One enabled with -mbranch-protection=pac-ret[+b-key|+leaf|+pc]*. This is present in current mainline llvm. Details:
a)sign-return-address llvm module flag is set (and optionally sign-return-address-all with +leaf);
b) PAUTH_PROLOGUE and PAUTH_EPILOGUE pseudo-instructions are emitted in AArch64FrameLowering::emitPrologue and AArch64FrameLowering::emitEpilogue; these pseudos are later expanded by AArch64PointerAuth pass;
c) both A and B keys can be used (depending on +b-key and corresponding function attribute sign-return-address-key or module flag sign-return-address-with-bkey);
d) using pc register as additional modifier is supported with +pc (corresponding module flag is branch-protection-pauth-lr).
One enabled with -fptrauth-returns. This is present in Apple downstream and is a subject for upstreaming.
a) ptrauth-returns attribute is set on functions we want this to be enabled;
b) actual codegen logic is implemented in AArch64FrameLowering::emitPrologue and AArch64FrameLowering::emitEpilogue - we emit actual instructions like pacibsp directly there;
c) B key is always used;
d) using pc register as additional modifier is not supported.
If there is downstream functionality present for -fptrauth-returns in downstream but not present for -mbranch-protection=pac-ret in mainline - upstream that.
Make upstream generate code equal to downstream when -fptrauth-returns is passed without bringing the second implementation to mainline. Only present mainline implementation should be left in terms of codegen, probably with some additions (see previous point). Possible ways to do that:
a) set "sign-return-address" and "sign-return-address-with-bkey" function attributes when -fptrauth-returns is passed;
b) set "ptrauth-returns" function attribute (like in downstream and similar to other attributes like "ptrauth-calls", "ptrauth-auth-traps", etc) and add a check against that near existing checks against "sign-return-address" and "sign-return-address-with-bkey".
Support -mbranch-protection=pauthabi+pac-ret+b-key. Since pac-ret+b-key should do the same thing as -fptrauth-returns, it's a subset of pauthabi, so no reason for not supporting that. As for now, we explicitly do not support that (see #97237)
Currently, two LR signing implementations exist:
1. One enabled with `-mbranch-protection=pac-ret[+b-key|+leaf|+pc]*`. This is present in current mainline llvm. Details:
a)`sign-return-address` llvm module flag is set (and optionally `sign-return-address-all` with `+leaf`);
b) `PAUTH_PROLOGUE` and `PAUTH_EPILOGUE` pseudo-instructions are emitted in `AArch64FrameLowering::emitPrologue` and `AArch64FrameLowering::emitEpilogue`; these pseudos are later expanded by `AArch64PointerAuth` pass;
c) both A and B keys can be used (depending on `+b-key` and corresponding function attribute `sign-return-address-key` or module flag `sign-return-address-with-bkey`);
d) using `pc` register as additional modifier is supported with `+pc` (corresponding module flag is `branch-protection-pauth-lr`).
2. One enabled with `-fptrauth-returns`. This is present in Apple downstream and is a subject for upstreaming.
a) `ptrauth-returns` attribute is set on functions we want this to be enabled;
b) actual codegen logic is implemented in `AArch64FrameLowering::emitPrologue` and `AArch64FrameLowering::emitEpilogue` - we emit actual instructions like `pacibsp` directly there;
c) B key is always used;
d) using `pc` register as additional modifier is **not** supported.
See also https://github.com/llvm/llvm-project/pull/97237#discussion_r1666090234
TODO:
1. Ensure if `fptrauth-returns` is equal to `-mbranch-protection=pac-ret+b-key`. Several downstream patches are subject for investigation here:
a) https://github.com/ahmedbougacha/llvm-project/commit/c84e3837e017cf1335405855b73b2ccd2754a263
b) https://github.com/ahmedbougacha/llvm-project/commit/252558afa626a700770b77dd629bd0b0ca575027
If there is downstream functionality present for `-fptrauth-returns` in downstream but not present for `-mbranch-protection=pac-ret` in mainline - upstream that.
2. Make upstream generate code equal to downstream when `-fptrauth-returns` is passed without bringing the second implementation to mainline. Only present mainline implementation should be left in terms of codegen, probably with some additions (see previous point). Possible ways to do that:
a) set "sign-return-address" and "sign-return-address-with-bkey" function attributes when `-fptrauth-returns` is passed;
b) set "ptrauth-returns" function attribute (like in downstream and similar to other attributes like "ptrauth-calls", "ptrauth-auth-traps", etc) and add a check against that near existing checks against "sign-return-address" and "sign-return-address-with-bkey".
3. Support `-mbranch-protection=pauthabi+pac-ret+b-key`. Since `pac-ret+b-key` should do the same thing as `-fptrauth-returns`, it's a subset of `pauthabi`, so no reason for not supporting that. As for now, we explicitly do not support that (see #97237)
Currently, two LR signing implementations exist:
One enabled with
-mbranch-protection=pac-ret[+b-key|+leaf|+pc]*
. This is present in current mainline llvm. Details: a)sign-return-address
llvm module flag is set (and optionallysign-return-address-all
with+leaf
); b)PAUTH_PROLOGUE
andPAUTH_EPILOGUE
pseudo-instructions are emitted inAArch64FrameLowering::emitPrologue
andAArch64FrameLowering::emitEpilogue
; these pseudos are later expanded byAArch64PointerAuth
pass; c) both A and B keys can be used (depending on+b-key
and corresponding function attributesign-return-address-key
or module flagsign-return-address-with-bkey
); d) usingpc
register as additional modifier is supported with+pc
(corresponding module flag isbranch-protection-pauth-lr
).One enabled with
-fptrauth-returns
. This is present in Apple downstream and is a subject for upstreaming. a)ptrauth-returns
attribute is set on functions we want this to be enabled; b) actual codegen logic is implemented inAArch64FrameLowering::emitPrologue
andAArch64FrameLowering::emitEpilogue
- we emit actual instructions likepacibsp
directly there; c) B key is always used; d) usingpc
register as additional modifier is not supported.See also https://github.com/llvm/llvm-project/pull/97237#discussion_r1666090234
TODO:
Ensure if
fptrauth-returns
is equal to-mbranch-protection=pac-ret+b-key
. Several downstream patches are subject for investigation here: a) https://github.com/ahmedbougacha/llvm-project/commit/c84e3837e017cf1335405855b73b2ccd2754a263 b) https://github.com/ahmedbougacha/llvm-project/commit/252558afa626a700770b77dd629bd0b0ca575027If there is downstream functionality present for
-fptrauth-returns
in downstream but not present for-mbranch-protection=pac-ret
in mainline - upstream that.Make upstream generate code equal to downstream when
-fptrauth-returns
is passed without bringing the second implementation to mainline. Only present mainline implementation should be left in terms of codegen, probably with some additions (see previous point). Possible ways to do that:a) set "sign-return-address" and "sign-return-address-with-bkey" function attributes when
-fptrauth-returns
is passed; b) set "ptrauth-returns" function attribute (like in downstream and similar to other attributes like "ptrauth-calls", "ptrauth-auth-traps", etc) and add a check against that near existing checks against "sign-return-address" and "sign-return-address-with-bkey".Support
-mbranch-protection=pauthabi+pac-ret+b-key
. Sincepac-ret+b-key
should do the same thing as-fptrauth-returns
, it's a subset ofpauthabi
, so no reason for not supporting that. As for now, we explicitly do not support that (see #97237)