Prefix entrypoints with 0xFF so we can do extra checks.
Add check to ensure we do not read method header from libart.so
Bug: 123510633
Test: m -j40 cts && cts-tradefed run cts \
--test android.jvmti.cts.JvmtiHostTest1927#testJvmti \
--module CtsJvmtiRunTest1927HostTestCases
Change-Id: Ic3e42e3bd4fbda3b11c7e265ed114770139151b9
diff --git a/runtime/arch/arm/asm_support_arm.S b/runtime/arch/arm/asm_support_arm.S
index eeac743..633591d 100644
--- a/runtime/arch/arm/asm_support_arm.S
+++ b/runtime/arch/arm/asm_support_arm.S
@@ -54,7 +54,7 @@
// Common ENTRY declaration code for ARM and thumb, an ENTRY should always be paired with an END.
// Declares the RUNTIME_CURRENT[123] macros that can be used within an ENTRY and will have literals
// generated at END.
-.macro DEF_ENTRY thumb_or_arm, name
+.macro DEF_ENTRY thumb_or_arm, name, alignment
\thumb_or_arm
// Clang ignores .thumb_func and requires an explicit .thumb. Investigate whether we should still
// carry around the .thumb_func.
@@ -64,8 +64,12 @@
.type \name, #function
.hidden \name // Hide this as a global symbol, so we do not incur plt calls.
.global \name
+ // ART-compiled functions have OatQuickMethodHeader but assembly funtions do not.
+ // Prefix the assembly code with 0xFFs, which means there is no method header.
+ .byte 0xFF, 0xFF, 0xFF, 0xFF
// Cache alignment for function entry.
- .balign 16
+ // NB: 0xFF because there is a bug in balign where 0x00 creates nop instructions.
+ .balign \alignment, 0xFF
\name:
.cfi_startproc
.fnstart
@@ -88,12 +92,15 @@
// A thumb2 style ENTRY.
.macro ENTRY name
- DEF_ENTRY .thumb_func, \name
+ DEF_ENTRY .thumb_func, \name, 16
+.endm
+.macro ENTRY_ALIGNED name, alignment
+ DEF_ENTRY .thumb_func, \name, \alignment
.endm
// A ARM style ENTRY.
.macro ARM_ENTRY name
- DEF_ENTRY .arm, \name
+ DEF_ENTRY .arm, \name, 16
.endm
// Terminate an ENTRY and generate GOT_PREL references.
diff --git a/runtime/arch/arm/quick_entrypoints_arm.S b/runtime/arch/arm/quick_entrypoints_arm.S
index 1153a77..3450444 100644
--- a/runtime/arch/arm/quick_entrypoints_arm.S
+++ b/runtime/arch/arm/quick_entrypoints_arm.S
@@ -2624,8 +2624,7 @@
* (6 bytes). Loads the return register and jumps to the runtime call.
*/
#if defined(USE_READ_BARRIER) && defined(USE_BAKER_READ_BARRIER)
- .balign 512
-ENTRY art_quick_read_barrier_mark_introspection
+ENTRY_ALIGNED art_quick_read_barrier_mark_introspection, 512
// At this point, IP contains the reference, rMR is clobbered by the thunk
// and can be freely used as it will be set back to 1 before returning.
// For heap poisoning, the reference is poisoned, so unpoison it first.
diff --git a/runtime/arch/arm64/asm_support_arm64.S b/runtime/arch/arm64/asm_support_arm64.S
index 715fc35..3eb0991 100644
--- a/runtime/arch/arm64/asm_support_arm64.S
+++ b/runtime/arch/arm64/asm_support_arm64.S
@@ -40,16 +40,24 @@
#define wMR w20
#endif
-.macro ENTRY name
+.macro ENTRY_ALIGNED name, alignment
.type \name, #function
.hidden \name // Hide this as a global symbol, so we do not incur plt calls.
.global \name
- /* Cache alignment for function entry */
- .balign 16
+ // ART-compiled functions have OatQuickMethodHeader but assembly funtions do not.
+ // Prefix the assembly code with 0xFFs, which means there is no method header.
+ .byte 0xFF, 0xFF, 0xFF, 0xFF
+ // Cache alignment for function entry.
+ // NB: 0xFF because there is a bug in balign where 0x00 creates nop instructions.
+ .balign \alignment, 0xFF
\name:
.cfi_startproc
.endm
+.macro ENTRY name
+ ENTRY_ALIGNED \name, 16
+.endm
+
.macro END name
.cfi_endproc
.size \name, .-\name
diff --git a/runtime/arch/arm64/quick_entrypoints_arm64.S b/runtime/arch/arm64/quick_entrypoints_arm64.S
index 9f3377e..5945c45 100644
--- a/runtime/arch/arm64/quick_entrypoints_arm64.S
+++ b/runtime/arch/arm64/quick_entrypoints_arm64.S
@@ -2790,8 +2790,7 @@
* art_quick_read_barrier_mark_introspection_gc_roots:
* GC root entrypoint code.
*/
- .balign 512
-ENTRY art_quick_read_barrier_mark_introspection
+ENTRY_ALIGNED art_quick_read_barrier_mark_introspection, 512
// At this point, IP0 contains the reference, IP1 can be freely used.
// For heap poisoning, the reference is poisoned, so unpoison it first.
UNPOISON_HEAP_REF wIP0
diff --git a/runtime/arch/x86/asm_support_x86.S b/runtime/arch/x86/asm_support_x86.S
index c9514f5..cd5ebd7 100644
--- a/runtime/arch/x86/asm_support_x86.S
+++ b/runtime/arch/x86/asm_support_x86.S
@@ -113,7 +113,11 @@
/* Cache alignment for function entry */
MACRO0(ALIGN_FUNCTION_ENTRY)
- .balign 16
+ // ART-compiled functions have OatQuickMethodHeader but assembly funtions do not.
+ // Prefix the assembly code with 0xFFs, which means there is no method header.
+ .byte 0xFF, 0xFF, 0xFF, 0xFF
+ // Cache alignment for function entry.
+ .balign 16, 0xFF
END_MACRO
MACRO2(DEFINE_FUNCTION_CUSTOM_CFA, c_name, cfa_offset)
diff --git a/runtime/arch/x86_64/asm_support_x86_64.S b/runtime/arch/x86_64/asm_support_x86_64.S
index 28018c5..6b09a6e 100644
--- a/runtime/arch/x86_64/asm_support_x86_64.S
+++ b/runtime/arch/x86_64/asm_support_x86_64.S
@@ -109,7 +109,11 @@
/* Cache alignment for function entry */
MACRO0(ALIGN_FUNCTION_ENTRY)
- .balign 16
+ // ART-compiled functions have OatQuickMethodHeader but assembly funtions do not.
+ // Prefix the assembly code with 0xFFs, which means there is no method header.
+ .byte 0xFF, 0xFF, 0xFF, 0xFF
+ // Cache alignment for function entry.
+ .balign 16, 0xFF
END_MACRO
// TODO: we might need to use SYMBOL() here to add the underscore prefix
diff --git a/runtime/oat_quick_method_header.h b/runtime/oat_quick_method_header.h
index 8798c69..e41c7ee 100644
--- a/runtime/oat_quick_method_header.h
+++ b/runtime/oat_quick_method_header.h
@@ -76,6 +76,10 @@
}
uint32_t GetCodeSize() const {
+ // ART compiled method are prefixed with header, but we can also easily
+ // accidentally use a function pointer to one of the stubs/trampolines.
+ // We prefix those with 0xFF in the aseembly so that we can do DCHECKs.
+ CHECK_NE(code_size_, 0xFFFFFFFF) << code_;
return code_size_ & kCodeSizeMask;
}