Date: Tue, 03 Jun 2025 11:10:16 -0300
On Tuesday, 3 June 2025 08:15:01 Brasilia Standard Time Frederick Virchanza
Gotham via Std-Proposals wrote:
> Your code did way more stuff than it was supposed to do. All it had to do
> was:
>
> (1) Get the vtable pointer from the object, conveniently always
> located at [base + 0x00]
> (2) Dereference the vtable pointer and substract 8 to yield the
> address of the type_info
No, it isn't.
You're missing the fact that on the ARM64e architecture with authenticated
pointers, the vtable entry in the class does not contain a pointer. It
contains an encrypted datum that, when passed to the instruction in question
with some extra information (an integer) is decrypted by the hardware into a
pointer. Therefore, you must known this extra information and, as Oliver has
repeatedly pointed out, it's different from class to class. Therefore, you
CANNOT decrypt it unless you know what class that was supposed to point to,
just as you cannot load the pointer with MSVC without knowing what offset from
the top of the object it was supposed to be at.
Now, I don't know if this will ever come to other OSes besides Apple's. Oliver
is saying there's a team working at getting it into Linux, but I am skeptical
*because* it is a new ABI. Maybe the market there is different and there's not
enough of an installed base yet to oppose replacing the ABI. Maybe it's only
for specific market segments where rebuilding the world is acceptable.
Or they'll finally get fat multi-arch binaries into Linux, which I would really
welcome.
Gotham via Std-Proposals wrote:
> Your code did way more stuff than it was supposed to do. All it had to do
> was:
>
> (1) Get the vtable pointer from the object, conveniently always
> located at [base + 0x00]
> (2) Dereference the vtable pointer and substract 8 to yield the
> address of the type_info
No, it isn't.
You're missing the fact that on the ARM64e architecture with authenticated
pointers, the vtable entry in the class does not contain a pointer. It
contains an encrypted datum that, when passed to the instruction in question
with some extra information (an integer) is decrypted by the hardware into a
pointer. Therefore, you must known this extra information and, as Oliver has
repeatedly pointed out, it's different from class to class. Therefore, you
CANNOT decrypt it unless you know what class that was supposed to point to,
just as you cannot load the pointer with MSVC without knowing what offset from
the top of the object it was supposed to be at.
Now, I don't know if this will ever come to other OSes besides Apple's. Oliver
is saying there's a team working at getting it into Linux, but I am skeptical
*because* it is a new ABI. Maybe the market there is different and there's not
enough of an installed base yet to oppose replacing the ABI. Maybe it's only
for specific market segments where rebuilding the world is acceptable.
Or they'll finally get fat multi-arch binaries into Linux, which I would really
welcome.
-- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Principal Engineer - Intel Platform & System Engineering
Received on 2025-06-03 14:10:25