[WIP] Introduce aarch64-unknown-linux-pauthtest target

[jchlanda]

View all comments

The target enables Pointer Authentication Code (PAC) support in Rust on AArch64
ELF based Linux systems using a pauthtest ABI (provided by LLVM) and
pauthtest-enabled sysroot with custom musl, serving as a reference libc
implementation. It requires dynamic linking with a pauthtest-enabled dynamic
linker serving as ELF interpreter capable of resolving pauth relocations and
respecting pauthtest ABI constraints.

Supported features include:

• authenticating signed function pointers for extern "C" function calls
  (corresponds to -fptrauth-calls included in pauthtest ABI as defined in
  LLVM)
• signing return address before spilling to stack and authenticating return
  address after restoring from stack for non-leaf functions (corresponds to
  -fptrauth-returns)
• trapping if authentication failure is detected and FPAC feature is not present
  (corresponds to -fptrauth-auth-traps)
• signing of init/fini array entries with the signing schema used for pauthtest
  ABI (corresponding to -fptrauth-init-fini,
  -fptrauth-init-fini-address-discrimination)
• non-ABI-affecting indirect control flow hardening features included in
  pauthtest ABI (corresponding to -faarch64-jump-table-hardening,
  -fptrauth-indirect-gotos)
• signed ELF GOT entries (gated behind -Z ptrauth-elf-got, off by default)

Existing compiler support, such as enabling branch authentication instructions
(i.e.: -Z branch-protection) provide limited functionality, mainly signing
return addresses (pac-ret). The new target goes further by enabling ABI-level
pointer authentication support.

Please note that efforts were made to split the work into individual commits
that encapsulate different areas of the code; however, the commits are not
atomic and cannot be built or tested in isolation.

Useful links:

• project goal
• issue describing the need for the work: Add support for AArch64 Pointer Authentication ABI in Rust #148640