Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-06-19 08:02:29 +00:00
Code Issues Projects Releases Packages Wiki Activity
cpython/Python/asm_trampoline.S
Victor Stinner c863e96455
[3.14] gh-139808: Add branch protections for aarch64 in asm_trampoline.S (#130864) (#150189) 
gh-139808: Add branch protections for aarch64 in asm_trampoline.S (#130864)

Apply protection against ROP/JOP attacks for aarch64 on asm_trampoline.S.

The BTI flag must be applied in assembler sources for this class
of attacks to be mitigated on newer aarch64 processors.

See also:
https://sourceware.org/annobin/annobin.html/Test-branch-protection.html
and
https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enabling-pac-and-bti-on-aarch64

The 3.14 backport makes Python/jit_unwind.c changes in
Python/perf_jit_trampoline.c.


(cherry picked from commit da8477b25c)

Co-authored-by: stratakis <cstratak@redhat.com>
2026-05-21 18:41:26 +02:00

63 lines
1.4 KiB
ArmAsm
Raw Blame History

#include "asm_trampoline_aarch64.h"
.text
.globl _Py_trampoline_func_start
# The following assembly is equivalent to:
# PyObject *
# trampoline(PyThreadState *ts, _PyInterpreterFrame *f,
# int throwflag, py_evaluator evaluator)
# {
# return evaluator(ts, f, throwflag);
# }
_Py_trampoline_func_start:
#ifdef __x86_64__
#if defined(__CET__) && (__CET__ & 1)
endbr64
#endif
push %rbp
mov %rsp, %rbp
call *%rcx
pop %rbp
ret
#endif // __x86_64__
#if defined(__aarch64__) && defined(__AARCH64EL__) && !defined(__ILP32__)
// ARM64 little endian, 64bit ABI
// generate with aarch64-linux-gnu-gcc 12.1
SIGN_LR
stp x29, x30, [sp, -16]!
mov x29, sp
blr x3
ldp x29, x30, [sp], 16
VERIFY_LR
ret
#endif
#ifdef __riscv
addi sp,sp,-16
sd ra,8(sp)
jalr a3
ld ra,8(sp)
addi sp,sp,16
jr ra
#endif
.globl _Py_trampoline_func_end
_Py_trampoline_func_end:
.section .note.GNU-stack,"",@progbits
# Note for indicating the assembly code supports CET
#if defined(__x86_64__) && defined(__CET__) && (__CET__ & 1)
.section .note.gnu.property,"a"
.align 8
.long 1f - 0f
.long 4f - 1f
.long 5
0:
.string "GNU"
1:
.align 8
.long 0xc0000002
.long 3f - 2f
2:
.long 0x3
3:
.align 8
4:
#endif // __x86_64__
Reference in a new issue View git blame Copy permalink