Add support for init/fini signing and correctly sign extern weak globals

Also add flag for ELF-GOT signing.

Author: jchlanda

compiler/rustc_codegen_llvm/src/consts.rs

@@ -49,7 +49,7 @@ pub(crate) fn const_alloc_to_llvm<'ll>(
     //
     // Statics have a guaranteed meaningful address so it's less clear that we want to do
     // something like this; it's also harder.
-    if !is_static {
+    if matches!(is_static, IsStatic::No) {
         assert!(alloc.len() != 0);
     }
     let mut llvals = Vec::with_capacity(alloc.provenance().ptrs().len() + 1);
@@ -120,14 +120,28 @@ pub(crate) fn const_alloc_to_llvm<'ll>(
             as u64;
 
         let address_space = cx.tcx.global_alloc(prov.alloc_id()).address_space(cx);
-
-        llvals.push(cx.scalar_to_backend(
+        // Pauthtest function pointers stored in init/fini arrays need special handling.
+        let pac_metadata = Some(
+            if cx.sess().target.env == Env::Pauthtest && matches!(is_init_fini, IsInitOrFini::Yes) {
+                PacMetadata {
+                    // Must correspond to ptrauth_key_init_fini_pointer from `ptrauth.h`.
+                    key: 0,
+                    // ptrauth_string_discriminator("init_fini")
+                    disc: 0xd9d4,
+                    addr_diversity: AddressDiversity::Synthetic(1),
+                }
+            } else {
+                PacMetadata::default()
+            },
+        );
+        llvals.push(cx.scalar_to_backend_with_pac(
             InterpScalar::from_pointer(Pointer::new(prov, Size::from_bytes(ptr_offset)), &cx.tcx),
             Scalar::Initialized {
                 value: Primitive::Pointer(address_space),
                 valid_range: WrappingRange::full(pointer_size),
             },
             cx.type_ptr_ext(address_space),
+            pac_metadata,
         ));
         next_offset = offset + pointer_size_bytes;
     }
@@ -152,7 +166,19 @@ fn codegen_static_initializer<'ll, 'tcx>(
     def_id: DefId,
 ) -> Result<(&'ll Value, ConstAllocation<'tcx>), ErrorHandled> {
     let alloc = cx.tcx.eval_static_initializer(def_id)?;
-    Ok((const_alloc_to_llvm(cx, alloc.inner(), /*static*/ true), alloc))
+    let attrs = cx.tcx.codegen_fn_attrs(def_id);
+    let is_in_init_fini: IsInitOrFini = attrs
+        .link_section
+        .map(|link_section| {
+            let s = link_section.as_str();
+            if s.starts_with(".init_array") || s.starts_with(".fini_array") {
+                IsInitOrFini::Yes
+            } else {
+                IsInitOrFini::No
+            }
+        })
+        .unwrap_or(IsInitOrFini::No);
+    Ok((const_alloc_to_llvm(cx, alloc.inner(), IsStatic::Yes, is_in_init_fini), alloc))
 }
 
 fn set_global_alignment<'ll>(cx: &CodegenCx<'ll, '_>, gv: &'ll Value, mut align: Align) {
@@ -175,6 +201,7 @@ fn check_and_apply_linkage<'ll, 'tcx>(
     if let Some(linkage) = attrs.import_linkage {
         debug!("get_static: sym={} linkage={:?}", sym, linkage);
 
+        let mut should_sign = false;
         // Declare a symbol `foo`. If `foo` is an extern_weak symbol, we declare
         // an extern_weak function, otherwise a global with the desired linkage.
         let g1 = if matches!(attrs.import_linkage, Some(Linkage::ExternalWeak)) {
@@ -187,8 +214,13 @@ fn check_and_apply_linkage<'ll, 'tcx>(
                 && let ty::FnPtr(sig, header) = args.type_at(0).kind()
             {
                 let fn_sig = sig.with(*header);
-
                 let fn_abi = cx.fn_abi_of_fn_ptr(fn_sig, ty::List::empty());
+                // Decide if the initializer needs to be signed
+                if cx.sess().target.env == Env::Pauthtest
+                    && matches!(fn_sig.abi(), ExternAbi::C { .. })
+                {
+                    should_sign = true;
+                }
                 cx.declare_fn(sym, &fn_abi, None)
             } else {
                 cx.declare_global(sym, cx.type_i8())
@@ -217,7 +249,24 @@ fn check_and_apply_linkage<'ll, 'tcx>(
             })
         });
         llvm::set_linkage(g2, llvm::Linkage::InternalLinkage);
-        llvm::set_initializer(g2, g1);
+
+        // Sign the function pointer that is used to initialize the global
+        let initializer = if should_sign {
+            let key: u32 = 0;
+            let discriminator: u64 = 0;
+
+            const_ptr_auth(
+                cx.const_bitcast(g1, llty),
+                key,
+                discriminator,
+                None, /* address_diversity */
+            )
+        } else {
+            g1
+        };
+
+        llvm::set_initializer(g2, initializer);
+
         g2
     } else if cx.tcx.sess.target.arch == Arch::X86
         && common::is_mingw_gnu_toolchain(&cx.tcx.sess.target)

compiler/rustc_session/src/options.rs

@@ -2568,6 +2568,7 @@ options! {
         (default: no)"),
     patchable_function_entry: PatchableFunctionEntry = (PatchableFunctionEntry::default(), parse_patchable_function_entry, [TRACKED],
         "nop padding at function entry"),
+    pauth_enable_elf_got: bool = (false, parse_bool, [TRACKED], "enable signing of ELF GOT entries"),
     plt: Option<bool> = (None, parse_opt_bool, [TRACKED],
         "whether to use the PLT when calling into shared libraries;
         only has effect for PIC code on systems with ELF binaries

tests/codegen-llvm/pauth-extern-weak-global.rs

@@ -0,0 +1,45 @@
+// ignore-tidy-linelength
+//@ only-aarch64-unknown-linux-pauthtest
+//@ revisions: O0_PAUTH O3_PAUTH O0_NO_PAUTH O3_NO_PAUTH
+
+//@ [O0_PAUTH] needs-llvm-components: aarch64
+//@ [O0_PAUTH] compile-flags: --target=aarch64-unknown-linux-pauthtest -C opt-level=0
+//@ [O3_PAUTH] needs-llvm-components: aarch64
+//@ [O3_PAUTH] compile-flags: --target=aarch64-unknown-linux-pauthtest -C opt-level=3
+//@ [O0_NO_PAUTH] needs-llvm-components: aarch64
+//@ [O0_NO_PAUTH] compile-flags: --target=aarch64-unknown-linux-gnu -C opt-level=0
+//@ [O3_NO_PAUTH] needs-llvm-components: aarch64
+//@ [O3_NO_PAUTH] compile-flags: --target=aarch64-unknown-linux-gnu -C opt-level=3
+
+#![crate_type = "lib"]
+#![feature(linkage)]
+
+// O0_PAUTH: @{{[0-9A-Za-z_]+}}FUNCTION_PTR_DECL = constant ptr ptrauth (ptr @copy_file_range, i32 0)
+// O0_PAUTH: declare i64 @copy_file_range({{.*}})
+// O3_PAUTH: @{{[0-9A-Za-z_]+}}FUNCTION_PTR_DECL = constant ptr ptrauth (ptr @copy_file_range, i32 0)
+// O3_PAUTH: declare {{.*}} i64 @copy_file_range({{.*}})
+//
+// O0_NO_PAUTH-NOT: ptr ptrauth
+// O3_NO_PAUTH-NOT: ptr ptrauth
+extern "C" {
+    #[link_name = "copy_file_range"]
+    #[linkage = "extern_weak"]
+    fn copy_file_range(
+        fd_in: i32,
+        off_in: *mut i64,
+        fd_out: i32,
+        off_out: *mut i64,
+        len: i64,
+        flags: i32,
+    ) -> i64;
+}
+
+#[used]
+static FUNCTION_PTR_DECL: unsafe extern "C" fn(i32, *mut i64, i32, *mut i64, i64, i32) -> i64 =
+    copy_file_range;
+
+// O0_PAUTH: !{{[0-9]+}} = !{i32 7, !"ptrauth-sign-personality", i32 1}
+// O3_PAUTH: !{{[0-9]+}} = !{i32 7, !"ptrauth-sign-personality", i32 1}
+
+// O0_NO_PAUTH-NOT: !{{[0-9]+}} = !{i32 7, !"ptrauth-sign-personality", i32 1}
+// O3_NO_PAUTH-NOT: !{{[0-9]+}} = !{i32 7, !"ptrauth-sign-personality", i32 1}

tests/codegen-llvm/pauth-init-fini.rs

@@ -0,0 +1,28 @@
+// ignore-tidy-linelength
+//@ only-aarch64-unknown-linux-pauthtest
+//@ revisions: O0_PAUTH O3_PAUTH
+
+//@ [O0_PAUTH] needs-llvm-components: aarch64
+//@ [O0_PAUTH] compile-flags: --target=aarch64-unknown-linux-pauthtest -C opt-level=0
+//@ [O3_PAUTH] needs-llvm-components: aarch64
+//@ [O3_PAUTH] compile-flags: --target=aarch64-unknown-linux-pauthtest -C opt-level=3
+
+// Make sure that init/fini metadata uses correct discriminator: 0xd9d4/55764
+
+#![crate_type = "lib"]
+#![feature(linkage)]
+
+// O0_PAUTH: @{{[0-9A-Za-z_]+}}GLOBAL_INIT = constant ptr ptrauth (ptr @{{[0-9A-Za-z_]+}}init_fn, i32 0, i64 55764, ptr inttoptr (i64 1 to ptr)), section ".init_array.90"
+// O3_PAUTH: @{{[0-9A-Za-z_]+}}GLOBAL_INIT = constant ptr ptrauth (ptr @{{[0-9A-Za-z_]+}}init_fn, i32 0, i64 55764, ptr inttoptr (i64 1 to ptr)), section ".init_array.90"
+#[used]
+#[link_section = ".init_array.90"]
+static GLOBAL_INIT: extern "C" fn() = init_fn;
+
+// O0_PAUTH: @{{[0-9A-Za-z_]+}}GLOBAL_FINI = constant ptr ptrauth (ptr @{{[0-9A-Za-z_]+}}fini_fn, i32 0, i64 55764, ptr inttoptr (i64 1 to ptr)), section ".fini_array.90"
+// O3_PAUTH: @{{[0-9A-Za-z_]+}}GLOBAL_FINI = constant ptr ptrauth (ptr @{{[0-9A-Za-z_]+}}fini_fn, i32 0, i64 55764, ptr inttoptr (i64 1 to ptr)), section ".fini_array.90"
+#[used]
+#[link_section = ".fini_array.90"]
+static GLOBAL_FINI: extern "C" fn(i32) = fini_fn;
+
+extern "C" fn init_fn() {}
+extern "C" fn fini_fn(_: i32) {}