features.def
index 14bff8a68846d..c2e677e31e5a0 100644
--- a/clang/include/clang/Basic/Features.def
+++ b/clang/include/clang/Basic/Features.def
@@ -119,6 +119,12 @@ FEATURE(ptrauth_indirect_gotos, LangOpts.PointerAuthIndirectGotos)
FEATURE(ptrauth_init_fini, LangOpts.PointerAuthInitFini)
FEATURE(ptrauth_init_fini_address_discrimination, LangOpts.PointerAuthInitFiniAddressDiscrimination)
FEATURE(ptrauth_elf_got, LangOpts.PointerAuthELFGOT)
+
+FEATURE(ptrauth_objc_isa, LangOpts.PointerAuthObjcIsa)
+FEATURE(ptrauth_objc_interface_sel, LangOpts.PointerAuthObjcInterfaceSel)
+FEATURE(ptrauth_objc_signable_class, true)
+FEATURE(ptrauth_objc_method_list_pointer, LangOpts.PointerAuthCalls)
+
EXTENSION(swiftcc,
PP.getTargetInfo().checkCallingConvention(CC_Swift) ==
clang::TargetInfo::CCCR_OK)
diff --git a/clang/include/clang/Basic/LangOptions.def b/clang/include/clang/Basic/LangOptions.def
index 72321c204ce96..852188de18654 100644
--- a/clang/include/clang/Basic/LangOptions.def
+++ b/clang/include/clang/Basic/LangOptions.def
@@ -133,6 +133,11 @@ LANGOPT(PointerAuthInitFiniAddressDiscrimination, 1, 0, NotCompatible,
LANGOPT(PointerAuthELFGOT, 1, 0, NotCompatible, "authenticate pointers from GOT")
LANGOPT(AArch64JumpTableHardening, 1, 0, NotCompatible, "use hardened lowering for jump-table dispatch")
+LANGOPT(PointerAuthObjcIsa, 1, 0, NotCompatible, "authentication of isa and super pointers in ObjC instances")
+LANGOPT(PointerAuthObjcInterfaceSel, 1, 0, NotCompatible, "authentication of SEL fields of ObjC interfaces")
+LANGOPT(PointerAuthObjcInterfaceSelKey, 16, 0, NotCompatible, "authentication key for SEL fields of ObjC interfaces")
+LANGOPT(PointerAuthObjcClassROPointers, 1, 0, Benign, "class_ro_t pointer authentication")
+
LANGOPT(DoubleSquareBracketAttributes, 1, 0, NotCompatible, "'[[]]' attributes extension for all language standard modes")
LANGOPT(ExperimentalLateParseAttributes, 1, 0, NotCompatible, "experimental late parsing of attributes")
diff --git a/clang/include/clang/Basic/LangOptions.h b/clang/include/clang/Basic/LangOptions.h
index 4c642c9e10c91..41739536b34bb 100644
--- a/clang/include/clang/Basic/LangOptions.h
+++ b/clang/include/clang/Basic/LangOptions.h
@@ -379,6 +379,8 @@ class LangOptionsBase {
BKey
};
+ using PointerAuthenticationMode = ::clang::PointerAuthenticationMode;
+
enum class ThreadModelKind {
/// POSIX Threads.
POSIX,
diff --git a/clang/include/clang/Basic/PointerAuthOptions.h b/clang/include/clang/Basic/PointerAuthOptions.h
index a3a3e50bcde5d..fb6dddf3ae9ce 100644
--- a/clang/include/clang/Basic/PointerAuthOptions.h
+++ b/clang/include/clang/Basic/PointerAuthOptions.h
@@ -27,6 +27,26 @@ namespace clang {
/// .fini_array. The value is ptrauth_string_discriminator("init_fini")
constexpr uint16_t InitFiniPointerConstantDiscriminator = 0xD9D4;
+/// Constant discriminator to be used with method list pointers. The value is
+/// ptrauth_string_discriminator("method_list_t")
+constexpr uint16_t MethodListPointerConstantDiscriminator = 0xC310;
+
+/// Constant discriminator to be used with objective-c isa pointers. The value
+/// is ptrauth_string_discriminator("isa")
+constexpr uint16_t IsaPointerConstantDiscriminator = 0x6AE1;
+
+/// Constant discriminator to be used with objective-c superclass pointers.
+/// The value is ptrauth_string_discriminator("objc_class:superclass")
+constexpr uint16_t SuperPointerConstantDiscriminator = 0xB5AB;
+
+/// Constant discriminator to be used with objective-c sel pointers. The value
+/// is ptrauth_string_discriminator("sel")
+constexpr uint16_t SelPointerConstantDiscriminator = 0x57c2;
+
+/// Constant discriminator to be used with objective-c class_ro_t pointers.
+/// The value is ptrauth_string_discriminator("class_data_bits")
+constexpr uint16_t ClassROConstantDiscriminator = 0x61F8;
+
constexpr unsigned PointerAuthKeyNone = -1;
/// Constant discriminator for std::type_info vtable pointers: 0xB1EA/45546
@@ -202,6 +222,21 @@ struct PointerAuthOptions {
/// The ABI for function addresses in .init_array and .fini_array
PointerAuthSchema InitFiniPointers;
+
+ /// The ABI for Objective-C method lists.
+ PointerAuthSchema ObjCMethodListFunctionPointers;
+
+ /// The ABI for a reference to an Objective-C method list in _class_ro_t.
+ PointerAuthSchema ObjCMethodListPointer;
+
+ /// The ABI for Objective-C isa pointers.
+ PointerAuthSchema ObjCIsaPointers;
+
+ /// The ABI for Objective-C superclass pointers.
+ PointerAuthSchema ObjCSuperPointers;
+
+ /// The ABI for Objective-C class_ro_t pointers.
+ PointerAuthSchema ObjCClassROPointers;
};
} // end namespace clang
diff --git a/clang/include/clang/Driver/Options.td b/clang/include/clang/Driver/Options.td
index 77379f1130149..e2b347246f7ab 100644
--- a/clang/include/clang/Driver/Options.td
+++ b/clang/include/clang/Driver/Options.td
@@ -4498,6 +4498,9 @@ defm ptrauth_init_fini_address_discrimination : OptInCC1FFlag<"ptrauth-init-fini
"Enable address discrimination of function pointers in init/fini arrays">;
defm ptrauth_elf_got : OptInCC1FFlag<"ptrauth-elf-got", "Enable authentication of pointers from GOT (ELF only)">;
defm aarch64_jump_table_hardening: OptInCC1FFlag<"aarch64-jump-table-hardening", "Use hardened lowering for jump-table dispatch">;
+defm ptrauth_objc_isa : OptInCC1FFlag<"ptrauth-objc-isa", "Enable signing and authentication of Objective-C object's 'isa' field">;
+defm ptrauth_objc_interface_sel : OptInCC1FFlag<"ptrauth-objc-interface-sel", "Enable signing and authentication of Objective-C object's 'SEL' fields">;
+defm ptrauth_objc_class_ro : OptInCC1FFlag<"ptrauth-objc-class-ro", "Enable signing and authentication for ObjC class_ro pointers">;
}
def fenable_matrix : Flag<["-"], "fenable-matrix">, Group<f_Group>,
diff --git a/clang/lib/AST/ASTContext.cpp b/clang/lib/AST/ASTContext.cpp
index 679812adcdf12..0499a81cd5231 100644
--- a/clang/lib/AST/ASTContext.cpp
+++ b/clang/lib/AST/ASTContext.cpp
@@ -9783,6 +9783,17 @@ ObjCInterfaceDecl *ASTContext::getObjCProtocolDecl() const {
return ObjCProtocolClassDecl;
}
+PointerAuthQualifier ASTContext::getObjCMemberSelTypePtrAuth() {
+ if (!getLangOpts().PointerAuthObjcInterfaceSel)
+ return PointerAuthQualifier();
+ return PointerAuthQualifier::Create(
+ getLangOpts().PointerAuthObjcInterfaceSelKey,
+ /*isAddressDiscriminated=*/true, SelPointerConstantDiscriminator,
+ PointerAuthenticationMode::SignAndAuth,
+ /*isIsaPointer=*/false,
+ /*authenticatesNullValues=*/false);
+}
+
//===----------------------------------------------------------------------===//
// __builtin_va_list Construction Functions
//===----------------------------------------------------------------------===//
diff --git a/clang/lib/CodeGen/CGBlocks.cpp b/clang/lib/CodeGen/CGBlocks.cpp
index f3ddf7bf9a463..1aba841eb5fc2 100644
--- a/clang/lib/CodeGen/CGBlocks.cpp
+++ b/clang/lib/CodeGen/CGBlocks.cpp
@@ -853,9 +853,24 @@ llvm::Value *CodeGenFunction::EmitBlockLiteral(const CGBlockInfo &blockInfo) {
offset += size;
index++;
};
+ auto addSignedHeaderField =
+ [&](llvm::Value *Value, const PointerAuthSchema &Schema,
+ GlobalDecl Decl, QualType Type, CharUnits Size, const Twine &Name) {
+ auto StorageAddress = projectField(index, Name);
+ if (Schema) {
+ auto AuthInfo = EmitPointerAuthInfo(
+ Schema, StorageAddress.emitRawPointer(*this), Decl, Type);
+ Value = EmitPointerAuthSign(AuthInfo, Value);
+ }
+ Builder.CreateStore(Value, StorageAddress);
+ offset += Size;
+ index++;
+ };
if (!IsOpenCL) {
- addHeaderField(isa, getPointerSize(), "block.isa");
+ addSignedHeaderField(
+ isa, CGM.getCodeGenOpts().PointerAuth.ObjCIsaPointers, GlobalDecl(),
+ QualType(), getPointerSize(), "block.isa");
addHeaderField(llvm::ConstantInt::get(IntTy, flags.getBitMask()),
getIntSize(), "block.flags");
addHeaderField(llvm::ConstantInt::get(IntTy, 0), getIntSize(),
@@ -1285,7 +1300,9 @@ static llvm::Constant *buildGlobalBlock(CodeGenModule &CGM,
if (IsWindows)
fields.addNullPointer(CGM.Int8PtrPtrTy);
else
- fields.add(CGM.getNSConcreteGlobalBlock());
+ fields.addSignedPointer(CGM.getNSConcreteGlobalBlock(),
+ CGM.getCodeGenOpts().PointerAuth.ObjCIsaPointers,
+ GlobalDecl(), QualType());
// __flags
BlockFlags flags = BLOCK_IS_GLOBAL;
diff --git a/clang/lib/CodeGen/CGObjC.cpp b/clang/lib/CodeGen/CGObjC.cpp
index 6f87444d3f672..24b6ce7c1c70d 100644
--- a/clang/lib/CodeGen/CGObjC.cpp
+++ b/clang/lib/CodeGen/CGObjC.cpp
@@ -1193,16 +1193,23 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
ivarAddr = ivarAddr.withElementType(bitcastType);
llvm::LoadInst *load = Builder.CreateLoad(ivarAddr, "load");
load->setAtomic(llvm::AtomicOrdering::Unordered);
+ llvm::Value *ivarVal = load;
+ if (PointerAuthQualifier PAQ = ivar->getType().getPointerAuth()) {
+ CGPointerAuthInfo SrcInfo = EmitPointerAuthInfo(PAQ, ivarAddr);
+ CGPointerAuthInfo TargetInfo =
+ CGM.getPointerAuthInfoForType(getterMethod->getReturnType());
+ ivarVal = emitPointerAuthResign(ivarVal, ivar->getType(), SrcInfo,
+ TargetInfo, /*isKnownNonNull=*/false);
+ }
// Store that value into the return address. Doing this with a
// bitcast is likely to produce some pretty ugly IR, but it's not
// the *most* terrible thing in the world.
llvm::Type *retTy = ConvertType(getterMethod->getReturnType());
uint64_t retTySize = CGM.getDataLayout().getTypeSizeInBits(retTy);
- llvm::Value *ivarVal = load;
if (ivarSize > retTySize) {
bitcastType = llvm::Type::getIntNTy(getLLVMContext(), retTySize);
- ivarVal = Builder.CreateTrunc(load, bitcastType);
+ ivarVal = Builder.CreateTrunc(ivarVal, bitcastType);
}
Builder.CreateStore(ivarVal, ReturnValue.withElementType(bitcastType));
@@ -1214,6 +1221,16 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
case PropertyImplStrategy::GetSetProperty: {
llvm::FunctionCallee getPropertyFn =
CGM.getObjCRuntime().GetPropertyGetFunction();
+
+ if (ivar->getType().getPointerAuth()) {
+ // This currently cannot be hit, but if we ever allow objc pointers
+ // to be signed, this will become possible. Reaching here would require
+ // a copy, weak, etc property backed by an authenticated pointer.
+ CGM.ErrorUnsupported(propImpl,
+ "Obj-C getter requiring pointer authentication");
+ return;
+ }
+
if (!getPropertyFn) {
CGM.ErrorUnsupported(propImpl, "Obj-C getter requiring atomic copy");
return;
@@ -1269,7 +1286,9 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
LValue LV = EmitLValueForIvar(TypeOfSelfObject(), LoadObjCSelf(), ivar, 0);
QualType ivarType = ivar->getType();
- switch (getEvaluationKind(ivarType)) {
+ auto EvaluationKind = getEvaluationKind(ivarType);
+ assert(!ivarType.getPointerAuth() || EvaluationKind == TEK_Scalar);
+ switch (EvaluationKind) {
case TEK_Complex: {
ComplexPairTy pair = EmitLoadOfComplex(LV, SourceLocation());
EmitStoreOfComplex(pair, MakeAddrLValue(ReturnValue, ivarType),
@@ -1287,6 +1306,11 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
case TEK_Scalar: {
llvm::Value *value;
if (propType->isReferenceType()) {
+ if (ivarType.getPointerAuth()) {
+ CGM.ErrorUnsupported(propImpl,
+ "Obj-C getter for authenticated reference type");
+ return;
+ }
value = LV.getAddress().emitRawPointer(*this);
} else {
// We want to load and autoreleaseReturnValue ARC __weak ivars.
@@ -1300,7 +1324,19 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
// Otherwise we want to do a simple load, suppressing the
// final autorelease.
} else {
- value = EmitLoadOfLValue(LV, SourceLocation()).getScalarVal();
+ if (PointerAuthQualifier PAQ = ivar->getType().getPointerAuth()) {
+ Address ivarAddr = LV.getAddress();
+ llvm::LoadInst *LoadInst = Builder.CreateLoad(ivarAddr, "load");
+ llvm::Value *Load = LoadInst;
+ auto SrcInfo = EmitPointerAuthInfo(PAQ, ivarAddr);
+ auto TargetInfo =
+ CGM.getPointerAuthInfoForType(getterMethod->getReturnType());
+ Load = emitPointerAuthResign(Load, ivarType, SrcInfo, TargetInfo,
+ /*isKnownNonNull=*/false);
+ value = Load;
+ } else
+ value = EmitLoadOfLValue(LV, SourceLocation()).getScalarVal();
+
AutoreleaseResult = false;
}
@@ -1490,6 +1526,14 @@ CodeGenFunction::generateObjCSetterBody(const ObjCImplementationDecl *classImpl,
llvm::Value *load = Builder.CreateLoad(argAddr);
+ if (PointerAuthQualifier PAQ = ivar->getType().getPointerAuth()) {
+ QualType PropertyType = propImpl->getPropertyDecl()->getType();
+ CGPointerAuthInfo SrcInfo = CGM.getPointerAuthInfoForType(PropertyType);
+ CGPointerAuthInfo TargetInfo = EmitPointerAuthInfo(PAQ, ivarAddr);
+ load = emitPointerAuthResign(load, ivar->getType(), SrcInfo, TargetInfo,
+ /*isKnownNonNull=*/false);
+ }
+
// Perform an atomic store. There are no memory ordering requirements.
llvm::StoreInst *store = Builder.CreateStore(load, ivarAddr);
store->setAtomic(llvm::AtomicOrdering::Unordered);
diff --git a/clang/lib/CodeGen/CGObjCMac.cpp b/clang/lib/CodeGen/CGObjCMac.cpp
index a52c92cdbc83b..8e71a576552d3 100644
--- a/clang/lib/CodeGen/CGObjCMac.cpp
+++ b/clang/lib/CodeGen/CGObjCMac.cpp
@@ -1935,7 +1935,9 @@ CGObjCCommonMac::GenerateConstantNSString(const StringLiteral *Literal) {
auto Fields = Builder.beginStruct(NSConstantStringType);
// Class pointer.
- Fields.add(Class);
+ Fields.addSignedPointer(Class,
+ CGM.getCodeGenOpts().PointerAuth.ObjCIsaPointers,
+ GlobalDecl(), QualType());
// String pointer.
llvm::Constant *C =
@@ -4975,10 +4977,7 @@ enum ImageInfoFlags {
eImageInfo_GCOnly = (1 << 2),
eImageInfo_OptimizedByDyld = (1 << 3), // This flag is set by the dyld shared cache.
- // A flag indicating that the module has no instances of a @synthesize of a
- // superclass variable. This flag used to be consumed by the runtime to work
- // around miscompile by gcc.
- eImageInfo_CorrectedSynthesize = (1 << 4), // This flag is no longer set by clang.
+ eImageInfo_SignedClassRO = (1 << 4), // Reused (was _CorrectedSynthesize)
eImageInfo_ImageIsSimulated = (1 << 5),
eImageInfo_ClassProperties = (1 << 6)
};
@@ -5036,6 +5035,17 @@ void CGObjCCommonMac::EmitImageInfo() {
// Indicate whether we are generating class properties.
Mod.addModuleFlag(llvm::Module::Error, "Objective-C Class Properties",
eImageInfo_ClassProperties);
+
+ // Indicate whether we want enforcement of pointer signing for class_ro_t
+ // pointers.
+ if (CGM.getLangOpts().PointerAuthObjcClassROPointers)
+ Mod.addModuleFlag(llvm::Module::Error,
+ "Objective-C Enforce ClassRO Pointer Signing",
+ eImageInfo_SignedClassRO);
+ else
+ Mod.addModuleFlag(llvm::Module::Error,
+ "Objective-C Enforce ClassRO Pointer Signing",
+ llvm::ConstantInt::get(Int8Ty, 0));
}
// struct objc_module {
@@ -6223,11 +6233,19 @@ llvm::GlobalVariable *CGObjCNonFragileABIMac::BuildClassRoTInitializer(
methods.push_back(MD);
}
- values.add(emitMethodList(ID->getObjCRuntimeNameAsString(),
- (flags & NonFragileABI_Class_Meta)
- ? MethodListType::ClassMethods
- : MethodListType::InstanceMethods,
- methods));
+ llvm::Constant *MethListPtr = emitMethodList(
+ ID->getObjCRuntimeNameAsString(),
+ (flags & NonFragileABI_Class_Meta) ? MethodListType::ClassMethods
+ : MethodListType::InstanceMethods,
+ methods);
+
+ const PointerAuthSchema &MethListSchema =
+ CGM.getCodeGenOpts().PointerAuth.ObjCMethodListPointer;
+ if (!MethListPtr->isNullValue())
+ values.addSignedPointer(MethListPtr, MethListSchema, GlobalDecl(),
+ QualType());
+ else
+ values.add(MethListPtr);
const ObjCInterfaceDecl *OID = ID->getClassInterface();
assert(OID && "CGObjCNonFragileABIMac::BuildClassRoTInitializer");
@@ -6275,15 +6293,20 @@ llvm::GlobalVariable *CGObjCNonFragileABIMac::BuildClassObject(
bool HiddenVisibility) {
ConstantInitBuilder builder(CGM);
auto values = builder.beginStruct(ObjCTypes.ClassnfABITy);
- values.add(IsAGV);
- if (SuperClassGV) {
- values.add(SuperClassGV);
- } else {
+ const PointerAuthOptions &PointerAuthOpts = CGM.getCodeGenOpts().PointerAuth;
+ values.addSignedPointer(IsAGV, PointerAuthOpts.ObjCIsaPointers, GlobalDecl(),
+ QualType());
+ if (SuperClassGV)
+ values.addSignedPointer(SuperClassGV, PointerAuthOpts.ObjCSuperPointers,
+ GlobalDecl(), QualType());
+ else
values.addNullPointer(ObjCTypes.ClassnfABIPtrTy);
- }
+
values.add(ObjCEmptyCacheVar);
values.add(ObjCEmptyVtableVar);
- values.add(ClassRoGV);
+
+ values.addSignedPointer(ClassRoGV, PointerAuthOpts.ObjCClassROPointers,
+ GlobalDecl(), QualType());
llvm::GlobalVariable *GV = cast<llvm::GlobalVariable>(
GetClassGlobal(CI, isMetaclass, ForDefinition));
@@ -6543,15 +6566,27 @@ void CGObjCNonFragileABIMac::GenerateCategory(const ObjCCategoryImplDecl *OCD) {
}
}
- auto instanceMethodList = emitMethodList(
+ llvm::Constant *InstanceMethodList = emitMethodList(
listName, MethodListType::CategoryInstanceMethods, instanceMethods);
- auto classMethodList = emitMethodList(
+ const PointerAuthSchema &MethListSchema =
+ CGM.getCodeGenOpts().PointerAuth.ObjCMethodListPointer;
+ if (!InstanceMethodList->isNullValue())
+ values.addSignedPointer(InstanceMethodList, MethListSchema, GlobalDecl(),
+ QualType());
+ else
+ values.add(InstanceMethodList);
+
+ llvm::Constant *ClassMethodList = emitMethodList(
listName, MethodListType::CategoryClassMethods, classMethods);
- values.add(instanceMethodList);
- values.add(classMethodList);
+ if (!ClassMethodList->isNullValue())
+ values.addSignedPointer(ClassMethodList, MethListSchema, GlobalDecl(),
+ QualType());
+ else
+ values.add(ClassMethodList);
+
// Keep track of whether we have actual metadata to emit.
bool isEmptyCategory =
- instanceMethodList->isNullValue() && classMethodList->isNullValue();
+ InstanceMethodList->isNullValue() && ClassMethodList->isNullValue();
const ObjCCategoryDecl *Category =
Interface->FindCategoryDeclaration(OCD->getIdentifier());
@@ -6629,7 +6664,13 @@ void CGObjCNonFragileABIMac::emitMethodConstant(ConstantArrayBuilder &builder,
} else {
llvm::Function *fn = GetMethodDefinition(MD);
assert(fn && "no definition for method?");
- method.add(fn);
+ if (const PointerAuthSchema &Schema =...
[truncated]
|
|
@llvm/pr-subscribers-clang Author: Oliver Hunt (ojhunt) ChangesThis PR introduces the use of pointer authentication to objective-c[++]. This includes:
Patch is 76.83 KiB, truncated to 20.00 KiB below, full version: https://github.com/llvm/llvm-project/pull/147899.diff 30 Files Affected:
diff --git a/clang/include/clang/AST/ASTContext.h b/clang/include/clang/AST/ASTContext.h
index 2b9cd035623cc..8c27728c404dd 100644
--- a/clang/include/clang/AST/ASTContext.h
+++ b/clang/include/clang/AST/ASTContext.h
@@ -2300,6 +2300,8 @@ class ASTContext : public RefCountedBase<ASTContext> {
return getTypeDeclType(getObjCSelDecl());
}
+ PointerAuthQualifier getObjCMemberSelTypePtrAuth();
+
/// Retrieve the typedef declaration corresponding to the predefined
/// Objective-C 'Class' type.
TypedefDecl *getObjCClassDecl() const;
diff --git a/clang/include/clang/Basic/Features.def b/clang/include/clang/Basic/Features.def
index 14bff8a68846d..c2e677e31e5a0 100644
--- a/clang/include/clang/Basic/Features.def
+++ b/clang/include/clang/Basic/Features.def
@@ -119,6 +119,12 @@ FEATURE(ptrauth_indirect_gotos, LangOpts.PointerAuthIndirectGotos)
FEATURE(ptrauth_init_fini, LangOpts.PointerAuthInitFini)
FEATURE(ptrauth_init_fini_address_discrimination, LangOpts.PointerAuthInitFiniAddressDiscrimination)
FEATURE(ptrauth_elf_got, LangOpts.PointerAuthELFGOT)
+
+FEATURE(ptrauth_objc_isa, LangOpts.PointerAuthObjcIsa)
+FEATURE(ptrauth_objc_interface_sel, LangOpts.PointerAuthObjcInterfaceSel)
+FEATURE(ptrauth_objc_signable_class, true)
+FEATURE(ptrauth_objc_method_list_pointer, LangOpts.PointerAuthCalls)
+
EXTENSION(swiftcc,
PP.getTargetInfo().checkCallingConvention(CC_Swift) ==
clang::TargetInfo::CCCR_OK)
diff --git a/clang/include/clang/Basic/LangOptions.def b/clang/include/clang/Basic/LangOptions.def
index 72321c204ce96..852188de18654 100644
--- a/clang/include/clang/Basic/LangOptions.def
+++ b/clang/include/clang/Basic/LangOptions.def
@@ -133,6 +133,11 @@ LANGOPT(PointerAuthInitFiniAddressDiscrimination, 1, 0, NotCompatible,
LANGOPT(PointerAuthELFGOT, 1, 0, NotCompatible, "authenticate pointers from GOT")
LANGOPT(AArch64JumpTableHardening, 1, 0, NotCompatible, "use hardened lowering for jump-table dispatch")
+LANGOPT(PointerAuthObjcIsa, 1, 0, NotCompatible, "authentication of isa and super pointers in ObjC instances")
+LANGOPT(PointerAuthObjcInterfaceSel, 1, 0, NotCompatible, "authentication of SEL fields of ObjC interfaces")
+LANGOPT(PointerAuthObjcInterfaceSelKey, 16, 0, NotCompatible, "authentication key for SEL fields of ObjC interfaces")
+LANGOPT(PointerAuthObjcClassROPointers, 1, 0, Benign, "class_ro_t pointer authentication")
+
LANGOPT(DoubleSquareBracketAttributes, 1, 0, NotCompatible, "'[[]]' attributes extension for all language standard modes")
LANGOPT(ExperimentalLateParseAttributes, 1, 0, NotCompatible, "experimental late parsing of attributes")
diff --git a/clang/include/clang/Basic/LangOptions.h b/clang/include/clang/Basic/LangOptions.h
index 4c642c9e10c91..41739536b34bb 100644
--- a/clang/include/clang/Basic/LangOptions.h
+++ b/clang/include/clang/Basic/LangOptions.h
@@ -379,6 +379,8 @@ class LangOptionsBase {
BKey
};
+ using PointerAuthenticationMode = ::clang::PointerAuthenticationMode;
+
enum class ThreadModelKind {
/// POSIX Threads.
POSIX,
diff --git a/clang/include/clang/Basic/PointerAuthOptions.h b/clang/include/clang/Basic/PointerAuthOptions.h
index a3a3e50bcde5d..fb6dddf3ae9ce 100644
--- a/clang/include/clang/Basic/PointerAuthOptions.h
+++ b/clang/include/clang/Basic/PointerAuthOptions.h
@@ -27,6 +27,26 @@ namespace clang {
/// .fini_array. The value is ptrauth_string_discriminator("init_fini")
constexpr uint16_t InitFiniPointerConstantDiscriminator = 0xD9D4;
+/// Constant discriminator to be used with method list pointers. The value is
+/// ptrauth_string_discriminator("method_list_t")
+constexpr uint16_t MethodListPointerConstantDiscriminator = 0xC310;
+
+/// Constant discriminator to be used with objective-c isa pointers. The value
+/// is ptrauth_string_discriminator("isa")
+constexpr uint16_t IsaPointerConstantDiscriminator = 0x6AE1;
+
+/// Constant discriminator to be used with objective-c superclass pointers.
+/// The value is ptrauth_string_discriminator("objc_class:superclass")
+constexpr uint16_t SuperPointerConstantDiscriminator = 0xB5AB;
+
+/// Constant discriminator to be used with objective-c sel pointers. The value
+/// is ptrauth_string_discriminator("sel")
+constexpr uint16_t SelPointerConstantDiscriminator = 0x57c2;
+
+/// Constant discriminator to be used with objective-c class_ro_t pointers.
+/// The value is ptrauth_string_discriminator("class_data_bits")
+constexpr uint16_t ClassROConstantDiscriminator = 0x61F8;
+
constexpr unsigned PointerAuthKeyNone = -1;
/// Constant discriminator for std::type_info vtable pointers: 0xB1EA/45546
@@ -202,6 +222,21 @@ struct PointerAuthOptions {
/// The ABI for function addresses in .init_array and .fini_array
PointerAuthSchema InitFiniPointers;
+
+ /// The ABI for Objective-C method lists.
+ PointerAuthSchema ObjCMethodListFunctionPointers;
+
+ /// The ABI for a reference to an Objective-C method list in _class_ro_t.
+ PointerAuthSchema ObjCMethodListPointer;
+
+ /// The ABI for Objective-C isa pointers.
+ PointerAuthSchema ObjCIsaPointers;
+
+ /// The ABI for Objective-C superclass pointers.
+ PointerAuthSchema ObjCSuperPointers;
+
+ /// The ABI for Objective-C class_ro_t pointers.
+ PointerAuthSchema ObjCClassROPointers;
};
} // end namespace clang
diff --git a/clang/include/clang/Driver/Options.td b/clang/include/clang/Driver/Options.td
index 77379f1130149..e2b347246f7ab 100644
--- a/clang/include/clang/Driver/Options.td
+++ b/clang/include/clang/Driver/Options.td
@@ -4498,6 +4498,9 @@ defm ptrauth_init_fini_address_discrimination : OptInCC1FFlag<"ptrauth-init-fini
"Enable address discrimination of function pointers in init/fini arrays">;
defm ptrauth_elf_got : OptInCC1FFlag<"ptrauth-elf-got", "Enable authentication of pointers from GOT (ELF only)">;
defm aarch64_jump_table_hardening: OptInCC1FFlag<"aarch64-jump-table-hardening", "Use hardened lowering for jump-table dispatch">;
+defm ptrauth_objc_isa : OptInCC1FFlag<"ptrauth-objc-isa", "Enable signing and authentication of Objective-C object's 'isa' field">;
+defm ptrauth_objc_interface_sel : OptInCC1FFlag<"ptrauth-objc-interface-sel", "Enable signing and authentication of Objective-C object's 'SEL' fields">;
+defm ptrauth_objc_class_ro : OptInCC1FFlag<"ptrauth-objc-class-ro", "Enable signing and authentication for ObjC class_ro pointers">;
}
def fenable_matrix : Flag<["-"], "fenable-matrix">, Group<f_Group>,
diff --git a/clang/lib/AST/ASTContext.cpp b/clang/lib/AST/ASTContext.cpp
index 679812adcdf12..0499a81cd5231 100644
--- a/clang/lib/AST/ASTContext.cpp
+++ b/clang/lib/AST/ASTContext.cpp
@@ -9783,6 +9783,17 @@ ObjCInterfaceDecl *ASTContext::getObjCProtocolDecl() const {
return ObjCProtocolClassDecl;
}
+PointerAuthQualifier ASTContext::getObjCMemberSelTypePtrAuth() {
+ if (!getLangOpts().PointerAuthObjcInterfaceSel)
+ return PointerAuthQualifier();
+ return PointerAuthQualifier::Create(
+ getLangOpts().PointerAuthObjcInterfaceSelKey,
+ /*isAddressDiscriminated=*/true, SelPointerConstantDiscriminator,
+ PointerAuthenticationMode::SignAndAuth,
+ /*isIsaPointer=*/false,
+ /*authenticatesNullValues=*/false);
+}
+
//===----------------------------------------------------------------------===//
// __builtin_va_list Construction Functions
//===----------------------------------------------------------------------===//
diff --git a/clang/lib/CodeGen/CGBlocks.cpp b/clang/lib/CodeGen/CGBlocks.cpp
index f3ddf7bf9a463..1aba841eb5fc2 100644
--- a/clang/lib/CodeGen/CGBlocks.cpp
+++ b/clang/lib/CodeGen/CGBlocks.cpp
@@ -853,9 +853,24 @@ llvm::Value *CodeGenFunction::EmitBlockLiteral(const CGBlockInfo &blockInfo) {
offset += size;
index++;
};
+ auto addSignedHeaderField =
+ [&](llvm::Value *Value, const PointerAuthSchema &Schema,
+ GlobalDecl Decl, QualType Type, CharUnits Size, const Twine &Name) {
+ auto StorageAddress = projectField(index, Name);
+ if (Schema) {
+ auto AuthInfo = EmitPointerAuthInfo(
+ Schema, StorageAddress.emitRawPointer(*this), Decl, Type);
+ Value = EmitPointerAuthSign(AuthInfo, Value);
+ }
+ Builder.CreateStore(Value, StorageAddress);
+ offset += Size;
+ index++;
+ };
if (!IsOpenCL) {
- addHeaderField(isa, getPointerSize(), "block.isa");
+ addSignedHeaderField(
+ isa, CGM.getCodeGenOpts().PointerAuth.ObjCIsaPointers, GlobalDecl(),
+ QualType(), getPointerSize(), "block.isa");
addHeaderField(llvm::ConstantInt::get(IntTy, flags.getBitMask()),
getIntSize(), "block.flags");
addHeaderField(llvm::ConstantInt::get(IntTy, 0), getIntSize(),
@@ -1285,7 +1300,9 @@ static llvm::Constant *buildGlobalBlock(CodeGenModule &CGM,
if (IsWindows)
fields.addNullPointer(CGM.Int8PtrPtrTy);
else
- fields.add(CGM.getNSConcreteGlobalBlock());
+ fields.addSignedPointer(CGM.getNSConcreteGlobalBlock(),
+ CGM.getCodeGenOpts().PointerAuth.ObjCIsaPointers,
+ GlobalDecl(), QualType());
// __flags
BlockFlags flags = BLOCK_IS_GLOBAL;
diff --git a/clang/lib/CodeGen/CGObjC.cpp b/clang/lib/CodeGen/CGObjC.cpp
index 6f87444d3f672..24b6ce7c1c70d 100644
--- a/clang/lib/CodeGen/CGObjC.cpp
+++ b/clang/lib/CodeGen/CGObjC.cpp
@@ -1193,16 +1193,23 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
ivarAddr = ivarAddr.withElementType(bitcastType);
llvm::LoadInst *load = Builder.CreateLoad(ivarAddr, "load");
load->setAtomic(llvm::AtomicOrdering::Unordered);
+ llvm::Value *ivarVal = load;
+ if (PointerAuthQualifier PAQ = ivar->getType().getPointerAuth()) {
+ CGPointerAuthInfo SrcInfo = EmitPointerAuthInfo(PAQ, ivarAddr);
+ CGPointerAuthInfo TargetInfo =
+ CGM.getPointerAuthInfoForType(getterMethod->getReturnType());
+ ivarVal = emitPointerAuthResign(ivarVal, ivar->getType(), SrcInfo,
+ TargetInfo, /*isKnownNonNull=*/false);
+ }
// Store that value into the return address. Doing this with a
// bitcast is likely to produce some pretty ugly IR, but it's not
// the *most* terrible thing in the world.
llvm::Type *retTy = ConvertType(getterMethod->getReturnType());
uint64_t retTySize = CGM.getDataLayout().getTypeSizeInBits(retTy);
- llvm::Value *ivarVal = load;
if (ivarSize > retTySize) {
bitcastType = llvm::Type::getIntNTy(getLLVMContext(), retTySize);
- ivarVal = Builder.CreateTrunc(load, bitcastType);
+ ivarVal = Builder.CreateTrunc(ivarVal, bitcastType);
}
Builder.CreateStore(ivarVal, ReturnValue.withElementType(bitcastType));
@@ -1214,6 +1221,16 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
case PropertyImplStrategy::GetSetProperty: {
llvm::FunctionCallee getPropertyFn =
CGM.getObjCRuntime().GetPropertyGetFunction();
+
+ if (ivar->getType().getPointerAuth()) {
+ // This currently cannot be hit, but if we ever allow objc pointers
+ // to be signed, this will become possible. Reaching here would require
+ // a copy, weak, etc property backed by an authenticated pointer.
+ CGM.ErrorUnsupported(propImpl,
+ "Obj-C getter requiring pointer authentication");
+ return;
+ }
+
if (!getPropertyFn) {
CGM.ErrorUnsupported(propImpl, "Obj-C getter requiring atomic copy");
return;
@@ -1269,7 +1286,9 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
LValue LV = EmitLValueForIvar(TypeOfSelfObject(), LoadObjCSelf(), ivar, 0);
QualType ivarType = ivar->getType();
- switch (getEvaluationKind(ivarType)) {
+ auto EvaluationKind = getEvaluationKind(ivarType);
+ assert(!ivarType.getPointerAuth() || EvaluationKind == TEK_Scalar);
+ switch (EvaluationKind) {
case TEK_Complex: {
ComplexPairTy pair = EmitLoadOfComplex(LV, SourceLocation());
EmitStoreOfComplex(pair, MakeAddrLValue(ReturnValue, ivarType),
@@ -1287,6 +1306,11 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
case TEK_Scalar: {
llvm::Value *value;
if (propType->isReferenceType()) {
+ if (ivarType.getPointerAuth()) {
+ CGM.ErrorUnsupported(propImpl,
+ "Obj-C getter for authenticated reference type");
+ return;
+ }
value = LV.getAddress().emitRawPointer(*this);
} else {
// We want to load and autoreleaseReturnValue ARC __weak ivars.
@@ -1300,7 +1324,19 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
// Otherwise we want to do a simple load, suppressing the
// final autorelease.
} else {
- value = EmitLoadOfLValue(LV, SourceLocation()).getScalarVal();
+ if (PointerAuthQualifier PAQ = ivar->getType().getPointerAuth()) {
+ Address ivarAddr = LV.getAddress();
+ llvm::LoadInst *LoadInst = Builder.CreateLoad(ivarAddr, "load");
+ llvm::Value *Load = LoadInst;
+ auto SrcInfo = EmitPointerAuthInfo(PAQ, ivarAddr);
+ auto TargetInfo =
+ CGM.getPointerAuthInfoForType(getterMethod->getReturnType());
+ Load = emitPointerAuthResign(Load, ivarType, SrcInfo, TargetInfo,
+ /*isKnownNonNull=*/false);
+ value = Load;
+ } else
+ value = EmitLoadOfLValue(LV, SourceLocation()).getScalarVal();
+
AutoreleaseResult = false;
}
@@ -1490,6 +1526,14 @@ CodeGenFunction::generateObjCSetterBody(const ObjCImplementationDecl *classImpl,
llvm::Value *load = Builder.CreateLoad(argAddr);
+ if (PointerAuthQualifier PAQ = ivar->getType().getPointerAuth()) {
+ QualType PropertyType = propImpl->getPropertyDecl()->getType();
+ CGPointerAuthInfo SrcInfo = CGM.getPointerAuthInfoForType(PropertyType);
+ CGPointerAuthInfo TargetInfo = EmitPointerAuthInfo(PAQ, ivarAddr);
+ load = emitPointerAuthResign(load, ivar->getType(), SrcInfo, TargetInfo,
+ /*isKnownNonNull=*/false);
+ }
+
// Perform an atomic store. There are no memory ordering requirements.
llvm::StoreInst *store = Builder.CreateStore(load, ivarAddr);
store->setAtomic(llvm::AtomicOrdering::Unordered);
diff --git a/clang/lib/CodeGen/CGObjCMac.cpp b/clang/lib/CodeGen/CGObjCMac.cpp
index a52c92cdbc83b..8e71a576552d3 100644
--- a/clang/lib/CodeGen/CGObjCMac.cpp
+++ b/clang/lib/CodeGen/CGObjCMac.cpp
@@ -1935,7 +1935,9 @@ CGObjCCommonMac::GenerateConstantNSString(const StringLiteral *Literal) {
auto Fields = Builder.beginStruct(NSConstantStringType);
// Class pointer.
- Fields.add(Class);
+ Fields.addSignedPointer(Class,
+ CGM.getCodeGenOpts().PointerAuth.ObjCIsaPointers,
+ GlobalDecl(), QualType());
// String pointer.
llvm::Constant *C =
@@ -4975,10 +4977,7 @@ enum ImageInfoFlags {
eImageInfo_GCOnly = (1 << 2),
eImageInfo_OptimizedByDyld = (1 << 3), // This flag is set by the dyld shared cache.
- // A flag indicating that the module has no instances of a @synthesize of a
- // superclass variable. This flag used to be consumed by the runtime to work
- // around miscompile by gcc.
- eImageInfo_CorrectedSynthesize = (1 << 4), // This flag is no longer set by clang.
+ eImageInfo_SignedClassRO = (1 << 4), // Reused (was _CorrectedSynthesize)
eImageInfo_ImageIsSimulated = (1 << 5),
eImageInfo_ClassProperties = (1 << 6)
};
@@ -5036,6 +5035,17 @@ void CGObjCCommonMac::EmitImageInfo() {
// Indicate whether we are generating class properties.
Mod.addModuleFlag(llvm::Module::Error, "Objective-C Class Properties",
eImageInfo_ClassProperties);
+
+ // Indicate whether we want enforcement of pointer signing for class_ro_t
+ // pointers.
+ if (CGM.getLangOpts().PointerAuthObjcClassROPointers)
+ Mod.addModuleFlag(llvm::Module::Error,
+ "Objective-C Enforce ClassRO Pointer Signing",
+ eImageInfo_SignedClassRO);
+ else
+ Mod.addModuleFlag(llvm::Module::Error,
+ "Objective-C Enforce ClassRO Pointer Signing",
+ llvm::ConstantInt::get(Int8Ty, 0));
}
// struct objc_module {
@@ -6223,11 +6233,19 @@ llvm::GlobalVariable *CGObjCNonFragileABIMac::BuildClassRoTInitializer(
methods.push_back(MD);
}
- values.add(emitMethodList(ID->getObjCRuntimeNameAsString(),
- (flags & NonFragileABI_Class_Meta)
- ? MethodListType::ClassMethods
- : MethodListType::InstanceMethods,
- methods));
+ llvm::Constant *MethListPtr = emitMethodList(
+ ID->getObjCRuntimeNameAsString(),
+ (flags & NonFragileABI_Class_Meta) ? MethodListType::ClassMethods
+ : MethodListType::InstanceMethods,
+ methods);
+
+ const PointerAuthSchema &MethListSchema =
+ CGM.getCodeGenOpts().PointerAuth.ObjCMethodListPointer;
+ if (!MethListPtr->isNullValue())
+ values.addSignedPointer(MethListPtr, MethListSchema, GlobalDecl(),
+ QualType());
+ else
+ values.add(MethListPtr);
const ObjCInterfaceDecl *OID = ID->getClassInterface();
assert(OID && "CGObjCNonFragileABIMac::BuildClassRoTInitializer");
@@ -6275,15 +6293,20 @@ llvm::GlobalVariable *CGObjCNonFragileABIMac::BuildClassObject(
bool HiddenVisibility) {
ConstantInitBuilder builder(CGM);
auto values = builder.beginStruct(ObjCTypes.ClassnfABITy);
- values.add(IsAGV);
- if (SuperClassGV) {
- values.add(SuperClassGV);
- } else {
+ const PointerAuthOptions &PointerAuthOpts = CGM.getCodeGenOpts().PointerAuth;
+ values.addSignedPointer(IsAGV, PointerAuthOpts.ObjCIsaPointers, GlobalDecl(),
+ QualType());
+ if (SuperClassGV)
+ values.addSignedPointer(SuperClassGV, PointerAuthOpts.ObjCSuperPointers,
+ GlobalDecl(), QualType());
+ else
values.addNullPointer(ObjCTypes.ClassnfABIPtrTy);
- }
+
values.add(ObjCEmptyCacheVar);
values.add(ObjCEmptyVtableVar);
- values.add(ClassRoGV);
+
+ values.addSignedPointer(ClassRoGV, PointerAuthOpts.ObjCClassROPointers,
+ GlobalDecl(), QualType());
llvm::GlobalVariable *GV = cast<llvm::GlobalVariable>(
GetClassGlobal(CI, isMetaclass, ForDefinition));
@@ -6543,15 +6566,27 @@ void CGObjCNonFragileABIMac::GenerateCategory(const ObjCCategoryImplDecl *OCD) {
}
}
- auto instanceMethodList = emitMethodList(
+ llvm::Constant *InstanceMethodList = emitMethodList(
listName, MethodListType::CategoryInstanceMethods, instanceMethods);
- auto classMethodList = emitMethodList(
+ const PointerAuthSchema &MethListSchema =
+ CGM.getCodeGenOpts().PointerAuth.ObjCMethodListPointer;
+ if (!InstanceMethodList->isNullValue())
+ values.addSignedPointer(InstanceMethodList, MethListSchema, GlobalDecl(),
+ QualType());
+ else
+ values.add(InstanceMethodList);
+
+ llvm::Constant *ClassMethodList = emitMethodList(
listName, MethodListType::CategoryClassMethods, classMethods);
- values.add(instanceMethodList);
- values.add(classMethodList);
+ if (!ClassMethodList->isNullValue())
+ values.addSignedPointer(ClassMethodList, MethListSchema, GlobalDecl(),
+ QualType());
+ else
+ values.add(ClassMethodList);
+
// Keep track of whether we have actual metadata to emit.
bool isEmptyCategory =
- instanceMethodList->isNullValue() && classMethodList->isNullValue();
+ InstanceMethodList->isNullValue() && ClassMethodList->isNullValue();
const ObjCCategoryDecl *Category =
Interface->FindCategoryDeclaration(OCD->getIdentifier());
@@ -6629,7 +6664,13 @@ void CGObjCNonFragileABIMac::emitMethodConstant(ConstantArrayBuilder &builder,
} else {
llvm::Function *fn = GetMethodDefinition(MD);
assert(fn && "no definition for method?");
- method.add(fn);
+ if (const PointerAuthSchema &Schema =...
[truncated]
|
|
@llvm/pr-subscribers-backend-x86 Author: Oliver Hunt (ojhunt) ChangesThis PR introduces the use of pointer authentication to objective-c[++]. This includes:
Patch is 76.83 KiB, truncated to 20.00 KiB below, full version: https://github.com/llvm/llvm-project/pull/147899.diff 30 Files Affected:
diff --git a/clang/include/clang/AST/ASTContext.h b/clang/include/clang/AST/ASTContext.h
index 2b9cd035623cc..8c27728c404dd 100644
--- a/clang/include/clang/AST/ASTContext.h
+++ b/clang/include/clang/AST/ASTContext.h
@@ -2300,6 +2300,8 @@ class ASTContext : public RefCountedBase<ASTContext> {
return getTypeDeclType(getObjCSelDecl());
}
+ PointerAuthQualifier getObjCMemberSelTypePtrAuth();
+
/// Retrieve the typedef declaration corresponding to the predefined
/// Objective-C 'Class' type.
TypedefDecl *getObjCClassDecl() const;
diff --git a/clang/include/clang/Basic/Features.def b/clang/include/clang/Basic/Features.def
index 14bff8a68846d..c2e677e31e5a0 100644
--- a/clang/include/clang/Basic/Features.def
+++ b/clang/include/clang/Basic/Features.def
@@ -119,6 +119,12 @@ FEATURE(ptrauth_indirect_gotos, LangOpts.PointerAuthIndirectGotos)
FEATURE(ptrauth_init_fini, LangOpts.PointerAuthInitFini)
FEATURE(ptrauth_init_fini_address_discrimination, LangOpts.PointerAuthInitFiniAddressDiscrimination)
FEATURE(ptrauth_elf_got, LangOpts.PointerAuthELFGOT)
+
+FEATURE(ptrauth_objc_isa, LangOpts.PointerAuthObjcIsa)
+FEATURE(ptrauth_objc_interface_sel, LangOpts.PointerAuthObjcInterfaceSel)
+FEATURE(ptrauth_objc_signable_class, true)
+FEATURE(ptrauth_objc_method_list_pointer, LangOpts.PointerAuthCalls)
+
EXTENSION(swiftcc,
PP.getTargetInfo().checkCallingConvention(CC_Swift) ==
clang::TargetInfo::CCCR_OK)
diff --git a/clang/include/clang/Basic/LangOptions.def b/clang/include/clang/Basic/LangOptions.def
index 72321c204ce96..852188de18654 100644
--- a/clang/include/clang/Basic/LangOptions.def
+++ b/clang/include/clang/Basic/LangOptions.def
@@ -133,6 +133,11 @@ LANGOPT(PointerAuthInitFiniAddressDiscrimination, 1, 0, NotCompatible,
LANGOPT(PointerAuthELFGOT, 1, 0, NotCompatible, "authenticate pointers from GOT")
LANGOPT(AArch64JumpTableHardening, 1, 0, NotCompatible, "use hardened lowering for jump-table dispatch")
+LANGOPT(PointerAuthObjcIsa, 1, 0, NotCompatible, "authentication of isa and super pointers in ObjC instances")
+LANGOPT(PointerAuthObjcInterfaceSel, 1, 0, NotCompatible, "authentication of SEL fields of ObjC interfaces")
+LANGOPT(PointerAuthObjcInterfaceSelKey, 16, 0, NotCompatible, "authentication key for SEL fields of ObjC interfaces")
+LANGOPT(PointerAuthObjcClassROPointers, 1, 0, Benign, "class_ro_t pointer authentication")
+
LANGOPT(DoubleSquareBracketAttributes, 1, 0, NotCompatible, "'[[]]' attributes extension for all language standard modes")
LANGOPT(ExperimentalLateParseAttributes, 1, 0, NotCompatible, "experimental late parsing of attributes")
diff --git a/clang/include/clang/Basic/LangOptions.h b/clang/include/clang/Basic/LangOptions.h
index 4c642c9e10c91..41739536b34bb 100644
--- a/clang/include/clang/Basic/LangOptions.h
+++ b/clang/include/clang/Basic/LangOptions.h
@@ -379,6 +379,8 @@ class LangOptionsBase {
BKey
};
+ using PointerAuthenticationMode = ::clang::PointerAuthenticationMode;
+
enum class ThreadModelKind {
/// POSIX Threads.
POSIX,
diff --git a/clang/include/clang/Basic/PointerAuthOptions.h b/clang/include/clang/Basic/PointerAuthOptions.h
index a3a3e50bcde5d..fb6dddf3ae9ce 100644
--- a/clang/include/clang/Basic/PointerAuthOptions.h
+++ b/clang/include/clang/Basic/PointerAuthOptions.h
@@ -27,6 +27,26 @@ namespace clang {
/// .fini_array. The value is ptrauth_string_discriminator("init_fini")
constexpr uint16_t InitFiniPointerConstantDiscriminator = 0xD9D4;
+/// Constant discriminator to be used with method list pointers. The value is
+/// ptrauth_string_discriminator("method_list_t")
+constexpr uint16_t MethodListPointerConstantDiscriminator = 0xC310;
+
+/// Constant discriminator to be used with objective-c isa pointers. The value
+/// is ptrauth_string_discriminator("isa")
+constexpr uint16_t IsaPointerConstantDiscriminator = 0x6AE1;
+
+/// Constant discriminator to be used with objective-c superclass pointers.
+/// The value is ptrauth_string_discriminator("objc_class:superclass")
+constexpr uint16_t SuperPointerConstantDiscriminator = 0xB5AB;
+
+/// Constant discriminator to be used with objective-c sel pointers. The value
+/// is ptrauth_string_discriminator("sel")
+constexpr uint16_t SelPointerConstantDiscriminator = 0x57c2;
+
+/// Constant discriminator to be used with objective-c class_ro_t pointers.
+/// The value is ptrauth_string_discriminator("class_data_bits")
+constexpr uint16_t ClassROConstantDiscriminator = 0x61F8;
+
constexpr unsigned PointerAuthKeyNone = -1;
/// Constant discriminator for std::type_info vtable pointers: 0xB1EA/45546
@@ -202,6 +222,21 @@ struct PointerAuthOptions {
/// The ABI for function addresses in .init_array and .fini_array
PointerAuthSchema InitFiniPointers;
+
+ /// The ABI for Objective-C method lists.
+ PointerAuthSchema ObjCMethodListFunctionPointers;
+
+ /// The ABI for a reference to an Objective-C method list in _class_ro_t.
+ PointerAuthSchema ObjCMethodListPointer;
+
+ /// The ABI for Objective-C isa pointers.
+ PointerAuthSchema ObjCIsaPointers;
+
+ /// The ABI for Objective-C superclass pointers.
+ PointerAuthSchema ObjCSuperPointers;
+
+ /// The ABI for Objective-C class_ro_t pointers.
+ PointerAuthSchema ObjCClassROPointers;
};
} // end namespace clang
diff --git a/clang/include/clang/Driver/Options.td b/clang/include/clang/Driver/Options.td
index 77379f1130149..e2b347246f7ab 100644
--- a/clang/include/clang/Driver/Options.td
+++ b/clang/include/clang/Driver/Options.td
@@ -4498,6 +4498,9 @@ defm ptrauth_init_fini_address_discrimination : OptInCC1FFlag<"ptrauth-init-fini
"Enable address discrimination of function pointers in init/fini arrays">;
defm ptrauth_elf_got : OptInCC1FFlag<"ptrauth-elf-got", "Enable authentication of pointers from GOT (ELF only)">;
defm aarch64_jump_table_hardening: OptInCC1FFlag<"aarch64-jump-table-hardening", "Use hardened lowering for jump-table dispatch">;
+defm ptrauth_objc_isa : OptInCC1FFlag<"ptrauth-objc-isa", "Enable signing and authentication of Objective-C object's 'isa' field">;
+defm ptrauth_objc_interface_sel : OptInCC1FFlag<"ptrauth-objc-interface-sel", "Enable signing and authentication of Objective-C object's 'SEL' fields">;
+defm ptrauth_objc_class_ro : OptInCC1FFlag<"ptrauth-objc-class-ro", "Enable signing and authentication for ObjC class_ro pointers">;
}
def fenable_matrix : Flag<["-"], "fenable-matrix">, Group<f_Group>,
diff --git a/clang/lib/AST/ASTContext.cpp b/clang/lib/AST/ASTContext.cpp
index 679812adcdf12..0499a81cd5231 100644
--- a/clang/lib/AST/ASTContext.cpp
+++ b/clang/lib/AST/ASTContext.cpp
@@ -9783,6 +9783,17 @@ ObjCInterfaceDecl *ASTContext::getObjCProtocolDecl() const {
return ObjCProtocolClassDecl;
}
+PointerAuthQualifier ASTContext::getObjCMemberSelTypePtrAuth() {
+ if (!getLangOpts().PointerAuthObjcInterfaceSel)
+ return PointerAuthQualifier();
+ return PointerAuthQualifier::Create(
+ getLangOpts().PointerAuthObjcInterfaceSelKey,
+ /*isAddressDiscriminated=*/true, SelPointerConstantDiscriminator,
+ PointerAuthenticationMode::SignAndAuth,
+ /*isIsaPointer=*/false,
+ /*authenticatesNullValues=*/false);
+}
+
//===----------------------------------------------------------------------===//
// __builtin_va_list Construction Functions
//===----------------------------------------------------------------------===//
diff --git a/clang/lib/CodeGen/CGBlocks.cpp b/clang/lib/CodeGen/CGBlocks.cpp
index f3ddf7bf9a463..1aba841eb5fc2 100644
--- a/clang/lib/CodeGen/CGBlocks.cpp
+++ b/clang/lib/CodeGen/CGBlocks.cpp
@@ -853,9 +853,24 @@ llvm::Value *CodeGenFunction::EmitBlockLiteral(const CGBlockInfo &blockInfo) {
offset += size;
index++;
};
+ auto addSignedHeaderField =
+ [&](llvm::Value *Value, const PointerAuthSchema &Schema,
+ GlobalDecl Decl, QualType Type, CharUnits Size, const Twine &Name) {
+ auto StorageAddress = projectField(index, Name);
+ if (Schema) {
+ auto AuthInfo = EmitPointerAuthInfo(
+ Schema, StorageAddress.emitRawPointer(*this), Decl, Type);
+ Value = EmitPointerAuthSign(AuthInfo, Value);
+ }
+ Builder.CreateStore(Value, StorageAddress);
+ offset += Size;
+ index++;
+ };
if (!IsOpenCL) {
- addHeaderField(isa, getPointerSize(), "block.isa");
+ addSignedHeaderField(
+ isa, CGM.getCodeGenOpts().PointerAuth.ObjCIsaPointers, GlobalDecl(),
+ QualType(), getPointerSize(), "block.isa");
addHeaderField(llvm::ConstantInt::get(IntTy, flags.getBitMask()),
getIntSize(), "block.flags");
addHeaderField(llvm::ConstantInt::get(IntTy, 0), getIntSize(),
@@ -1285,7 +1300,9 @@ static llvm::Constant *buildGlobalBlock(CodeGenModule &CGM,
if (IsWindows)
fields.addNullPointer(CGM.Int8PtrPtrTy);
else
- fields.add(CGM.getNSConcreteGlobalBlock());
+ fields.addSignedPointer(CGM.getNSConcreteGlobalBlock(),
+ CGM.getCodeGenOpts().PointerAuth.ObjCIsaPointers,
+ GlobalDecl(), QualType());
// __flags
BlockFlags flags = BLOCK_IS_GLOBAL;
diff --git a/clang/lib/CodeGen/CGObjC.cpp b/clang/lib/CodeGen/CGObjC.cpp
index 6f87444d3f672..24b6ce7c1c70d 100644
--- a/clang/lib/CodeGen/CGObjC.cpp
+++ b/clang/lib/CodeGen/CGObjC.cpp
@@ -1193,16 +1193,23 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
ivarAddr = ivarAddr.withElementType(bitcastType);
llvm::LoadInst *load = Builder.CreateLoad(ivarAddr, "load");
load->setAtomic(llvm::AtomicOrdering::Unordered);
+ llvm::Value *ivarVal = load;
+ if (PointerAuthQualifier PAQ = ivar->getType().getPointerAuth()) {
+ CGPointerAuthInfo SrcInfo = EmitPointerAuthInfo(PAQ, ivarAddr);
+ CGPointerAuthInfo TargetInfo =
+ CGM.getPointerAuthInfoForType(getterMethod->getReturnType());
+ ivarVal = emitPointerAuthResign(ivarVal, ivar->getType(), SrcInfo,
+ TargetInfo, /*isKnownNonNull=*/false);
+ }
// Store that value into the return address. Doing this with a
// bitcast is likely to produce some pretty ugly IR, but it's not
// the *most* terrible thing in the world.
llvm::Type *retTy = ConvertType(getterMethod->getReturnType());
uint64_t retTySize = CGM.getDataLayout().getTypeSizeInBits(retTy);
- llvm::Value *ivarVal = load;
if (ivarSize > retTySize) {
bitcastType = llvm::Type::getIntNTy(getLLVMContext(), retTySize);
- ivarVal = Builder.CreateTrunc(load, bitcastType);
+ ivarVal = Builder.CreateTrunc(ivarVal, bitcastType);
}
Builder.CreateStore(ivarVal, ReturnValue.withElementType(bitcastType));
@@ -1214,6 +1221,16 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
case PropertyImplStrategy::GetSetProperty: {
llvm::FunctionCallee getPropertyFn =
CGM.getObjCRuntime().GetPropertyGetFunction();
+
+ if (ivar->getType().getPointerAuth()) {
+ // This currently cannot be hit, but if we ever allow objc pointers
+ // to be signed, this will become possible. Reaching here would require
+ // a copy, weak, etc property backed by an authenticated pointer.
+ CGM.ErrorUnsupported(propImpl,
+ "Obj-C getter requiring pointer authentication");
+ return;
+ }
+
if (!getPropertyFn) {
CGM.ErrorUnsupported(propImpl, "Obj-C getter requiring atomic copy");
return;
@@ -1269,7 +1286,9 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
LValue LV = EmitLValueForIvar(TypeOfSelfObject(), LoadObjCSelf(), ivar, 0);
QualType ivarType = ivar->getType();
- switch (getEvaluationKind(ivarType)) {
+ auto EvaluationKind = getEvaluationKind(ivarType);
+ assert(!ivarType.getPointerAuth() || EvaluationKind == TEK_Scalar);
+ switch (EvaluationKind) {
case TEK_Complex: {
ComplexPairTy pair = EmitLoadOfComplex(LV, SourceLocation());
EmitStoreOfComplex(pair, MakeAddrLValue(ReturnValue, ivarType),
@@ -1287,6 +1306,11 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
case TEK_Scalar: {
llvm::Value *value;
if (propType->isReferenceType()) {
+ if (ivarType.getPointerAuth()) {
+ CGM.ErrorUnsupported(propImpl,
+ "Obj-C getter for authenticated reference type");
+ return;
+ }
value = LV.getAddress().emitRawPointer(*this);
} else {
// We want to load and autoreleaseReturnValue ARC __weak ivars.
@@ -1300,7 +1324,19 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
// Otherwise we want to do a simple load, suppressing the
// final autorelease.
} else {
- value = EmitLoadOfLValue(LV, SourceLocation()).getScalarVal();
+ if (PointerAuthQualifier PAQ = ivar->getType().getPointerAuth()) {
+ Address ivarAddr = LV.getAddress();
+ llvm::LoadInst *LoadInst = Builder.CreateLoad(ivarAddr, "load");
+ llvm::Value *Load = LoadInst;
+ auto SrcInfo = EmitPointerAuthInfo(PAQ, ivarAddr);
+ auto TargetInfo =
+ CGM.getPointerAuthInfoForType(getterMethod->getReturnType());
+ Load = emitPointerAuthResign(Load, ivarType, SrcInfo, TargetInfo,
+ /*isKnownNonNull=*/false);
+ value = Load;
+ } else
+ value = EmitLoadOfLValue(LV, SourceLocation()).getScalarVal();
+
AutoreleaseResult = false;
}
@@ -1490,6 +1526,14 @@ CodeGenFunction::generateObjCSetterBody(const ObjCImplementationDecl *classImpl,
llvm::Value *load = Builder.CreateLoad(argAddr);
+ if (PointerAuthQualifier PAQ = ivar->getType().getPointerAuth()) {
+ QualType PropertyType = propImpl->getPropertyDecl()->getType();
+ CGPointerAuthInfo SrcInfo = CGM.getPointerAuthInfoForType(PropertyType);
+ CGPointerAuthInfo TargetInfo = EmitPointerAuthInfo(PAQ, ivarAddr);
+ load = emitPointerAuthResign(load, ivar->getType(), SrcInfo, TargetInfo,
+ /*isKnownNonNull=*/false);
+ }
+
// Perform an atomic store. There are no memory ordering requirements.
llvm::StoreInst *store = Builder.CreateStore(load, ivarAddr);
store->setAtomic(llvm::AtomicOrdering::Unordered);
diff --git a/clang/lib/CodeGen/CGObjCMac.cpp b/clang/lib/CodeGen/CGObjCMac.cpp
index a52c92cdbc83b..8e71a576552d3 100644
--- a/clang/lib/CodeGen/CGObjCMac.cpp
+++ b/clang/lib/CodeGen/CGObjCMac.cpp
@@ -1935,7 +1935,9 @@ CGObjCCommonMac::GenerateConstantNSString(const StringLiteral *Literal) {
auto Fields = Builder.beginStruct(NSConstantStringType);
// Class pointer.
- Fields.add(Class);
+ Fields.addSignedPointer(Class,
+ CGM.getCodeGenOpts().PointerAuth.ObjCIsaPointers,
+ GlobalDecl(), QualType());
// String pointer.
llvm::Constant *C =
@@ -4975,10 +4977,7 @@ enum ImageInfoFlags {
eImageInfo_GCOnly = (1 << 2),
eImageInfo_OptimizedByDyld = (1 << 3), // This flag is set by the dyld shared cache.
- // A flag indicating that the module has no instances of a @synthesize of a
- // superclass variable. This flag used to be consumed by the runtime to work
- // around miscompile by gcc.
- eImageInfo_CorrectedSynthesize = (1 << 4), // This flag is no longer set by clang.
+ eImageInfo_SignedClassRO = (1 << 4), // Reused (was _CorrectedSynthesize)
eImageInfo_ImageIsSimulated = (1 << 5),
eImageInfo_ClassProperties = (1 << 6)
};
@@ -5036,6 +5035,17 @@ void CGObjCCommonMac::EmitImageInfo() {
// Indicate whether we are generating class properties.
Mod.addModuleFlag(llvm::Module::Error, "Objective-C Class Properties",
eImageInfo_ClassProperties);
+
+ // Indicate whether we want enforcement of pointer signing for class_ro_t
+ // pointers.
+ if (CGM.getLangOpts().PointerAuthObjcClassROPointers)
+ Mod.addModuleFlag(llvm::Module::Error,
+ "Objective-C Enforce ClassRO Pointer Signing",
+ eImageInfo_SignedClassRO);
+ else
+ Mod.addModuleFlag(llvm::Module::Error,
+ "Objective-C Enforce ClassRO Pointer Signing",
+ llvm::ConstantInt::get(Int8Ty, 0));
}
// struct objc_module {
@@ -6223,11 +6233,19 @@ llvm::GlobalVariable *CGObjCNonFragileABIMac::BuildClassRoTInitializer(
methods.push_back(MD);
}
- values.add(emitMethodList(ID->getObjCRuntimeNameAsString(),
- (flags & NonFragileABI_Class_Meta)
- ? MethodListType::ClassMethods
- : MethodListType::InstanceMethods,
- methods));
+ llvm::Constant *MethListPtr = emitMethodList(
+ ID->getObjCRuntimeNameAsString(),
+ (flags & NonFragileABI_Class_Meta) ? MethodListType::ClassMethods
+ : MethodListType::InstanceMethods,
+ methods);
+
+ const PointerAuthSchema &MethListSchema =
+ CGM.getCodeGenOpts().PointerAuth.ObjCMethodListPointer;
+ if (!MethListPtr->isNullValue())
+ values.addSignedPointer(MethListPtr, MethListSchema, GlobalDecl(),
+ QualType());
+ else
+ values.add(MethListPtr);
const ObjCInterfaceDecl *OID = ID->getClassInterface();
assert(OID && "CGObjCNonFragileABIMac::BuildClassRoTInitializer");
@@ -6275,15 +6293,20 @@ llvm::GlobalVariable *CGObjCNonFragileABIMac::BuildClassObject(
bool HiddenVisibility) {
ConstantInitBuilder builder(CGM);
auto values = builder.beginStruct(ObjCTypes.ClassnfABITy);
- values.add(IsAGV);
- if (SuperClassGV) {
- values.add(SuperClassGV);
- } else {
+ const PointerAuthOptions &PointerAuthOpts = CGM.getCodeGenOpts().PointerAuth;
+ values.addSignedPointer(IsAGV, PointerAuthOpts.ObjCIsaPointers, GlobalDecl(),
+ QualType());
+ if (SuperClassGV)
+ values.addSignedPointer(SuperClassGV, PointerAuthOpts.ObjCSuperPointers,
+ GlobalDecl(), QualType());
+ else
values.addNullPointer(ObjCTypes.ClassnfABIPtrTy);
- }
+
values.add(ObjCEmptyCacheVar);
values.add(ObjCEmptyVtableVar);
- values.add(ClassRoGV);
+
+ values.addSignedPointer(ClassRoGV, PointerAuthOpts.ObjCClassROPointers,
+ GlobalDecl(), QualType());
llvm::GlobalVariable *GV = cast<llvm::GlobalVariable>(
GetClassGlobal(CI, isMetaclass, ForDefinition));
@@ -6543,15 +6566,27 @@ void CGObjCNonFragileABIMac::GenerateCategory(const ObjCCategoryImplDecl *OCD) {
}
}
- auto instanceMethodList = emitMethodList(
+ llvm::Constant *InstanceMethodList = emitMethodList(
listName, MethodListType::CategoryInstanceMethods, instanceMethods);
- auto classMethodList = emitMethodList(
+ const PointerAuthSchema &MethListSchema =
+ CGM.getCodeGenOpts().PointerAuth.ObjCMethodListPointer;
+ if (!InstanceMethodList->isNullValue())
+ values.addSignedPointer(InstanceMethodList, MethListSchema, GlobalDecl(),
+ QualType());
+ else
+ values.add(InstanceMethodList);
+
+ llvm::Constant *ClassMethodList = emitMethodList(
listName, MethodListType::CategoryClassMethods, classMethods);
- values.add(instanceMethodList);
- values.add(classMethodList);
+ if (!ClassMethodList->isNullValue())
+ values.addSignedPointer(ClassMethodList, MethListSchema, GlobalDecl(),
+ QualType());
+ else
+ values.add(ClassMethodList);
+
// Keep track of whether we have actual metadata to emit.
bool isEmptyCategory =
- instanceMethodList->isNullValue() && classMethodList->isNullValue();
+ InstanceMethodList->isNullValue() && ClassMethodList->isNullValue();
const ObjCCategoryDecl *Category =
Interface->FindCategoryDeclaration(OCD->getIdentifier());
@@ -6629,7 +6664,13 @@ void CGObjCNonFragileABIMac::emitMethodConstant(ConstantArrayBuilder &builder,
} else {
llvm::Function *fn = GetMethodDefinition(MD);
assert(fn && "no definition for method?");
- method.add(fn);
+ if (const PointerAuthSchema &Schema =...
[truncated]
|
|
@llvm/pr-subscribers-clang-driver Author: Oliver Hunt (ojhunt) ChangesThis PR introduces the use of pointer authentication to objective-c[++]. This includes:
Patch is 76.83 KiB, truncated to 20.00 KiB below, full version: https://github.com/llvm/llvm-project/pull/147899.diff 30 Files Affected:
diff --git a/clang/include/clang/AST/ASTContext.h b/clang/include/clang/AST/ASTContext.h
index 2b9cd035623cc..8c27728c404dd 100644
--- a/clang/include/clang/AST/ASTContext.h
+++ b/clang/include/clang/AST/ASTContext.h
@@ -2300,6 +2300,8 @@ class ASTContext : public RefCountedBase<ASTContext> {
return getTypeDeclType(getObjCSelDecl());
}
+ PointerAuthQualifier getObjCMemberSelTypePtrAuth();
+
/// Retrieve the typedef declaration corresponding to the predefined
/// Objective-C 'Class' type.
TypedefDecl *getObjCClassDecl() const;
diff --git a/clang/include/clang/Basic/Features.def b/clang/include/clang/Basic/Features.def
index 14bff8a68846d..c2e677e31e5a0 100644
--- a/clang/include/clang/Basic/Features.def
+++ b/clang/include/clang/Basic/Features.def
@@ -119,6 +119,12 @@ FEATURE(ptrauth_indirect_gotos, LangOpts.PointerAuthIndirectGotos)
FEATURE(ptrauth_init_fini, LangOpts.PointerAuthInitFini)
FEATURE(ptrauth_init_fini_address_discrimination, LangOpts.PointerAuthInitFiniAddressDiscrimination)
FEATURE(ptrauth_elf_got, LangOpts.PointerAuthELFGOT)
+
+FEATURE(ptrauth_objc_isa, LangOpts.PointerAuthObjcIsa)
+FEATURE(ptrauth_objc_interface_sel, LangOpts.PointerAuthObjcInterfaceSel)
+FEATURE(ptrauth_objc_signable_class, true)
+FEATURE(ptrauth_objc_method_list_pointer, LangOpts.PointerAuthCalls)
+
EXTENSION(swiftcc,
PP.getTargetInfo().checkCallingConvention(CC_Swift) ==
clang::TargetInfo::CCCR_OK)
diff --git a/clang/include/clang/Basic/LangOptions.def b/clang/include/clang/Basic/LangOptions.def
index 72321c204ce96..852188de18654 100644
--- a/clang/include/clang/Basic/LangOptions.def
+++ b/clang/include/clang/Basic/LangOptions.def
@@ -133,6 +133,11 @@ LANGOPT(PointerAuthInitFiniAddressDiscrimination, 1, 0, NotCompatible,
LANGOPT(PointerAuthELFGOT, 1, 0, NotCompatible, "authenticate pointers from GOT")
LANGOPT(AArch64JumpTableHardening, 1, 0, NotCompatible, "use hardened lowering for jump-table dispatch")
+LANGOPT(PointerAuthObjcIsa, 1, 0, NotCompatible, "authentication of isa and super pointers in ObjC instances")
+LANGOPT(PointerAuthObjcInterfaceSel, 1, 0, NotCompatible, "authentication of SEL fields of ObjC interfaces")
+LANGOPT(PointerAuthObjcInterfaceSelKey, 16, 0, NotCompatible, "authentication key for SEL fields of ObjC interfaces")
+LANGOPT(PointerAuthObjcClassROPointers, 1, 0, Benign, "class_ro_t pointer authentication")
+
LANGOPT(DoubleSquareBracketAttributes, 1, 0, NotCompatible, "'[[]]' attributes extension for all language standard modes")
LANGOPT(ExperimentalLateParseAttributes, 1, 0, NotCompatible, "experimental late parsing of attributes")
diff --git a/clang/include/clang/Basic/LangOptions.h b/clang/include/clang/Basic/LangOptions.h
index 4c642c9e10c91..41739536b34bb 100644
--- a/clang/include/clang/Basic/LangOptions.h
+++ b/clang/include/clang/Basic/LangOptions.h
@@ -379,6 +379,8 @@ class LangOptionsBase {
BKey
};
+ using PointerAuthenticationMode = ::clang::PointerAuthenticationMode;
+
enum class ThreadModelKind {
/// POSIX Threads.
POSIX,
diff --git a/clang/include/clang/Basic/PointerAuthOptions.h b/clang/include/clang/Basic/PointerAuthOptions.h
index a3a3e50bcde5d..fb6dddf3ae9ce 100644
--- a/clang/include/clang/Basic/PointerAuthOptions.h
+++ b/clang/include/clang/Basic/PointerAuthOptions.h
@@ -27,6 +27,26 @@ namespace clang {
/// .fini_array. The value is ptrauth_string_discriminator("init_fini")
constexpr uint16_t InitFiniPointerConstantDiscriminator = 0xD9D4;
+/// Constant discriminator to be used with method list pointers. The value is
+/// ptrauth_string_discriminator("method_list_t")
+constexpr uint16_t MethodListPointerConstantDiscriminator = 0xC310;
+
+/// Constant discriminator to be used with objective-c isa pointers. The value
+/// is ptrauth_string_discriminator("isa")
+constexpr uint16_t IsaPointerConstantDiscriminator = 0x6AE1;
+
+/// Constant discriminator to be used with objective-c superclass pointers.
+/// The value is ptrauth_string_discriminator("objc_class:superclass")
+constexpr uint16_t SuperPointerConstantDiscriminator = 0xB5AB;
+
+/// Constant discriminator to be used with objective-c sel pointers. The value
+/// is ptrauth_string_discriminator("sel")
+constexpr uint16_t SelPointerConstantDiscriminator = 0x57c2;
+
+/// Constant discriminator to be used with objective-c class_ro_t pointers.
+/// The value is ptrauth_string_discriminator("class_data_bits")
+constexpr uint16_t ClassROConstantDiscriminator = 0x61F8;
+
constexpr unsigned PointerAuthKeyNone = -1;
/// Constant discriminator for std::type_info vtable pointers: 0xB1EA/45546
@@ -202,6 +222,21 @@ struct PointerAuthOptions {
/// The ABI for function addresses in .init_array and .fini_array
PointerAuthSchema InitFiniPointers;
+
+ /// The ABI for Objective-C method lists.
+ PointerAuthSchema ObjCMethodListFunctionPointers;
+
+ /// The ABI for a reference to an Objective-C method list in _class_ro_t.
+ PointerAuthSchema ObjCMethodListPointer;
+
+ /// The ABI for Objective-C isa pointers.
+ PointerAuthSchema ObjCIsaPointers;
+
+ /// The ABI for Objective-C superclass pointers.
+ PointerAuthSchema ObjCSuperPointers;
+
+ /// The ABI for Objective-C class_ro_t pointers.
+ PointerAuthSchema ObjCClassROPointers;
};
} // end namespace clang
diff --git a/clang/include/clang/Driver/Options.td b/clang/include/clang/Driver/Options.td
index 77379f1130149..e2b347246f7ab 100644
--- a/clang/include/clang/Driver/Options.td
+++ b/clang/include/clang/Driver/Options.td
@@ -4498,6 +4498,9 @@ defm ptrauth_init_fini_address_discrimination : OptInCC1FFlag<"ptrauth-init-fini
"Enable address discrimination of function pointers in init/fini arrays">;
defm ptrauth_elf_got : OptInCC1FFlag<"ptrauth-elf-got", "Enable authentication of pointers from GOT (ELF only)">;
defm aarch64_jump_table_hardening: OptInCC1FFlag<"aarch64-jump-table-hardening", "Use hardened lowering for jump-table dispatch">;
+defm ptrauth_objc_isa : OptInCC1FFlag<"ptrauth-objc-isa", "Enable signing and authentication of Objective-C object's 'isa' field">;
+defm ptrauth_objc_interface_sel : OptInCC1FFlag<"ptrauth-objc-interface-sel", "Enable signing and authentication of Objective-C object's 'SEL' fields">;
+defm ptrauth_objc_class_ro : OptInCC1FFlag<"ptrauth-objc-class-ro", "Enable signing and authentication for ObjC class_ro pointers">;
}
def fenable_matrix : Flag<["-"], "fenable-matrix">, Group<f_Group>,
diff --git a/clang/lib/AST/ASTContext.cpp b/clang/lib/AST/ASTContext.cpp
index 679812adcdf12..0499a81cd5231 100644
--- a/clang/lib/AST/ASTContext.cpp
+++ b/clang/lib/AST/ASTContext.cpp
@@ -9783,6 +9783,17 @@ ObjCInterfaceDecl *ASTContext::getObjCProtocolDecl() const {
return ObjCProtocolClassDecl;
}
+PointerAuthQualifier ASTContext::getObjCMemberSelTypePtrAuth() {
+ if (!getLangOpts().PointerAuthObjcInterfaceSel)
+ return PointerAuthQualifier();
+ return PointerAuthQualifier::Create(
+ getLangOpts().PointerAuthObjcInterfaceSelKey,
+ /*isAddressDiscriminated=*/true, SelPointerConstantDiscriminator,
+ PointerAuthenticationMode::SignAndAuth,
+ /*isIsaPointer=*/false,
+ /*authenticatesNullValues=*/false);
+}
+
//===----------------------------------------------------------------------===//
// __builtin_va_list Construction Functions
//===----------------------------------------------------------------------===//
diff --git a/clang/lib/CodeGen/CGBlocks.cpp b/clang/lib/CodeGen/CGBlocks.cpp
index f3ddf7bf9a463..1aba841eb5fc2 100644
--- a/clang/lib/CodeGen/CGBlocks.cpp
+++ b/clang/lib/CodeGen/CGBlocks.cpp
@@ -853,9 +853,24 @@ llvm::Value *CodeGenFunction::EmitBlockLiteral(const CGBlockInfo &blockInfo) {
offset += size;
index++;
};
+ auto addSignedHeaderField =
+ [&](llvm::Value *Value, const PointerAuthSchema &Schema,
+ GlobalDecl Decl, QualType Type, CharUnits Size, const Twine &Name) {
+ auto StorageAddress = projectField(index, Name);
+ if (Schema) {
+ auto AuthInfo = EmitPointerAuthInfo(
+ Schema, StorageAddress.emitRawPointer(*this), Decl, Type);
+ Value = EmitPointerAuthSign(AuthInfo, Value);
+ }
+ Builder.CreateStore(Value, StorageAddress);
+ offset += Size;
+ index++;
+ };
if (!IsOpenCL) {
- addHeaderField(isa, getPointerSize(), "block.isa");
+ addSignedHeaderField(
+ isa, CGM.getCodeGenOpts().PointerAuth.ObjCIsaPointers, GlobalDecl(),
+ QualType(), getPointerSize(), "block.isa");
addHeaderField(llvm::ConstantInt::get(IntTy, flags.getBitMask()),
getIntSize(), "block.flags");
addHeaderField(llvm::ConstantInt::get(IntTy, 0), getIntSize(),
@@ -1285,7 +1300,9 @@ static llvm::Constant *buildGlobalBlock(CodeGenModule &CGM,
if (IsWindows)
fields.addNullPointer(CGM.Int8PtrPtrTy);
else
- fields.add(CGM.getNSConcreteGlobalBlock());
+ fields.addSignedPointer(CGM.getNSConcreteGlobalBlock(),
+ CGM.getCodeGenOpts().PointerAuth.ObjCIsaPointers,
+ GlobalDecl(), QualType());
// __flags
BlockFlags flags = BLOCK_IS_GLOBAL;
diff --git a/clang/lib/CodeGen/CGObjC.cpp b/clang/lib/CodeGen/CGObjC.cpp
index 6f87444d3f672..24b6ce7c1c70d 100644
--- a/clang/lib/CodeGen/CGObjC.cpp
+++ b/clang/lib/CodeGen/CGObjC.cpp
@@ -1193,16 +1193,23 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
ivarAddr = ivarAddr.withElementType(bitcastType);
llvm::LoadInst *load = Builder.CreateLoad(ivarAddr, "load");
load->setAtomic(llvm::AtomicOrdering::Unordered);
+ llvm::Value *ivarVal = load;
+ if (PointerAuthQualifier PAQ = ivar->getType().getPointerAuth()) {
+ CGPointerAuthInfo SrcInfo = EmitPointerAuthInfo(PAQ, ivarAddr);
+ CGPointerAuthInfo TargetInfo =
+ CGM.getPointerAuthInfoForType(getterMethod->getReturnType());
+ ivarVal = emitPointerAuthResign(ivarVal, ivar->getType(), SrcInfo,
+ TargetInfo, /*isKnownNonNull=*/false);
+ }
// Store that value into the return address. Doing this with a
// bitcast is likely to produce some pretty ugly IR, but it's not
// the *most* terrible thing in the world.
llvm::Type *retTy = ConvertType(getterMethod->getReturnType());
uint64_t retTySize = CGM.getDataLayout().getTypeSizeInBits(retTy);
- llvm::Value *ivarVal = load;
if (ivarSize > retTySize) {
bitcastType = llvm::Type::getIntNTy(getLLVMContext(), retTySize);
- ivarVal = Builder.CreateTrunc(load, bitcastType);
+ ivarVal = Builder.CreateTrunc(ivarVal, bitcastType);
}
Builder.CreateStore(ivarVal, ReturnValue.withElementType(bitcastType));
@@ -1214,6 +1221,16 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
case PropertyImplStrategy::GetSetProperty: {
llvm::FunctionCallee getPropertyFn =
CGM.getObjCRuntime().GetPropertyGetFunction();
+
+ if (ivar->getType().getPointerAuth()) {
+ // This currently cannot be hit, but if we ever allow objc pointers
+ // to be signed, this will become possible. Reaching here would require
+ // a copy, weak, etc property backed by an authenticated pointer.
+ CGM.ErrorUnsupported(propImpl,
+ "Obj-C getter requiring pointer authentication");
+ return;
+ }
+
if (!getPropertyFn) {
CGM.ErrorUnsupported(propImpl, "Obj-C getter requiring atomic copy");
return;
@@ -1269,7 +1286,9 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
LValue LV = EmitLValueForIvar(TypeOfSelfObject(), LoadObjCSelf(), ivar, 0);
QualType ivarType = ivar->getType();
- switch (getEvaluationKind(ivarType)) {
+ auto EvaluationKind = getEvaluationKind(ivarType);
+ assert(!ivarType.getPointerAuth() || EvaluationKind == TEK_Scalar);
+ switch (EvaluationKind) {
case TEK_Complex: {
ComplexPairTy pair = EmitLoadOfComplex(LV, SourceLocation());
EmitStoreOfComplex(pair, MakeAddrLValue(ReturnValue, ivarType),
@@ -1287,6 +1306,11 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
case TEK_Scalar: {
llvm::Value *value;
if (propType->isReferenceType()) {
+ if (ivarType.getPointerAuth()) {
+ CGM.ErrorUnsupported(propImpl,
+ "Obj-C getter for authenticated reference type");
+ return;
+ }
value = LV.getAddress().emitRawPointer(*this);
} else {
// We want to load and autoreleaseReturnValue ARC __weak ivars.
@@ -1300,7 +1324,19 @@ CodeGenFunction::generateObjCGetterBody(const ObjCImplementationDecl *classImpl,
// Otherwise we want to do a simple load, suppressing the
// final autorelease.
} else {
- value = EmitLoadOfLValue(LV, SourceLocation()).getScalarVal();
+ if (PointerAuthQualifier PAQ = ivar->getType().getPointerAuth()) {
+ Address ivarAddr = LV.getAddress();
+ llvm::LoadInst *LoadInst = Builder.CreateLoad(ivarAddr, "load");
+ llvm::Value *Load = LoadInst;
+ auto SrcInfo = EmitPointerAuthInfo(PAQ, ivarAddr);
+ auto TargetInfo =
+ CGM.getPointerAuthInfoForType(getterMethod->getReturnType());
+ Load = emitPointerAuthResign(Load, ivarType, SrcInfo, TargetInfo,
+ /*isKnownNonNull=*/false);
+ value = Load;
+ } else
+ value = EmitLoadOfLValue(LV, SourceLocation()).getScalarVal();
+
AutoreleaseResult = false;
}
@@ -1490,6 +1526,14 @@ CodeGenFunction::generateObjCSetterBody(const ObjCImplementationDecl *classImpl,
llvm::Value *load = Builder.CreateLoad(argAddr);
+ if (PointerAuthQualifier PAQ = ivar->getType().getPointerAuth()) {
+ QualType PropertyType = propImpl->getPropertyDecl()->getType();
+ CGPointerAuthInfo SrcInfo = CGM.getPointerAuthInfoForType(PropertyType);
+ CGPointerAuthInfo TargetInfo = EmitPointerAuthInfo(PAQ, ivarAddr);
+ load = emitPointerAuthResign(load, ivar->getType(), SrcInfo, TargetInfo,
+ /*isKnownNonNull=*/false);
+ }
+
// Perform an atomic store. There are no memory ordering requirements.
llvm::StoreInst *store = Builder.CreateStore(load, ivarAddr);
store->setAtomic(llvm::AtomicOrdering::Unordered);
diff --git a/clang/lib/CodeGen/CGObjCMac.cpp b/clang/lib/CodeGen/CGObjCMac.cpp
index a52c92cdbc83b..8e71a576552d3 100644
--- a/clang/lib/CodeGen/CGObjCMac.cpp
+++ b/clang/lib/CodeGen/CGObjCMac.cpp
@@ -1935,7 +1935,9 @@ CGObjCCommonMac::GenerateConstantNSString(const StringLiteral *Literal) {
auto Fields = Builder.beginStruct(NSConstantStringType);
// Class pointer.
- Fields.add(Class);
+ Fields.addSignedPointer(Class,
+ CGM.getCodeGenOpts().PointerAuth.ObjCIsaPointers,
+ GlobalDecl(), QualType());
// String pointer.
llvm::Constant *C =
@@ -4975,10 +4977,7 @@ enum ImageInfoFlags {
eImageInfo_GCOnly = (1 << 2),
eImageInfo_OptimizedByDyld = (1 << 3), // This flag is set by the dyld shared cache.
- // A flag indicating that the module has no instances of a @synthesize of a
- // superclass variable. This flag used to be consumed by the runtime to work
- // around miscompile by gcc.
- eImageInfo_CorrectedSynthesize = (1 << 4), // This flag is no longer set by clang.
+ eImageInfo_SignedClassRO = (1 << 4), // Reused (was _CorrectedSynthesize)
eImageInfo_ImageIsSimulated = (1 << 5),
eImageInfo_ClassProperties = (1 << 6)
};
@@ -5036,6 +5035,17 @@ void CGObjCCommonMac::EmitImageInfo() {
// Indicate whether we are generating class properties.
Mod.addModuleFlag(llvm::Module::Error, "Objective-C Class Properties",
eImageInfo_ClassProperties);
+
+ // Indicate whether we want enforcement of pointer signing for class_ro_t
+ // pointers.
+ if (CGM.getLangOpts().PointerAuthObjcClassROPointers)
+ Mod.addModuleFlag(llvm::Module::Error,
+ "Objective-C Enforce ClassRO Pointer Signing",
+ eImageInfo_SignedClassRO);
+ else
+ Mod.addModuleFlag(llvm::Module::Error,
+ "Objective-C Enforce ClassRO Pointer Signing",
+ llvm::ConstantInt::get(Int8Ty, 0));
}
// struct objc_module {
@@ -6223,11 +6233,19 @@ llvm::GlobalVariable *CGObjCNonFragileABIMac::BuildClassRoTInitializer(
methods.push_back(MD);
}
- values.add(emitMethodList(ID->getObjCRuntimeNameAsString(),
- (flags & NonFragileABI_Class_Meta)
- ? MethodListType::ClassMethods
- : MethodListType::InstanceMethods,
- methods));
+ llvm::Constant *MethListPtr = emitMethodList(
+ ID->getObjCRuntimeNameAsString(),
+ (flags & NonFragileABI_Class_Meta) ? MethodListType::ClassMethods
+ : MethodListType::InstanceMethods,
+ methods);
+
+ const PointerAuthSchema &MethListSchema =
+ CGM.getCodeGenOpts().PointerAuth.ObjCMethodListPointer;
+ if (!MethListPtr->isNullValue())
+ values.addSignedPointer(MethListPtr, MethListSchema, GlobalDecl(),
+ QualType());
+ else
+ values.add(MethListPtr);
const ObjCInterfaceDecl *OID = ID->getClassInterface();
assert(OID && "CGObjCNonFragileABIMac::BuildClassRoTInitializer");
@@ -6275,15 +6293,20 @@ llvm::GlobalVariable *CGObjCNonFragileABIMac::BuildClassObject(
bool HiddenVisibility) {
ConstantInitBuilder builder(CGM);
auto values = builder.beginStruct(ObjCTypes.ClassnfABITy);
- values.add(IsAGV);
- if (SuperClassGV) {
- values.add(SuperClassGV);
- } else {
+ const PointerAuthOptions &PointerAuthOpts = CGM.getCodeGenOpts().PointerAuth;
+ values.addSignedPointer(IsAGV, PointerAuthOpts.ObjCIsaPointers, GlobalDecl(),
+ QualType());
+ if (SuperClassGV)
+ values.addSignedPointer(SuperClassGV, PointerAuthOpts.ObjCSuperPointers,
+ GlobalDecl(), QualType());
+ else
values.addNullPointer(ObjCTypes.ClassnfABIPtrTy);
- }
+
values.add(ObjCEmptyCacheVar);
values.add(ObjCEmptyVtableVar);
- values.add(ClassRoGV);
+
+ values.addSignedPointer(ClassRoGV, PointerAuthOpts.ObjCClassROPointers,
+ GlobalDecl(), QualType());
llvm::GlobalVariable *GV = cast<llvm::GlobalVariable>(
GetClassGlobal(CI, isMetaclass, ForDefinition));
@@ -6543,15 +6566,27 @@ void CGObjCNonFragileABIMac::GenerateCategory(const ObjCCategoryImplDecl *OCD) {
}
}
- auto instanceMethodList = emitMethodList(
+ llvm::Constant *InstanceMethodList = emitMethodList(
listName, MethodListType::CategoryInstanceMethods, instanceMethods);
- auto classMethodList = emitMethodList(
+ const PointerAuthSchema &MethListSchema =
+ CGM.getCodeGenOpts().PointerAuth.ObjCMethodListPointer;
+ if (!InstanceMethodList->isNullValue())
+ values.addSignedPointer(InstanceMethodList, MethListSchema, GlobalDecl(),
+ QualType());
+ else
+ values.add(InstanceMethodList);
+
+ llvm::Constant *ClassMethodList = emitMethodList(
listName, MethodListType::CategoryClassMethods, classMethods);
- values.add(instanceMethodList);
- values.add(classMethodList);
+ if (!ClassMethodList->isNullValue())
+ values.addSignedPointer(ClassMethodList, MethListSchema, GlobalDecl(),
+ QualType());
+ else
+ values.add(ClassMethodList);
+
// Keep track of whether we have actual metadata to emit.
bool isEmptyCategory =
- instanceMethodList->isNullValue() && classMethodList->isNullValue();
+ InstanceMethodList->isNullValue() && ClassMethodList->isNullValue();
const ObjCCategoryDecl *Category =
Interface->FindCategoryDeclaration(OCD->getIdentifier());
@@ -6629,7 +6664,13 @@ void CGObjCNonFragileABIMac::emitMethodConstant(ConstantArrayBuilder &builder,
} else {
llvm::Function *fn = GetMethodDefinition(MD);
assert(fn && "no definition for method?");
- method.add(fn);
+ if (const PointerAuthSchema &Schema =...
[truncated]
|
|
I'm obviously not qualified to review this but
|
ojhunt
force-pushed
the
users/ojhunt/ptrauth-objc
branch
from
568b646 to
3b0a91c
Compare
Good point
Probably - I may update the pointer auth section, in a future pr I may add more details for the other things that are already supported.
@cor3ntin Which C++ template cases would you like for tests? (I'm happy to add them but I'm not sure which things need them :D) |
This PR introduces the use of pointer authentication to objective-c[++]. This includes: * __ptrauth qualifier support for ivars * protection of isa and super fields * protection of SEL typed ivars * protection of class_ro_t data * protection of methodlist pointers and content
ojhunt
force-pushed
the
users/ojhunt/ptrauth-objc
branch
from
3b0a91c to
0d38b0d
Compare
|
dammit habitually force pushed a squash and rebase. #skilled. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR introduces the use of pointer authentication to objective-c[++].
This includes: