Stowage/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-06-05 09:21:43 +00:00
Code Issues Projects Releases Packages Wiki Activity
cpython/Python/asm_trampoline.S
stratakis da8477b25c
gh-139808: Add branch protections for aarch64 in asm_trampoline.S (#130864) 
Apply protection against ROP/JOP attacks for aarch64 on asm_trampoline.S.

The BTI flag must be applied in assembler sources for this class
of attacks to be mitigated on newer aarch64 processors.

See also:
https://sourceware.org/annobin/annobin.html/Test-branch-protection.html
and
https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enabling-pac-and-bti-on-aarch64

Co-authored-by: Victor Stinner <vstinner@python.org>
2026-05-12 15:42:44 +00:00

76 lines
1.6 KiB
ArmAsm
Raw Blame History

#include "asm_trampoline_aarch64.h"
.text
#if defined(__APPLE__)
.globl __Py_trampoline_func_start
#else
.globl _Py_trampoline_func_start
#endif
# The following assembly is equivalent to:
# PyObject *
# trampoline(PyThreadState *ts, _PyInterpreterFrame *f,
# int throwflag, py_evaluator evaluator)
# {
# return evaluator(ts, f, throwflag);
# }
#if defined(__APPLE__)
__Py_trampoline_func_start:
#else
_Py_trampoline_func_start:
#endif
#ifdef __x86_64__
#if defined(__CET__) && (__CET__ & 1)
endbr64
#endif
push %rbp
mov %rsp, %rbp
call *%rcx
pop %rbp
ret
#endif // __x86_64__
#if defined(__aarch64__) && defined(__AARCH64EL__) && !defined(__ILP32__)
// ARM64 little endian, 64bit ABI
// generate with aarch64-linux-gnu-gcc 12.1
SIGN_LR
stp x29, x30, [sp, -16]!
mov x29, sp
blr x3
ldp x29, x30, [sp], 16
VERIFY_LR
ret
#endif
#ifdef __riscv
addi sp,sp,-16
sd ra,8(sp)
jalr a3
ld ra,8(sp)
addi sp,sp,16
jr ra
#endif
#if defined(__APPLE__)
.globl __Py_trampoline_func_end
__Py_trampoline_func_end:
#else
.globl _Py_trampoline_func_end
_Py_trampoline_func_end:
.section .note.GNU-stack,"",@progbits
#endif
# Note for indicating the assembly code supports CET
#if defined(__x86_64__) && defined(__CET__) && (__CET__ & 1)
.section .note.gnu.property,"a"
.align 8
.long 1f - 0f
.long 4f - 1f
.long 5
0:
.string "GNU"
1:
.align 8
.long 0xc0000002
.long 3f - 2f
2:
.long 0x3
3:
.align 8
4:
#endif // __x86_64__
Reference in a new issue View git blame Copy permalink