11.0.0: Difference between revisions

Line 101:

** New nnSdk code relies on this behavior.

* SetupStackForUserModeThreadStarter (KThreadContext::Initialize) now sets X18 to (<cryptographically random u64> | 1), this value is unique for each thread.

** This is used for ~~CFI~~ changes in web browser.

** This is used for Pointer Authentication changes in web browser.

* KCoreLocalRegion deleted, replaced with pointer-to-current-thread

** TPIDR_EL1 != X18 now, and TPIDR_EL1 now always points to the exception thread stack.

Line 264:

=== [[Internet_Browser|Web-applets]] ===

These are now compiled with compiler CFI mitigations enabled. This does not apply to non-web-applets. ~~This~~ uses the crc32x instruction, and x18 as a cryptographically-random u64 provided by the kernel.

These are now compiled with compiler Pointer Authentication / CFI mitigations enabled. This does not apply to non-web-applets.

Pointer Authentication uses the crc32x instruction, and x18 as a cryptographically-random u64 provided by the kernel.

This is used to add/subtract x30 starting with bit40, during functions entry/exit. The code for entry/exit is identical, except that entry does add, and exit uses subtract:

Line 271:

Line 273:

* Then the previously mentioned add/subtraction operation is done, with the output from the above shifted to bit40.

blr instructions no longer exist~~: when~~ funcptrs are called, new functions are now called instead which handles the call. The u32 at funcptr_addr-4 must match 0xe7ffdefe, otherwise it will branch to undefined instruction 0x0000dead. Otherwise, it will jump to the funcptr_addr.

CFI is implemented as follows: blr instructions no longer exist. When funcptrs are called, new functions are now called instead which handles the call. The u32 at funcptr_addr-4 must match 0xe7ffdefe, otherwise it will branch to undefined instruction 0x0000dead. Otherwise, it will jump to the funcptr_addr.

Almost all functions now have the above u32 at -4, therefore funcptr calls now have to start at the actual funcptr start. However, this doesn't apply to calls done during functions' exit: these directly br to the funcptr_addr without extra validation.

The above applies to all NSOs in ExeFs, except for LibraryAppletOfflineWeb which doesn't have it enabled. The NROs in the BrowserDll SystemData have ~~CFI~~ enabled for "/nro/netfront/dll_1/", however "dll_0" doesn't have it enabled (which is used by LibraryAppletOfflineWeb).

The above applies to all NSOs in ExeFs, except for LibraryAppletOfflineWeb which doesn't have it enabled. The NROs in the BrowserDll SystemData have it enabled for "/nro/netfront/dll_1/", however "dll_0" doesn't have it enabled (which is used by LibraryAppletOfflineWeb).

This is referred to in the build-path strings as "NX-NXFP2-a64-cfi" (nnSdkEmpty), and "NX64-cfi" (OSS).

@@ Line 101: / Line 101: @@
 ** New nnSdk code relies on this behavior.
 * SetupStackForUserModeThreadStarter (KThreadContext::Initialize) now sets X18 to (<cryptographically random u64> | 1), this value is unique for each thread.
-** This is used for CFI changes in web browser.
+** This is used for Pointer Authentication changes in web browser.
 * KCoreLocalRegion deleted, replaced with pointer-to-current-thread
 ** TPIDR_EL1 != X18 now, and TPIDR_EL1 now always points to the exception thread stack.
@@ Line 264: / Line 264: @@
 === [[Internet_Browser|Web-applets]] ===
-These are now compiled with compiler CFI mitigations enabled. This does not apply to non-web-applets. This uses the crc32x instruction, and x18 as a cryptographically-random u64 provided by the kernel.
+These are now compiled with compiler Pointer Authentication / CFI mitigations enabled. This does not apply to non-web-applets.
+Pointer Authentication uses the crc32x instruction, and x18 as a cryptographically-random u64 provided by the kernel.
 This is used to add/subtract x30 starting with bit40, during functions entry/exit. The code for entry/exit is identical, except that entry does add, and exit uses subtract:
@@ Line 271: / Line 273: @@
 * Then the previously mentioned add/subtraction operation is done, with the output from the above shifted to bit40.
-blr instructions no longer exist: when funcptrs are called, new functions are now called instead which handles the call. The u32 at funcptr_addr-4 must match 0xe7ffdefe, otherwise it will branch to undefined instruction 0x0000dead. Otherwise, it will jump to the funcptr_addr.
+CFI is implemented as follows: blr instructions no longer exist. When funcptrs are called, new functions are now called instead which handles the call. The u32 at funcptr_addr-4 must match 0xe7ffdefe, otherwise it will branch to undefined instruction 0x0000dead. Otherwise, it will jump to the funcptr_addr.
 Almost all functions now have the above u32 at -4, therefore funcptr calls now have to start at the actual funcptr start. However, this doesn't apply to calls done during functions' exit: these directly br to the funcptr_addr without extra validation.
-The above applies to all NSOs in ExeFs, except for LibraryAppletOfflineWeb which doesn't have it enabled. The NROs in the BrowserDll SystemData have CFI enabled for "/nro/netfront/dll_1/", however "dll_0" doesn't have it enabled (which is used by LibraryAppletOfflineWeb).
+The above applies to all NSOs in ExeFs, except for LibraryAppletOfflineWeb which doesn't have it enabled. The NROs in the BrowserDll SystemData have it enabled for "/nro/netfront/dll_1/", however "dll_0" doesn't have it enabled (which is used by LibraryAppletOfflineWeb).
 This is referred to in the build-path strings as "NX-NXFP2-a64-cfi" (nnSdkEmpty), and "NX64-cfi" (OSS).