[JITLink][AArch64] Ensure that nulls remain null during ptrauth signing.

lhames · lhames · commit 849346749077 · 2025-02-28T15:19:41.000+11:00
Signing a null pointer value can, and usually will, result in some high bits
being set, causing null checks to fail. E.g. in

extern void __attribute__((weak_import)) f(void);
void (*p) = &amp;f;

if f is undefined then p should be null (left unsigned).

This patch updates lowerPointer64AuthEdgesToSigningFunction to check for
Pointer64Authenticated edges to null targets. Where found, these edges are
turned into plain Pointer64 edges (which we know from context will write a null
value to the fixup location), and signing instructions for these locations are
omitted from the signing function.
diff --git a/llvm/lib/ExecutionEngine/JITLink/aarch64.cpp b/llvm/lib/ExecutionEngine/JITLink/aarch64.cpp
@@ -324,11 +324,18 @@ Error lowerPointer64AuthEdgesToSigningFunction(LinkGraph &G) {
 
       uint64_t EncodedInfo = E.getAddend();
       int32_t RealAddend = (uint32_t)(EncodedInfo & 0xffffffff);
+      auto ValueToSign = E.getTarget().getAddress() + RealAddend;
+      if (!ValueToSign) {
+        LLVM_DEBUG(dbgs() << "  " << B->getFixupAddress(E) << " <- null\n");
+        E.setAddend(RealAddend);
+        E.setKind(aarch64::Pointer64);
+        continue;
+      }
+
       uint32_t InitialDiscriminator = (EncodedInfo >> 32) & 0xffff;
       bool AddressDiversify = (EncodedInfo >> 48) & 0x1;
       uint32_t Key = (EncodedInfo >> 49) & 0x3;
       uint32_t HighBits = EncodedInfo >> 51;
-      auto ValueToSign = E.getTarget().getAddress() + RealAddend;
 
       if (HighBits != 0x1000)
         return make_error<JITLinkError>(
diff --git a/llvm/test/ExecutionEngine/JITLink/AArch64/MachO_ptrauth-null-global.s b/llvm/test/ExecutionEngine/JITLink/AArch64/MachO_ptrauth-null-global.s
@@ -0,0 +1,34 @@
+# RUN: llvm-mc -triple=arm64e-apple-macosx -filetype=obj -o %t.o %s
+# RUN: llvm-jitlink %t.o
+#
+# REQUIRES: system-darwin && host=arm64{{.*}}
+#
+# Check that arm64e ptrauth pass preserves nulls.
+#
+# Testcase derived from:
+#   extern void __attribute__((weak_import)) f(void);
+#   void (*p) = &f;
+#
+#   int main(int argc, char *argv[]) {
+#     return p ? 1 : 0;
+#   }
+
+        .section        __TEXT,__text,regular,pure_instructions
+        .globl  _main
+        .p2align        2
+_main:
+        adrp    x8, _p@PAGE
+        ldr     x8, [x8, _p@PAGEOFF]
+        cmp     x8, #0
+        cset    w0, ne
+        ret
+
+        .section        __DATA,__data
+        .globl  _p
+        .p2align        3, 0x0
+_p:
+        .quad   _f@AUTH(ia,0)
+
+        .weak_reference _f
+        .weak_reference l_f.ptrauth
+.subsections_via_symbols
