LLVM Pointer Authentication sync-ups

I can’t make it today Aug 14th, but should be able to next week. In the meantime I’m on discord as my real name, feel free to ping me there!

Glad you were able to join Discord. Do you have anything to add to today’s pauth meeting? Any progress on frontend / midend patches?

Thanks!

Dear All,

We are happy to provide the very first proof-of-concept branch of LLVM+clang+runtime libraries that includes pointer authentication support for ELF targets.

Everything is based on top of downstream branch by @ahmedbougacha with ELF support patches on top as well as some bug fixes.

There is also a patch for MUSL that adds support for pauth ELF relocations: [AArch64] Add initial support for PAC relocs by eleviant · Pull Request #1 · access-softek/musl · GitHub

We verified that LLVM testsuite compiled with pauth successfully passes on pauth-enabled AArch64 board.

Notes and known issues:

• There is some code generation instability (different, albeit correct, code is generation on Linux and Mac hosts)
• Complete LLDB support is currently WIP. For now stack tracing, etc. only works until the first signed pointers
• Some things are not yet decided / implemented (e.g. emission of .note sections, when / how one would check them inside dynamic loader, etc.).
• Relocation numbers are used from the still unmerged AArch64 ELF ABI pull request: [AAELF64][PAUTHABI64] Assign PAuthABI relocation codes. by smithp35 · Pull Request #227 · ARM-software/abi-aa · GitHub

Eventually all patches will be a part of LLVM mainline, however, there are some roadblocks that need to be broken. Please let us know if there are any issues, etc. with the code provided.

I’m a bit surprised by this because we do support unwinding on Linux when mbranch-protection is used (https://github.com/llvm/llvm-project/tree/main/lldb/test/API/functionalities/unwind/aarch64_unwind_pac). I assume there’s more to this than just that.

This was added back in ⚙ D99944 [LLDB] AArch64 Linux and elf-core PAC stack unwinder support and there’s been a whole bunch of other fixes for stuff like memory reading (I did a roundup for it here).

Also since then we moved the AArch64 lldb buildbot to Pointer Auth enabled hardware, so if you add a test case it is being checked regularly.

Let me know if you need any help with it and of course I can review any patches.

@akorobeynikov Does this implementation require hardware support or is there a fallback software implementation?

Thanks, David!

We are checking all the bits here and there. Sometimes there are just some corner cases that needs to be fixed after the main functionality is there.

Certainly the fixes (if any) will be submitted to the LLVM / LLDB mainline.

Stay tuned!

Currently it definitely assumes there is a hardware support for this. However, there is a pass that lowers corresponding intrinsics to the runtime function calls. It is not currently hooked to anything though

I tried using QEMU (both full-system and user-mode emulation) on x86_64 host and it looks usable, at least for quick local experiments. I use CPU model/settings max,pauth=on,pauth-impdef=on. In my setup, enabling PAuth with the default QARMA5 algorithm (such as if switching from CPU model cortex-a72 to max) makes execution several times slower and using not secure pauth-impdef algorithm instead (as explained in QEMU documentation) only slows things down by about 30% (compared to disabled PAuth) while still inserting some PAC values.

It was quiet here; however lots of pauth-changes are readily available in LLVM 19 release and LLVM mainline:

1. @ahmedbougacha @ahatanak @rjmccall et al ported many changes from Apple’s downstream branch. Besides the common pauth LLVM IR changes, the most important one is frontend support for C++ Pointer Authentication ABI that was presented previously at LLVM DevMeeting 2019 (https://llvm.org/devmtg/2019-10/talk-abstracts.html#tech15) and was available only on Apple targets as the arm64e ABI / platform.
2. Daniil Kovalev and @atrosinenko contributed the ELF codegeneration according to PAuth ABI Extension to ELF for AArch64 (authored by @smithp35 et al at ARM).
3. We’re now having a pauthtest ABI available for AArch64/Linux, so everyone can test pointer authentication on Linux. The reference implementation of required dynamic loader / standard library changes are available for Musl at [AArch64] Add initial support for PAC relocs by kovdan01 · Pull Request #2 · access-softek/musl · GitHub. LLVM testsuite passes on AArch64/Linux with pointer authentication enabled. One can either use -mabi=pauthtest or use pauthtest environment in target triple to enable pointer authentication ABI.

Still, there are some things that are currently work in progress:

1. Not all arm64e changes have been upstreamed. So, mainline support for pointer authentication on Apple targets is not there yet.
2. For ELF targets there are a few missed features including signed GOT (usually optional if the platform implements a read-only GOT) and signed TLS. There are PRs for these features, so hopefully they will be in LLVM mainline soon.
3. There are cases of missed optimizations around authenticated pointers. These optimizations are available in Apple downstream fork and have not been upstreamed yet.
4. The signing scheme is hardcoded as in pauthtest. We do not have a way for target (yet) to specify a signing scheme / ABI version for pauth.
5. We do not have any other ABIs besides pauthtest nor do we have a way to support multiple ABIs if necessary.
6. Some language extensions, the __ptrauth qualifier in particular is currently under discussion. See RFC: `__ptrauth` qualifier for more information.
7. There is some duplication in functionality wrt mainline PAC-RET codegen that is supposed to be unified soon.
8. We may want to revise some runtime libraries (libunwind in particular) to ensure it synthesizes pointers in safer way during exceptions handling.
9. Something else I might have forgotten

We do have a tracking project for pauh-related issues at Pointer Authentication Tasks · GitHub

Last, but not least, I would certainly want to thank everyone who made this possible. And if I’ve forgotten something or someone – this was not intentional, please do let me know, and I will certainly correct it.