OpenBSD Journal

clang -fret-clean on the horizon for OpenBSD/arm64

Contributed by Peter N. M. Hansteen on from the clean my arm returns dept.

While we were busy with other things, Theo de Raadt (deraadt@) is continuing the work on bringing the clang option to clean return addresses off the stack, as reported upon earlier, to OpenBSD/arm64.

Theo posted an early version of the code to tech@, saying

List:       openbsd-tech
Subject:    arm64 -fret-clean attempt
From:       "Theo de Raadt" <deraadt () openbsd ! org>
Date:       2024-07-02 5:50:45

I've been trying to write -fret-clean for arm64.

On a return-stack architecture like amd64, the callee has to clean up the
word on the stack upon return.

arm64, like some other risc architectures, is a link-register architecture.
In this case, the return address is saved in some temporary location by
the caller, who loads it into the link register before returning.  Before
that moment, the caller has to clean it up.
After running around in the swamp for a while, I came up with this variation
that inserts the correct instruction at the correct place.  It works, as long
as the optimizer is turned off with -O0.

But as soon as the optimizer is turned on, it appears that
AArch64LoadStoreOpt::mergeUpdateInsn gets confused and re-arranges the
instruction incorrectly.  I think it has an assumption that the regions
is encounters will only be either prologue (containing only stores to
the stack), or epilogue (containing only restores, meaning loads, from
the stack), and it doesn't understand that I've added a store inbetween
these loads and it merges them incorrectly.  I've been unable to figure
out how to solve this.

Anyways, I'm throwing this incomplete code out there in case someone
else wants to take a shot at it.

Thanks.

The message then goes on to the patch against -current for enterprising individuals to play with.

If you think you can help in this effort, please dive in!

(Comments are closed)


Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]