commit: 6bbf0c30ca4449e325beb2d28db00d258d3a1a10
[log]
author: Fei Peng <airpfei@gmail.com>
Wed Sep 03 21:41:53 2025 +0800
committer: GitHub <noreply@github.com>
Wed Sep 03 15:41:53 2025 +0200
tree: 4d123c49119fa5f87b2e7d25c092c15c3bdc1388
parent: b5f6ce6a1f5a8f42f9506f3a1b17b80b30e3e717 [diff]

[sanitizer] Fix prctl interceptor causing PAC authentication failure (#153081)

The root cause of this crash is that prctl(PR_PAC_RESET_KEYS) generates
a new PAC key. As a result, paciasp and autiasp use different keys,
leading to the crash.

The solution is: if prctl's option is PR_PAC_RESET_KEYS, call real_prctl
directly. This is implemented in assembly, so there are no PAC
instructions involved.

Related issue: https://github.com/android/ndk/issues/1848

```
0000000000095468 <__interceptor_prctl>:
   95468: d503233f     	paciasp
   9546c: d10183ff     	sub	sp, sp, #0x60
   95470: a90267fe     	stp	x30, x25, [sp, #0x20]
   95474: a9035ff8     	stp	x24, x23, [sp, #0x30]
   95478: a90457f6     	stp	x22, x21, [sp, #0x40]
   9547c: a9054ff4     	stp	x20, x19, [sp, #0x50]
   95480: aa1e03f4     	mov	x20, x30
   95484: aa0403f3     	mov	x19, x4
   95488: aa0303f6     	mov	x22, x3
   9548c: aa0203f7     	mov	x23, x2
   95490: aa0103f5     	mov	x21, x1
   95494: 2a0003f8     	mov	w24, w0
   95498: 940172ec     	bl	0xf2048 <_ZN6__tsan10cur_threadEv>
   9549c: 4f05e540     	movi	v0.16b, #0xaa
   954a0: 52801548     	mov	w8, #0xaa               // =170
   954a4: aa1403fe     	mov	x30, x20
   954a8: 39007fe8     	strb	w8, [sp, #0x1f]
   954ac: aa0003f4     	mov	x20, x0
   954b0: 910043e0     	add	x0, sp, #0x10
   954b4: aa1403e1     	mov	x1, x20
   954b8: bc01b3e0     	stur	s0, [sp, #0x1b]
   954bc: d50320ff     	xpaclri
   954c0: aa1e03e3     	mov	x3, x30
   954c4: 97ffb461     	bl	0x82648 <_ZN6__tsan17ScopedInterceptorC2EPNS_11ThreadStateEPKcm>
   954c8: 97ff75ea     	bl	0x72c70 <_ZN11__sanitizer10StackTrace12GetCurrentPcEv>
   954cc: 394c2688     	ldrb	w8, [x20, #0x309]
   954d0: 7100051f     	cmp	w8, #0x1
   954d4: 540000c1     	b.ne	0x954ec <__interceptor_prctl+0x84>
   954d8: b9400a88     	ldr	w8, [x20, #0x8]
   954dc: 35000088     	cbnz	w8, 0x954ec <__interceptor_prctl+0x84>
   954e0: 394c2288     	ldrb	w8, [x20, #0x308]
   954e4: 7100051f     	cmp	w8, #0x1
   954e8: 54000501     	b.ne	0x95588 <__interceptor_prctl+0x120>
   954ec: f0001128     	adrp	x8, 0x2bc000 <_ZN6__tsanL23interceptor_placeholderE+0xcac0>
   954f0: 2a1803e0     	mov	w0, w24
   954f4: aa1503e1     	mov	x1, x21
   954f8: f9452508     	ldr	x8, [x8, #0xa48]
   954fc: aa1703e2     	mov	x2, x23
   95500: aa1603e3     	mov	x3, x22
   95504: aa1303e4     	mov	x4, x19
   95508: d63f0100     	blr	x8
   9550c: f9400bf3     	ldr	x19, [sp, #0x10]
   95510: 394c2668     	ldrb	w8, [x19, #0x309]
   95514: 7100051f     	cmp	w8, #0x1
   95518: 540002a1     	b.ne	0x9556c <__interceptor_prctl+0x104>
   9551c: 39406be8     	ldrb	w8, [sp, #0x1a]
   95520: 7100051f     	cmp	w8, #0x1
   95524: 54000d60     	b.eq	0x956d0 <__interceptor_prctl+0x268>
   95528: 394067e8     	ldrb	w8, [sp, #0x19]
   9552c: 7100051f     	cmp	w8, #0x1
   95530: 54000de0     	b.eq	0x956ec <__interceptor_prctl+0x284>
   95534: b9400a68     	ldr	w8, [x19, #0x8]
   95538: 350001a8     	cbnz	w8, 0x9556c <__interceptor_prctl+0x104>
   9553c: b9403268     	ldr	w8, [x19, #0x30]
   95540: 35000e48     	cbnz	w8, 0x95708 <__interceptor_prctl+0x2a0>
   95544: f9400e68     	ldr	x8, [x19, #0x18]
   95548: 91002109     	add	x9, x8, #0x8
   9554c: f27c1d3f     	tst	x9, #0xff0
   95550: 54000ec0     	b.eq	0x95728 <__interceptor_prctl+0x2c0>
   95554: 5280004a     	mov	w10, #0x2               // =2
   95558: f900010a     	str	x10, [x8]
   9555c: f9000e69     	str	x9, [x19, #0x18]
   95560: f9400a68     	ldr	x8, [x19, #0x10]
   95564: d1002108     	sub	x8, x8, #0x8
   95568: f9000a68     	str	x8, [x19, #0x10]
   9556c: a9454ff4     	ldp	x20, x19, [sp, #0x50]
   95570: a94457f6     	ldp	x22, x21, [sp, #0x40]
   95574: a9435ff8     	ldp	x24, x23, [sp, #0x30]
   95578: a94267fe     	ldp	x30, x25, [sp, #0x20]
   9557c: 910183ff     	add	sp, sp, #0x60
   95580: d50323bf     	autiasp
   95584: d65f03c0     	ret
   ...
```

compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc[diff]

1 file changed

tree: 4d123c49119fa5f87b2e7d25c092c15c3bdc1388

README.md

The LLVM Compiler Infrastructure

Welcome to the LLVM project!

This repository contains the source code for LLVM, a toolkit for the construction of highly optimized compilers, optimizers, and run-time environments.

The LLVM project has multiple components. The core of the project is itself called “LLVM”. This contains all of the tools, libraries, and header files needed to process intermediate representations and convert them into object files. Tools include an assembler, disassembler, bitcode analyzer, and bitcode optimizer.

C-like languages use the Clang frontend. This component compiles C, C++, Objective-C, and Objective-C++ code into LLVM bitcode -- and from there into object files, using LLVM.

Other components include: the libc++ C++ standard library, the LLD linker, and more.

Getting the Source Code and Building LLVM

Consult the Getting Started with LLVM page for information on building and running LLVM.

For information on how to contribute to the LLVM project, please take a look at the Contributing to LLVM guide.

Getting in touch

Join the LLVM Discourse forums, Discord chat, LLVM Office Hours or Regular sync-ups.

The LLVM project has adopted a code of conduct for participants to all modes of communication within the project.