[JITLink][arm64][MachO] Apply PAC signing to __mod_init_func pointers.

lhames · lhames · commit 0cfd20ed1b85 · 2024-11-22T11:18:52.000+11:00
The __mod_init_func section contains pointers to static initializer functions. In the static compilation model for MachO/arm64e these are unsigned pointers that are signed by dyld before being called. This patch teaches JITLink's MachO/arm64 backend to sign __mod_init_func pointers using the PAC signing function introduced in a432f11 (signing is triggered by rewriting all Pointer64 edges in the section to Pointer64Authenticated edges). This means that unlike the static compilation model the linked __mod_init_func section will contain signed pointers. Note: Signing of init pointers could instead have been handled by the ORC runtime in a manner similar to dyld, but this would have come at the cost of adding an extra signing oracle. Using the signing function avoids this. Testing this change requires execution. It is covered by the trivial-cxx-constructor.cpp testcase that was added to the ORC runtime in 7c07863.
diff --git a/llvm/lib/ExecutionEngine/JITLink/MachO_arm64.cpp b/llvm/lib/ExecutionEngine/JITLink/MachO_arm64.cpp
@@ -594,6 +594,35 @@ createLinkGraphFromMachOObject_arm64(MemoryBufferRef ObjectBuffer) {
       .buildGraph();
 }
 
+static Error applyPACSigningToModInitPointers(LinkGraph &G) {
+  assert(G.getTargetTriple().getSubArch() == Triple::AArch64SubArch_arm64e &&
+         "PAC signing only valid for arm64e");
+
+  if (auto *ModInitSec = G.findSectionByName("__DATA,__mod_init_func")) {
+    for (auto *B : ModInitSec->blocks()) {
+      for (auto &E : B->edges()) {
+        if (E.getKind() == aarch64::Pointer64) {
+
+          // Check that we have room to encode pointer signing bits.
+          if (E.getAddend() >> 32)
+            return make_error<JITLinkError>(
+                "In " + G.getName() + ", __mod_init_func pointer at " +
+                formatv("{0:x}", B->getFixupAddress(E).getValue()) +
+                " has data in high bits of addend (addend >= 2^32)");
+
+          // Change edge to Pointer64Authenticated, encode signing:
+          // key = asia, discriminator = 0, diversity = 0.
+          Edge::AddendT SigningBits = 0x1ULL << 63;
+          E.setKind(aarch64::Pointer64Authenticated);
+          E.setAddend(E.getAddend() | SigningBits);
+        }
+      }
+    }
+  }
+
+  return Error::success();
+}
+
 void link_MachO_arm64(std::unique_ptr<LinkGraph> G,
                       std::unique_ptr<JITLinkContext> Ctx) {
 
@@ -626,6 +655,7 @@ void link_MachO_arm64(std::unique_ptr<LinkGraph> G,
 
     // If this is an arm64e graph then add pointer signing passes.
     if (G->getTargetTriple().isArm64e()) {
+      Config.PostPrunePasses.push_back(applyPACSigningToModInitPointers);
       Config.PostPrunePasses.push_back(
           aarch64::createEmptyPointerSigningFunction);
       Config.PreFixupPasses.push_back(
