Merge pull request #71076 from kubamracek/embedded-isa-signing

kubamracek · web-flow · commit 3659ea768c0b · 2024-01-23T11:58:13.000-08:00
[embedded] Resolve ptrauth crashes by signing HeapObjects's isa pointers in embedded Swift
diff --git a/stdlib/public/SwiftShims/swift/shims/EmbeddedShims.h b/stdlib/public/SwiftShims/swift/shims/EmbeddedShims.h
@@ -43,16 +43,29 @@ extern "C" {
 
 typedef void SWIFT_CC_swift (*HeapObjectDestroyer)(SWIFT_CONTEXT void *object);
 
-static inline void _swift_embedded_invoke_heap_object_destroy(void *object) {
-  void *metadata = *(void **)object;
+typedef struct EmbeddedHeapObject {
+#if __has_feature(ptrauth_calls)
+  void * __ptrauth(2, 1, 0x6ae1) metadata;
+#else
+  void *metadata;
+#endif
+} EmbeddedHeapObject;
+
+static inline void
+_swift_embedded_invoke_heap_object_destroy(void *object) {
+  void *metadata = ((EmbeddedHeapObject *)object)->metadata;
   void **destroy_location = &((void **)metadata)[1];
 #if __has_feature(ptrauth_calls)
-  (*(HeapObjectDestroyer __ptrauth(0,1,0xbbbf) *)destroy_location)(object);
+  (*(HeapObjectDestroyer __ptrauth(0, 1, 0xbbbf) *)destroy_location)(object);
 #else
   (*(HeapObjectDestroyer *)destroy_location)(object);
 #endif
 }
 
+static inline void _swift_embedded_set_heap_object_metadata_pointer(void *object, void *metadata) {
+  ((EmbeddedHeapObject *)object)->metadata = metadata;
+}
+
 #ifdef __cplusplus
 } // extern "C"
 #endif
diff --git a/stdlib/public/core/EmbeddedRuntime.swift b/stdlib/public/core/EmbeddedRuntime.swift
@@ -19,12 +19,15 @@ public struct ClassMetadata {
 
   // There is no way to express the actual calling convention on the heap desroy
   // function (swiftcc with 'self') currently, so let's use UnsafeRawPointer
-  // and a helper function in C (_swift_runtime_invoke_heap_object_destroy).
+  // and a helper function in C (_swift_embedded_invoke_heap_object_destroy).
   var destroy: UnsafeRawPointer
 }
 
 public struct HeapObject {
-  var metadata: UnsafeMutablePointer<ClassMetadata>
+  // There is no way to express the custom ptrauth signature on the metadata
+  // field, so let's use UnsafeRawPointer and a helper function in C instead
+  // (_swift_embedded_set_heap_object_metadata_pointer).
+  var metadata: UnsafeRawPointer
 
   // TODO: This is just an initial support for strong refcounting only. We need
   // to think about supporting (or banning) weak and/or unowned references.
@@ -82,7 +85,7 @@ public func swift_slowDealloc(_ ptr: UnsafeMutableRawPointer, _ size: Int, _ ali
 public func swift_allocObject(metadata: UnsafeMutablePointer<ClassMetadata>, requiredSize: Int, requiredAlignmentMask: Int) -> UnsafeMutablePointer<HeapObject> {
   let p = swift_slowAlloc(requiredSize, requiredAlignmentMask)!
   let object = p.assumingMemoryBound(to: HeapObject.self)
-  object.pointee.metadata = metadata
+  _swift_embedded_set_heap_object_metadata_pointer(object, metadata)
   object.pointee.refcount = 1
   return object
 }
@@ -103,14 +106,14 @@ public func swift_deallocClassInstance(object: UnsafeMutablePointer<HeapObject>,
 
 @_silgen_name("swift_initStaticObject")
 public func swift_initStaticObject(metadata: UnsafeMutablePointer<ClassMetadata>, object: UnsafeMutablePointer<HeapObject>) -> UnsafeMutablePointer<HeapObject> {
-  object.pointee.metadata = metadata
+  _swift_embedded_set_heap_object_metadata_pointer(object, metadata)
   object.pointee.refcount = HeapObject.immortalRefCount
   return object
 }
 
 @_silgen_name("swift_initStackObject")
 public func swift_initStackObject(metadata: UnsafeMutablePointer<ClassMetadata>, object: UnsafeMutablePointer<HeapObject>) -> UnsafeMutablePointer<HeapObject> {
-  object.pointee.metadata = metadata
+  _swift_embedded_set_heap_object_metadata_pointer(object, metadata)
   object.pointee.refcount = 1 | HeapObject.doNotFreeBit
   return object
 }
