Add retguard macros for arm64 asm and apply them in the straightforward

cases in kernel and libc.
ok deraadt@

diff --git a/lib/libc/arch/aarch64/gen/byte_swap_2.S b/lib/libc/arch/aarch64/gen/byte_swap_2.S
index 5bd951e..76b7db5 100644 (file)
--- a/lib/libc/arch/aarch64/gen/byte_swap_2.S
+++ b/lib/libc/arch/aarch64/gen/byte_swap_2.S
@@ -1,4 +1,4 @@
-/*     $OpenBSD: byte_swap_2.S,v 1.1 2017/01/11 18:09:24 patrick Exp $ */
+/*     $OpenBSD: byte_swap_2.S,v 1.2 2018/08/12 17:15:10 mortimer Exp $        */
 /*     $NetBSD: byte_swap_2.S,v 1.3 2003/04/05 23:08:51 bjh21 Exp $    */
 
 /*-
@@ -36,7 +36,9 @@ _ENTRY(_C_LABEL(__bswap16))
 _ENTRY(_C_LABEL(ntohs))
 _ENTRY(_C_LABEL(htons))
 _PROF_PROLOGUE
+       RETGUARD_SETUP(__bswap16, x15)
        and     w8, w0, #0xffff
         ubfx    w0, w0, #8, #8
        bfi     w0, w8, #8, #16
+       RETGUARD_CHECK(__bswap16, x15)
        ret

diff --git a/lib/libc/arch/aarch64/gen/byte_swap_4.S b/lib/libc/arch/aarch64/gen/byte_swap_4.S
index 6d9119b..dfc3db4 100644 (file)
--- a/lib/libc/arch/aarch64/gen/byte_swap_4.S
+++ b/lib/libc/arch/aarch64/gen/byte_swap_4.S
@@ -1,4 +1,4 @@
-/*     $OpenBSD: byte_swap_4.S,v 1.1 2017/01/11 18:09:24 patrick Exp $ */
+/*     $OpenBSD: byte_swap_4.S,v 1.2 2018/08/12 17:15:10 mortimer Exp $        */
 /*     $NetBSD: byte_swap_4.S,v 1.2 2003/04/05 23:08:51 bjh21 Exp $    */
 
 /*-
@@ -36,5 +36,7 @@ _ENTRY(_C_LABEL(__bswap32))
 _ENTRY(_C_LABEL(ntohl))
 _ENTRY(_C_LABEL(htonl))
 _PROF_PROLOGUE
+       RETGUARD_SETUP(__bswap32, x15)
        rev     w0, w0
+       RETGUARD_CHECK(__bswap32, x15)
        ret

diff --git a/lib/libc/arch/aarch64/sys/Ovfork.S b/lib/libc/arch/aarch64/sys/Ovfork.S
index 3dd8268..db40fb8 100644 (file)
--- a/lib/libc/arch/aarch64/sys/Ovfork.S
+++ b/lib/libc/arch/aarch64/sys/Ovfork.S
@@ -1,4 +1,4 @@
-/*     $OpenBSD: Ovfork.S,v 1.3 2017/11/22 20:36:02 kettenis Exp $     */
+/*     $OpenBSD: Ovfork.S,v 1.4 2018/08/12 17:15:10 mortimer Exp $     */
 /*     $NetBSD: Ovfork.S,v 1.6 2003/08/07 16:42:03 agc Exp $   */
 
 /*-
@@ -35,9 +35,11 @@
 #include "SYS.h"
 
 SYSENTRY_HIDDEN(vfork)
+       RETGUARD_SETUP(vfork, x15)
        mov     x2, x30
        SYSTRAP(vfork)
        bcs     CERROR
        mov     x30, x2
+       RETGUARD_CHECK(vfork, x15)
        ret
 SYSCALL_END_HIDDEN(vfork)

diff --git a/lib/libc/arch/aarch64/sys/brk.S b/lib/libc/arch/aarch64/sys/brk.S
index af0e31d..574c615 100644 (file)
--- a/lib/libc/arch/aarch64/sys/brk.S
+++ b/lib/libc/arch/aarch64/sys/brk.S
@@ -1,4 +1,4 @@
-/*     $OpenBSD: brk.S,v 1.4 2017/11/22 20:36:02 kettenis Exp $        */
+/*     $OpenBSD: brk.S,v 1.5 2018/08/12 17:15:10 mortimer Exp $        */
 /*     $NetBSD: brk.S,v 1.7 2003/12/26 11:23:44 martin Exp $   */
 
 /*-
@@ -48,6 +48,7 @@ __minbrk:
  * Change the data segment size
  */
 ENTRY(brk)
+       RETGUARD_SETUP(brk, x15)
 #ifdef __PIC__
        /* Setup the GOT */
        adrp    x3, :got:__minbrk
@@ -81,6 +82,7 @@ ENTRY(brk)
 
        /* Return 0 for success */
        mov     x0, #0x00000000
+       RETGUARD_CHECK(brk, x15)
        ret
 
        .align  3

diff --git a/lib/libc/arch/aarch64/sys/cerror.S b/lib/libc/arch/aarch64/sys/cerror.S
index 4ef8359..e12dcf4 100644 (file)
--- a/lib/libc/arch/aarch64/sys/cerror.S
+++ b/lib/libc/arch/aarch64/sys/cerror.S
@@ -1,4 +1,4 @@
-/*     $OpenBSD: cerror.S,v 1.4 2017/03/19 00:29:02 guenther Exp $     */
+/*     $OpenBSD: cerror.S,v 1.5 2018/08/12 17:15:10 mortimer Exp $     */
 /*-
  * Copyright (c) 2014 Andrew Turner
  * All rights reserved.
@@ -32,8 +32,10 @@
 #define TCB_OFFSET_ERRNO       (-12)
 
 _ENTRY(CERROR)
+       RETGUARD_SETUP(CERROR, x15)
        mrs     x1, tpidr_el0
        str     w0, [x1, #TCB_OFFSET_ERRNO]
        movn    x0, #0
+       RETGUARD_CHECK(CERROR, x15)
        ret
 END(CERROR)

diff --git a/lib/libc/arch/aarch64/sys/sbrk.S b/lib/libc/arch/aarch64/sys/sbrk.S
index 75b25a7..1e3bd83 100644 (file)
--- a/lib/libc/arch/aarch64/sys/sbrk.S
+++ b/lib/libc/arch/aarch64/sys/sbrk.S
@@ -1,4 +1,4 @@
-/*     $OpenBSD: sbrk.S,v 1.3 2017/11/22 20:36:02 kettenis Exp $       */
+/*     $OpenBSD: sbrk.S,v 1.4 2018/08/12 17:15:10 mortimer Exp $       */
 /*     $NetBSD: sbrk.S,v 1.7 2003/08/07 16:42:05 agc Exp $     */
 
 /*-
@@ -49,6 +49,7 @@ __curbrk:
  * Change the data segment size
  */
 ENTRY(sbrk)
+       RETGUARD_SETUP(sbrk, x15)
 #ifdef __PIC__
        /* Setup the GOT */
        adrp    x3, :got:__curbrk
@@ -71,6 +72,7 @@ ENTRY(sbrk)
        str     x1, [x2]
 
        /* Return old curbrk value */
+       RETGUARD_CHECK(sbrk, x15)
        ret
 
        .align  3

diff --git a/lib/libc/arch/aarch64/sys/sigpending.S b/lib/libc/arch/aarch64/sys/sigpending.S
index 076473b..c532274 100644 (file)
--- a/lib/libc/arch/aarch64/sys/sigpending.S
+++ b/lib/libc/arch/aarch64/sys/sigpending.S
@@ -1,4 +1,4 @@
-/*     $OpenBSD: sigpending.S,v 1.2 2017/02/23 22:50:07 patrick Exp $  */
+/*     $OpenBSD: sigpending.S,v 1.3 2018/08/12 17:15:10 mortimer Exp $ */
 /*     $NetBSD: sigpending.S,v 1.5 2003/08/07 16:42:05 agc Exp $       */
 
 /*-
@@ -35,10 +35,12 @@
 #include "SYS.h"
 
 SYSENTRY(sigpending)
+       RETGUARD_SETUP(sigpending, x15)
        mov     x2, x0
        SYSTRAP(sigpending)
        bcs     CERROR
        str     w0, [x2]
        mov     x0, #0
+       RETGUARD_CHECK(sigpending, x15)
        ret
 SYSCALL_END(sigpending)

diff --git a/lib/libc/arch/aarch64/sys/sigprocmask.S b/lib/libc/arch/aarch64/sys/sigprocmask.S
index 7a9ea68..a07ef23 100644 (file)
--- a/lib/libc/arch/aarch64/sys/sigprocmask.S
+++ b/lib/libc/arch/aarch64/sys/sigprocmask.S
@@ -1,4 +1,4 @@
-/*     $OpenBSD: sigprocmask.S,v 1.2 2017/02/22 22:18:51 patrick Exp $ */
+/*     $OpenBSD: sigprocmask.S,v 1.3 2018/08/12 17:15:10 mortimer Exp $        */
 /*     $NetBSD: sigprocmask.S,v 1.5 2003/08/07 16:42:05 agc Exp $      */
 
 /*-
@@ -35,6 +35,7 @@
 #include "SYS.h"
 
 SYSENTRY_HIDDEN(sigprocmask)
+       RETGUARD_SETUP(sigprocmask, x15)
        cbz     x1, 1f
        ldr     w1, [x1]
        b       2f
@@ -49,5 +50,6 @@ SYSENTRY_HIDDEN(sigprocmask)
        str     w0, [x2]
 1:
        mov     x0, #0x00000000
+       RETGUARD_CHECK(sigprocmask, x15)
        ret
 SYSCALL_END_HIDDEN(sigprocmask)

diff --git a/lib/libc/arch/aarch64/sys/sigsuspend.S b/lib/libc/arch/aarch64/sys/sigsuspend.S
index 9be04da..d28d037 100644 (file)
--- a/lib/libc/arch/aarch64/sys/sigsuspend.S
+++ b/lib/libc/arch/aarch64/sys/sigsuspend.S
@@ -1,4 +1,4 @@
-/*     $OpenBSD: sigsuspend.S,v 1.1 2017/01/11 18:09:24 patrick Exp $  */
+/*     $OpenBSD: sigsuspend.S,v 1.2 2018/08/12 17:15:10 mortimer Exp $ */
 /*     $NetBSD: sigsuspend.S,v 1.6 2003/08/07 16:42:05 agc Exp $       */
 
 /*-
@@ -35,9 +35,11 @@
 #include "SYS.h"
 
 SYSENTRY_HIDDEN(sigsuspend)
+       RETGUARD_SETUP(sigsuspend, x15)
        ldr     w0, [x0]
        SYSTRAP(sigsuspend)
        bcs     CERROR
        mov     x0, #0
+       RETGUARD_CHECK(sigsuspend, x15)
        ret
 SYSCALL_END_HIDDEN(sigsuspend)

diff --git a/lib/libc/arch/aarch64/sys/tfork_thread.S b/lib/libc/arch/aarch64/sys/tfork_thread.S
index 5dda781..6e515c3 100644 (file)
--- a/lib/libc/arch/aarch64/sys/tfork_thread.S
+++ b/lib/libc/arch/aarch64/sys/tfork_thread.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: tfork_thread.S,v 1.2 2017/02/20 08:42:46 patrick Exp $ */
+/* $OpenBSD: tfork_thread.S,v 1.3 2018/08/12 17:15:10 mortimer Exp $ */
 /*
  * Copyright (c) 2005 Dale Rahn <drahn@openbsd.org>
  *
@@ -24,11 +24,13 @@
  */
 
 ENTRY(__tfork_thread)
+       RETGUARD_SETUP(__tfork_thread, x15)
        SYSTRAP(__tfork)
        bcs     CERROR
 
        /* check if we are parent or child */
        cbz     x0, 1f
+       RETGUARD_CHECK(__tfork_thread, x15)
        ret
 
 1:

diff --git a/sys/arch/arm64/arm64/copy.S b/sys/arch/arm64/arm64/copy.S
index af9f015..4ced221 100644 (file)
--- a/sys/arch/arm64/arm64/copy.S
+++ b/sys/arch/arm64/arm64/copy.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: copy.S,v 1.4 2017/12/30 10:20:34 kettenis Exp $ */
+/* $OpenBSD: copy.S,v 1.5 2018/08/12 17:15:10 mortimer Exp $ */
 /*
  * Copyright (c) 2015 Dale Rahn <drahn@dalerahn.com>
  * Copyright (c) 2014 Patrick Wildt <patrick@blueri.se>
@@ -34,8 +34,10 @@
  * XXX should this assert that address spaces are correct for each address?
  */
 ENTRY(copyin)
+       RETGUARD_SETUP(copy, x15)
        cbnz    x2, 1f
        mov     x0, 0
+       RETGUARD_CHECK(copy, x15)
        ret
 1:
        mrs     x3, tpidr_el1                   // load cpuinfo
@@ -53,11 +55,13 @@ ENTRY(copyin)
 
        str     x4, [x3, #(PCB_ONFAULT)]        // clear handler
        mov     x0, xzr
+       RETGUARD_CHECK(copy, x15)
        ret
 
 .Lcopyfault:
        mov     x0, #EFAULT
        ldr     x4, [x3, #(PCB_ONFAULT)]
+       RETGUARD_CHECK(copy, x15)
        ret
 
 /*
@@ -69,6 +73,7 @@ ENTRY(copyin)
  * XXX should this assert that address spaces are correct for each address?
  */
 ENTRY(copyin32)
+       RETGUARD_SETUP(copy, x15)
        mrs     x3, tpidr_el1                   // load cpuinfo
        ldr     x3, [x3, #(CI_CURPCB)]
        ldr     x4, [x3, #(PCB_ONFAULT)]
@@ -80,6 +85,7 @@ ENTRY(copyin32)
 
        str     x4, [x3, #(PCB_ONFAULT)]        // clear handler
        mov     x0, xzr
+       RETGUARD_CHECK(copy, x15)
        ret
 
 /*
@@ -93,8 +99,10 @@ ENTRY(copyin32)
  */
 
 ENTRY(copyout)
+       RETGUARD_SETUP(copy, x15)
        cbnz    x2, 1f
        mov     x0, 0
+       RETGUARD_CHECK(copy, x15)
        ret
 1:
        mrs     x3, tpidr_el1                   // load cpuinfo
@@ -112,6 +120,7 @@ ENTRY(copyout)
 
        str     x4, [x3, #(PCB_ONFAULT)]        // clear handler
        mov     x0, xzr
+       RETGUARD_CHECK(copy, x15)
        ret
 
 /*
@@ -123,8 +132,10 @@ ENTRY(copyout)
  */
 
 ENTRY(kcopy)
+       RETGUARD_SETUP(copy, x15)
        cbnz    x2, 1f
        mov     x0, 0
+       RETGUARD_CHECK(copy, x15)
        ret
 1:
        mrs     x3, tpidr_el1                   // load cpuinfo
@@ -141,4 +152,5 @@ ENTRY(kcopy)
 
        str     x4, [x3, #(PCB_ONFAULT)]        // clear handler
        mov     x0, xzr
+       RETGUARD_CHECK(copy, x15)
        ret

diff --git a/sys/arch/arm64/arm64/copystr.S b/sys/arch/arm64/arm64/copystr.S
index 3c13b3a..6273584 100644 (file)
--- a/sys/arch/arm64/arm64/copystr.S
+++ b/sys/arch/arm64/arm64/copystr.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: copystr.S,v 1.3 2017/02/15 21:39:50 patrick Exp $ */
+/* $OpenBSD: copystr.S,v 1.4 2018/08/12 17:15:10 mortimer Exp $ */
 /*
  * Copyright (c) 2015 Dale Rahn <drahn@dalerahn.com>
  * Copyright (c) 2014 Patrick Wildt <patrick@blueri.se>
@@ -35,6 +35,7 @@
  * Copy string from x0 to x1
  */
 ENTRY(copystr)
+       RETGUARD_SETUP(copystr, x15)
        mrs     x6, tpidr_el1                   // load curcpu
        ldr     x6, [x6, #(CI_CURPCB)]
        ldr     x5, [x6, #(PCB_ONFAULT)]
@@ -65,6 +66,7 @@ ENTRY(copystr)
        str     x8, [x3]
 2:
        str     x5, [x6, #(PCB_ONFAULT)]
+       RETGUARD_CHECK(copystr, x15)
        ret
 
 /*
@@ -76,6 +78,7 @@ ENTRY(copystr)
  * Copy string from user space to kernel space
  */
 ENTRY(copyinstr)
+       RETGUARD_SETUP(copystr, x15)
        mrs     x6, tpidr_el1                   // load curcpu
        ldr     x6, [x6, #(CI_CURPCB)]
        ldr     x5, [x6, #(PCB_ONFAULT)]
@@ -104,6 +107,7 @@ ENTRY(copyinstr)
  * Copy string from kernel space to user space
  */
 ENTRY(copyoutstr)
+       RETGUARD_SETUP(copystr, x15)
        mrs     x6, tpidr_el1                   // load curcpu
        ldr     x6, [x6, #(CI_CURPCB)]
        ldr     x5, [x6, #(PCB_ONFAULT)]

diff --git a/sys/arch/arm64/arm64/cpufunc_asm.S b/sys/arch/arm64/arm64/cpufunc_asm.S
index 94a127d..44c5272 100644 (file)
--- a/sys/arch/arm64/arm64/cpufunc_asm.S
+++ b/sys/arch/arm64/arm64/cpufunc_asm.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: cpufunc_asm.S,v 1.4 2018/01/10 23:27:18 kettenis Exp $ */
+/* $OpenBSD: cpufunc_asm.S,v 1.5 2018/08/12 17:15:10 mortimer Exp $ */
 /*-
  * Copyright (c) 2014 Robin Randhawa
  * Copyright (c) 2015 The FreeBSD Foundation
@@ -71,7 +71,6 @@
 .if \ic != 0
        isb
 .endif
-       ret
 .endm
 
 /*
@@ -79,44 +78,54 @@
  */
 
 ENTRY(cpu_setttb)
+       RETGUARD_SETUP(cpu_setttb, x15)
        mrs     x2, ttbr1_el1
        bfi     x2, x0, #48, #16
        msr     ttbr1_el1, x2
        isb
        msr     ttbr0_el1, x1
        isb
+       RETGUARD_CHECK(cpu_setttb, x15)
        ret
 END(cpu_setttb)
 
 ENTRY(cpu_tlb_flush)
+       RETGUARD_SETUP(cpu_tlb_flush, x15)
        dsb     ishst
        tlbi    vmalle1is
        dsb     ish
        isb
+       RETGUARD_CHECK(cpu_tlb_flush, x15)
        ret
 END(cpu_tlb_flush)
 
 ENTRY(cpu_tlb_flush_asid)
+       RETGUARD_SETUP(cpu_tlb_flush_asid, x15)
        dsb     ishst
        tlbi    vae1is, x0
        dsb     ish
        isb
+       RETGUARD_CHECK(cpu_tlb_flush_asid, x15)
        ret
 END(cpu_tlb_flush_asid)
 
 ENTRY(cpu_tlb_flush_all_asid)
+       RETGUARD_SETUP(cpu_tlb_flush_all_asid, x15)
        dsb     ishst
        tlbi    vaale1is, x0
        dsb     ish
        isb
+       RETGUARD_CHECK(cpu_tlb_flush_all_asid, x15)
        ret
 END(cpu_tlb_flush_all_asid)
 
 ENTRY(cpu_tlb_flush_asid_all)
+       RETGUARD_SETUP(cpu_tlb_flush_asid_all, x15)
        dsb     ishst
        tlbi    aside1is, x0
        dsb     ish
        isb
+       RETGUARD_CHECK(cpu_tlb_flush_asid_all, x15)
        ret
 END(cpu_tlb_flush_asid_all)
 
@@ -124,14 +133,20 @@ END(cpu_tlb_flush_asid_all)
  * void cpu_dcache_wb_range(vaddr_t, vsize_t)
  */
 ENTRY(cpu_dcache_wb_range)
+       RETGUARD_SETUP(cpu_dcache_wb_range, x15)
        cache_handle_range      dcop = cvac
+       RETGUARD_CHECK(cpu_dcache_wb_range, x15)
+       ret
 END(cpu_dcache_wb_range)
 
 /*
  * void cpu_dcache_wbinv_range(vaddr_t, vsize_t)
  */
 ENTRY(cpu_dcache_wbinv_range)
+       RETGUARD_SETUP(cpu_dcache_wbinv_range, x15)
        cache_handle_range      dcop = civac
+       RETGUARD_CHECK(cpu_dcache_wbinv_range, x15)
+       ret
 END(cpu_dcache_wbinv_range)
 
 /*
@@ -141,19 +156,28 @@ END(cpu_dcache_wbinv_range)
  * must use wb-inv of the entire cache.
  */
 ENTRY(cpu_dcache_inv_range)
+       RETGUARD_SETUP(cpu_dcache_inv_range, x15)
        cache_handle_range      dcop = ivac
+       RETGUARD_CHECK(cpu_dcache_inv_range, x15)
+       ret
 END(cpu_dcache_inv_range)
 
 /*
  * void cpu_idcache_wbinv_range(vaddr_t, vsize_t)
  */
 ENTRY(cpu_idcache_wbinv_range)
+       RETGUARD_SETUP(cpu_idcache_wbinv_range, x15)
        cache_handle_range      dcop = civac, ic = 1, icop = ivau
+       RETGUARD_CHECK(cpu_idcache_wbinv_range, x15)
+       ret
 END(cpu_idcache_wbinv_range)
 
 /*
  * void cpu_icache_sync_range(vaddr_t, vsize_t)
  */
 ENTRY(cpu_icache_sync_range)
+       RETGUARD_SETUP(cpu_icache_sync_range, x15)
        cache_handle_range      dcop = cvau, ic = 1, icop = ivau
+       RETGUARD_CHECK(cpu_icache_sync_range, x15)
+       ret
 END(cpu_icache_sync_range)

diff --git a/sys/arch/arm64/arm64/support.S b/sys/arch/arm64/arm64/support.S
index ea0212b..7653276 100644 (file)
--- a/sys/arch/arm64/arm64/support.S
+++ b/sys/arch/arm64/arm64/support.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: support.S,v 1.6 2017/08/09 03:06:55 jsg Exp $ */
+/* $OpenBSD: support.S,v 1.7 2018/08/12 17:15:10 mortimer Exp $ */
 /*-
  * Copyright (c) 2014 Andrew Turner
  * Copyright (c) 2014-2015 The FreeBSD Foundation
@@ -83,6 +83,7 @@ END(longjmp)
  * pagezero, simple implementation
  */
 ENTRY(pagezero_simple)
+       RETGUARD_SETUP(pagezero_simple, x15)
        add     x1, x0, #PAGE_SIZE
 
 1:
@@ -92,6 +93,7 @@ ENTRY(pagezero_simple)
        stp     xzr, xzr, [x0], #0x10
        cmp     x0, x1
        b.ne    1b
+       RETGUARD_CHECK(pagezero_simple, x15)
        ret
 
 END(pagezero_simple)
@@ -100,6 +102,7 @@ END(pagezero_simple)
  * pagezero, cache assisted
  */
 ENTRY(pagezero_cache)
+       RETGUARD_SETUP(pagezero_cache, x15)
        add     x1, x0, #PAGE_SIZE
 
        ldr     x2, =dczva_line_size
@@ -110,6 +113,7 @@ ENTRY(pagezero_cache)
        add     x0, x0, x2
        cmp     x0, x1
        b.ne    1b
+       RETGUARD_CHECK(pagezero_cache, x15)
        ret
 
 END(pagezero_cache)

diff --git a/sys/arch/arm64/include/asm.h b/sys/arch/arm64/include/asm.h
index 35c911f..f31386e 100644 (file)
--- a/sys/arch/arm64/include/asm.h
+++ b/sys/arch/arm64/include/asm.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: asm.h,v 1.3 2017/06/29 17:36:16 deraadt Exp $ */
+/*     $OpenBSD: asm.h,v 1.4 2018/08/12 17:15:10 mortimer Exp $        */
 /*     $NetBSD: asm.h,v 1.4 2001/07/16 05:43:32 matt Exp $     */
 
 /*
@@ -82,6 +82,44 @@
 # define _PROF_PROLOGUE
 #endif
 
+#if defined(_RET_PROTECTOR)
+# define RETGUARD_SETUP(x, reg) \
+       RETGUARD_SYMBOL(x); \
+       adrp    reg, __CONCAT(__retguard_, x); \
+       ldr     reg, [reg, :lo12:__CONCAT(__retguard_, x)]; \
+       eor     reg, reg, x30
+# define RETGUARD_CHECK(x, reg) \
+       eor     reg, reg, x30; \
+       adrp    x9, __CONCAT(__retguard_, x); \
+       ldr     x9, [x9, :lo12:__CONCAT(__retguard_, x)]; \
+       subs    reg, reg, x9; \
+       cbz     reg, 66f; \
+       brk     #0x1; \
+66:
+# define RETGUARD_PUSH(reg) \
+       str     reg, [sp, #-16]!
+# define RETGUARD_POP(reg) \
+       ldr     reg, [sp, #16]!
+# define RETGUARD_SYMBOL(x) \
+       .ifndef __CONCAT(__retguard_, x); \
+       .hidden __CONCAT(__retguard_, x); \
+       .type   __CONCAT(__retguard_, x),@object; \
+       .pushsection .openbsd.randomdata.retguard,"aw",@progbits; \
+       .weak   __CONCAT(__retguard_, x); \
+       .p2align 3; \
+       __CONCAT(__retguard_, x): ; \
+       .xword 0; \
+       .size __CONCAT(__retguard_, x), 8; \
+       .popsection; \
+       .endif
+#else
+# define RETGUARD_SETUP(x, reg)
+# define RETGUARD_CHECK(x, reg)
+# define RETGUARD_PUSH(reg)
+# define RETGUARD_POP(reg)
+# define RETGUARD_SYMBOL(x)
+#endif
+
 #define        ENTRY(y)        _ENTRY(_C_LABEL(y)); _PROF_PROLOGUE
 #define        ENTRY_NP(y)     _ENTRY(_C_LABEL(y))
 #define        ASENTRY(y)      _ENTRY(_ASM_LABEL(y)); _PROF_PROLOGUE