Apply protection against ROP/JOP attacks for aarch64 on asm_trampoline.S

stratakis · stratakis · commit d97e78dd08ee · 2025-01-08T05:40:06.000+01:00
The BTI flag must be applied in assembler sources for this class of attacks to be mitigated on newer aarch64 processors. See also: https://sourceware.org/annobin/annobin.html/Test-branch-protection.html and https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enabling-pac-and-bti-on-aarch64
diff --git a/Python/asm_trampoline.S b/Python/asm_trampoline.S
@@ -18,6 +18,7 @@ _Py_trampoline_func_start:
 #if defined(__aarch64__) && defined(__AARCH64EL__) && !defined(__ILP32__)
     // ARM64 little endian, 64bit ABI
     // generate with aarch64-linux-gnu-gcc 12.1
+    bti c
     stp     x29, x30, [sp, -16]!
     mov     x29, sp
     blr     x3
@@ -53,3 +54,20 @@ _Py_trampoline_func_end:
     .align 8
 4:
 #endif // __x86_64__
+#if defined(__aarch64__) && defined(__AARCH64EL__) && !defined(__ILP32__) \
+ && defined(__ARM_FEATURE_BTI_DEFAULT) && __ARM_FEATURE_BTI_DEFAULT == 1
+    .pushsection    .note.gnu.property, "a"
+    .align  3
+    .word   2f - 1f
+    .word   4f - 3f
+    .word   5            /* NT_GNU_PROPERTY_TYPE_0 */
+1:  .asciz  "GNU"
+
+2:  .align  3
+3:  .word   0xc0000000   /* type: GNU_PROPERTY_AARCH64_FEATURE_1_AND */
+    .word   6f - 5f      /* size */
+5:  .word   1            /* value: GNU_PROPERTY_AARCH64_FEATURE_1_BTI */
+
+6:  .align  3
+4:  .popsection
+#endif
