Introduce aarch64-unknown-linux-pauthtest

Author: jchlanda

compiler/rustc_codegen_llvm/src/builder.rs

@@ -8,7 +8,7 @@ pub(crate) mod gpu_offload;
 
 use libc::{c_char, c_uint};
 use rustc_abi as abi;
-use rustc_abi::{Align, Size, WrappingRange};
+use rustc_abi::{Align, CanonAbi, Size, WrappingRange};
 use rustc_codegen_ssa::MemFlags;
 use rustc_codegen_ssa::common::{IntPredicate, RealPredicate, SynchronizationScope, TypeKind};
 use rustc_codegen_ssa::mir::operand::{OperandRef, OperandValue};
@@ -26,7 +26,7 @@ use rustc_sanitizers::{cfi, kcfi};
 use rustc_session::config::OptLevel;
 use rustc_span::Span;
 use rustc_target::callconv::{FnAbi, PassMode};
-use rustc_target::spec::{Arch, HasTargetSpec, SanitizerSet, Target};
+use rustc_target::spec::{Arch, Env, HasTargetSpec, SanitizerSet, Target};
 use smallvec::SmallVec;
 use tracing::{debug, instrument};
 
@@ -430,6 +430,11 @@ impl<'a, 'll, 'tcx> BuilderMethods<'a, 'tcx> for Builder<'a, 'll, 'tcx> {
             bundles.push(kcfi_bundle);
         }
 
+        let pauth = self.ptrauth_operand_bundle(llfn, fn_abi);
+        if let Some(p) = pauth.as_ref().map(|b| b.as_ref()) {
+            bundles.push(p);
+        }
+
         let invoke = unsafe {
             llvm::LLVMBuildInvokeWithOperandBundles(
                 self.llbuilder,
@@ -1410,6 +1415,11 @@ impl<'a, 'll, 'tcx> BuilderMethods<'a, 'tcx> for Builder<'a, 'll, 'tcx> {
             bundles.push(kcfi_bundle);
         }
 
+        let pauth = self.ptrauth_operand_bundle(llfn, fn_abi);
+        if let Some(p) = pauth.as_ref().map(|b| b.as_ref()) {
+            bundles.push(p);
+        }
+
         let call = unsafe {
             llvm::LLVMBuildCallWithOperandBundles(
                 self.llbuilder,
@@ -1857,6 +1867,11 @@ impl<'a, 'll, 'tcx> Builder<'a, 'll, 'tcx> {
             bundles.push(kcfi_bundle);
         }
 
+        let pauth = self.ptrauth_operand_bundle(llfn, fn_abi);
+        if let Some(p) = pauth.as_ref().map(|b| b.as_ref()) {
+            bundles.push(p);
+        }
+
         let callbr = unsafe {
             llvm::LLVMBuildCallBr(
                 self.llbuilder,
@@ -1976,6 +1991,37 @@ impl<'a, 'll, 'tcx> Builder<'a, 'll, 'tcx> {
         kcfi_bundle
     }
 
+    // Emits pauth operand bundle.
+    fn ptrauth_operand_bundle(
+        &mut self,
+        llfn: &'ll Value,
+        fn_abi: Option<&FnAbi<'tcx, Ty<'tcx>>>,
+    ) -> Option<llvm::OperandBundleBox<'ll>> {
+        if self.sess().target.env != Env::Pauthtest {
+            return None;
+        }
+        // Pauthtest only supports extern "C" calls, filter out other ABIs.
+        if fn_abi?.conv != CanonAbi::C {
+            return None;
+        }
+        // Filter out LLVM intrinsics.
+        if llvm::get_value_name(llfn).starts_with(b"llvm.") {
+            return None;
+        }
+
+        // FIXME(jchlanda) operand bundles should only be attached to indirect function calls.
+        // However, as function signing is unstable, we end up signing too eagerly (including
+        // direct function calls), hence add operand bundles to all calls. We should analyze the
+        // call and bail out on direct calls here.
+
+        let key: u32 = 0;
+        let discriminator: u64 = 0;
+        Some(llvm::OperandBundleBox::new(
+            "ptrauth",
+            &[self.const_u32(key), self.const_u64(discriminator)],
+        ))
+    }
+
     /// Emits a call to `llvm.instrprof.increment`. Used by coverage instrumentation.
     #[instrument(level = "debug", skip(self))]
     pub(crate) fn instrprof_increment(

compiler/rustc_codegen_llvm/src/llvm/ffi.rs

@@ -2552,4 +2552,11 @@ unsafe extern "C" {
         Aliasee: &Value,
         Name: *const c_char,
     ) -> &'ll Value;
+
+    pub(crate) fn LLVMRustConstPtrAuth(
+        ptr: *mut Value,
+        key: u32,
+        disc: u64,
+        addr_diversity: *mut Value,
+    ) -> *mut Value;
 }

compiler/rustc_codegen_llvm/src/llvm/mod.rs

@@ -467,3 +467,19 @@ pub(crate) fn add_alias<'ll>(
 ) -> &'ll Value {
     unsafe { LLVMAddAlias2(module, ty, address_space.0, aliasee, name.as_ptr()) }
 }
+
+/// Safe wrapper for `LLVMRustConstPtrAuth`.
+pub(crate) fn const_ptr_auth<'ll>(
+    ptr: &'ll Value,
+    key: u32,
+    disc: u64,
+    addr_diversity: Option<&'ll Value>,
+) -> &'ll Value {
+    unsafe {
+        let addr_div_ptr = addr_diversity.map_or(std::ptr::null_mut(), |v| v as *const _ as *mut _);
+
+        let result = LLVMRustConstPtrAuth(ptr as *const _ as *mut _, key, disc, addr_div_ptr);
+
+        &*result
+    }
+}

compiler/rustc_codegen_llvm/src/llvm_util.rs

@@ -391,6 +391,8 @@ fn update_target_reliable_float_cfg(sess: &Session, cfg: &mut TargetConfig) {
     cfg.has_reliable_f128 = match (target_arch, target_os) {
         // Unsupported https://github.com/llvm/llvm-project/issues/121122
         (Arch::AmdGpu, _) => false,
+        // Pauthtest musl does not support 128-bit floating point math.
+        (Arch::AArch64, _) if *target_env == Env::Pauthtest => false,
         // Unsupported <https://github.com/llvm/llvm-project/issues/94434>
         (Arch::Arm64EC, _) => false,
         // Selection bug <https://github.com/llvm/llvm-project/issues/95471>. This issue is closed

compiler/rustc_llvm/llvm-wrapper/RustWrapper.cpp

@@ -1778,6 +1778,32 @@ extern "C" void LLVMRustSetNoSanitizeHWAddress(LLVMValueRef Global) {
   GV.setSanitizerMetadata(MD);
 }
 
+extern "C" LLVMValueRef LLVMRustConstPtrAuth(LLVMValueRef Ptr, uint32_t Key,
+                                             uint64_t Disc,
+                                             LLVMValueRef AddrDiversity) {
+  auto *V = unwrap<Value>(Ptr);
+  auto *C = dyn_cast<Constant>(V);
+  if (!C)
+    return Ptr;
+  if (!C->getType()->isPointerTy())
+    return Ptr;
+  if (isa<UndefValue>(C) || isa<ConstantPointerNull>(C))
+    return Ptr;
+
+  LLVMContext &Ctx = C->getContext();
+  auto *KeyC = ConstantInt::get(Type::getInt32Ty(Ctx), Key);
+  auto *DiscC = ConstantInt::get(Type::getInt64Ty(Ctx), Disc);
+  auto *PTy = cast<PointerType>(C->getType());
+  Constant *AddrDiv =
+      AddrDiversity ? dyn_cast<Constant>(unwrap<Value>(AddrDiversity))
+                    : ConstantPointerNull::get(cast<PointerType>(C->getType()));
+  assert(AddrDiv && "Failed to get Address Diversity");
+  llvm::Type *PtrTy = llvm::PointerType::get(Ctx, PTy->getAddressSpace());
+  auto *DeactivationSym = llvm::Constant::getNullValue(PtrTy);
+
+  return wrap(ConstantPtrAuth::get(C, KeyC, DiscC, AddrDiv, DeactivationSym));
+}
+
 // Statically assert that the fixed metadata kind IDs declared in
 // `metadata_kind.rs` match the ones actually used by LLVM.
 #define FIXED_MD_KIND(VARIANT, VALUE)                                          \

compiler/rustc_target/src/spec/mod.rs

@@ -1492,6 +1492,7 @@ supported_targets! {
     ("armv7-unknown-linux-musleabihf", armv7_unknown_linux_musleabihf),
     ("aarch64-unknown-linux-gnu", aarch64_unknown_linux_gnu),
     ("aarch64-unknown-linux-musl", aarch64_unknown_linux_musl),
+    ("aarch64-unknown-linux-pauthtest", aarch64_unknown_linux_pauthtest),
     ("aarch64_be-unknown-linux-musl", aarch64_be_unknown_linux_musl),
     ("x86_64-unknown-linux-musl", x86_64_unknown_linux_musl),
     ("i686-unknown-linux-musl", i686_unknown_linux_musl),
@@ -2046,6 +2047,7 @@ crate::target_spec_enum! {
         P1 = "p1",
         P2 = "p2",
         P3 = "p3",
+        Pauthtest = "pauthtest",
         Uclibc = "uclibc",
         V5 = "v5",
         Unspecified = "",

compiler/rustc_target/src/spec/targets/aarch64_unknown_linux_pauthtest.rs

@@ -0,0 +1,71 @@
+use std::borrow::Cow;
+use std::collections::BTreeMap;
+
+use crate::spec::{
+    Arch, Cc, Env, FramePointer, LinkerFlavor, Lld, StackProbeType, Target, TargetMetadata,
+    TargetOptions, base,
+};
+
+pub(crate) fn target() -> Target {
+    let pauthtest_sysroot = std::env::var("PAUTHTEST_SYSROOT").unwrap_or_default();
+
+    let pre_args = vec![
+        "-target".into(),
+        "aarch64-unknown-linux-pauthtest".into(),
+        "-fuse-ld=lld".into(),
+        Cow::Owned(format!("-L{}/usr/lib", pauthtest_sysroot)),
+        Cow::Owned(format!("--sysroot={}", pauthtest_sysroot).into()),
+    ];
+    let pre_link_args = BTreeMap::from([
+        (LinkerFlavor::Gnu(Cc::Yes, Lld::No), pre_args.clone()),
+        (LinkerFlavor::Gnu(Cc::Yes, Lld::Yes), pre_args),
+    ]);
+
+    let late_args = vec![
+        "-nostdlib".into(),
+        Cow::Owned(format!("-Wl,--dynamic-linker={}/usr/lib/libc.so", pauthtest_sysroot)),
+        Cow::Owned(format!("-Wl,--rpath={}/usr/lib", pauthtest_sysroot)),
+        Cow::Owned(format!("-Wl,{}/usr/lib/crt1.o", pauthtest_sysroot)),
+        Cow::Owned(format!("-Wl,{}/usr/lib/crti.o", pauthtest_sysroot)),
+        Cow::Owned(format!("-Wl,{}/usr/lib/crtn.o", pauthtest_sysroot)),
+    ];
+    let late_link_args = BTreeMap::from([
+        (LinkerFlavor::Gnu(Cc::Yes, Lld::No), late_args.clone()),
+        (LinkerFlavor::Gnu(Cc::Yes, Lld::Yes), late_args),
+    ]);
+
+    Target {
+        llvm_target: "aarch64-unknown-linux-pauthtest".into(),
+        metadata: TargetMetadata {
+            description: Some("ARM64 Linux with pauth enabled musl".into()),
+            tier: Some(3),
+            host_tools: Some(true),
+            std: Some(true),
+        },
+        pointer_width: 64,
+        data_layout: "e-m:e-p270:32:32-p271:32:32-p272:64:64-i8:8:32-i16:16:32-i64:64-i128:128-n32:64-S128-Fn32".into(),
+        arch: Arch::AArch64,
+
+        options: TargetOptions {
+            env: Env::Pauthtest,
+            features: "+v8a,+outline-atomics,+pauth".into(),
+            max_atomic_width: Some(128),
+            stack_probes: StackProbeType::Inline,
+            crt_static_default: false,
+            crt_static_respected: false,
+            default_uwtable: true,
+            dynamic_linking: true,
+            linker: Some("clang".into()),
+            pre_link_args,
+            late_link_args,
+            has_rpath: true,
+            position_independent_executables: true,
+            // the AAPCS64 expects use of non-leaf frame pointers per
+            // https://github.com/ARM-software/abi-aa/blob/4492d1570eb70c8fd146623e0db65b2d241f12e7/aapcs64/aapcs64.rst#the-frame-pointer
+            // and we tend to encounter interesting bugs in AArch64 unwinding code if we do not
+            frame_pointer: FramePointer::NonLeaf,
+            mcount: "\u{1}_mcount".into(),
+            ..base::linux::opts()
+         },
+    }
+}

library/std/src/sys/pal/unix/stack_overflow.rs

@@ -409,9 +409,15 @@ mod imp {
 
         unsafe {
             // this way someone on any unix-y OS can check that all these compile
-            if cfg!(all(target_os = "linux", not(target_env = "musl"))) {
+            if cfg!(all(
+                target_os = "linux",
+                not(any(target_env = "musl", target_env = "pauthtest"))
+            )) {
                 install_main_guard_linux(page_size)
-            } else if cfg!(all(target_os = "linux", target_env = "musl")) {
+            } else if cfg!(all(
+                target_os = "linux",
+                any(target_env = "musl", target_env = "pauthtest")
+            )) {
                 install_main_guard_linux_musl(page_size)
             } else if cfg!(target_os = "freebsd") {
                 #[cfg(not(target_os = "freebsd"))]
@@ -588,7 +594,10 @@ mod imp {
             let mut guardsize = 0;
             assert_eq!(libc::pthread_attr_getguardsize(attr.as_ptr(), &mut guardsize), 0);
             if guardsize == 0 {
-                if cfg!(all(target_os = "linux", target_env = "musl")) {
+                if cfg!(all(
+                    target_os = "linux",
+                    any(target_env = "musl", target_env = "pauthtest")
+                )) {
                     // musl versions before 1.1.19 always reported guard
                     // size obtained from pthread_attr_get_np as zero.
                     // Use page size as a fallback.
@@ -604,7 +613,10 @@ mod imp {
             let stackaddr = stackptr.addr();
             ret = if cfg!(any(target_os = "freebsd", target_os = "netbsd", target_os = "hurd")) {
                 Some(stackaddr - guardsize..stackaddr)
-            } else if cfg!(all(target_os = "linux", target_env = "musl")) {
+            } else if cfg!(all(
+                target_os = "linux",
+                any(target_env = "musl", target_env = "pauthtest")
+            )) {
                 Some(stackaddr - guardsize..stackaddr)
             } else if cfg!(all(target_os = "linux", any(target_env = "gnu", target_env = "uclibc")))
             {

library/std_detect/src/detect/os/linux/auxvec.rs

@@ -51,7 +51,7 @@ pub(crate) struct AuxVec {
 /// Note that run-time feature detection is not invoked for features that can
 /// be detected at compile-time.
 ///
-///  Note: We always directly use `getauxval` on `*-linux-{gnu,musl,ohos}*` and
+///  Note: We always directly use `getauxval` on `*-linux-{gnu,musl,ohos,pauthtest}*` and
 /// `*-android*` targets rather than `dlsym` it because we can safely assume
 /// `getauxval` is linked to the binary.
 /// - `*-linux-gnu*` targets ([since Rust 1.64](https://blog.rust-lang.org/2022/08/01/Increasing-glibc-kernel-requirements.html))
@@ -125,7 +125,7 @@ fn getauxval(key: usize) -> Result<usize, ()> {
         any(
             all(
                 target_os = "linux",
-                any(target_env = "gnu", target_env = "musl", target_env = "ohos"),
+                any(target_env = "gnu", target_env = "musl", target_env = "ohos", target_env = "pauthtest"),
             ),
             target_os = "android",
         ) => {

library/unwind/src/lib.rs

@@ -94,6 +94,20 @@ cfg_select! {
     }
 }
 
+// For pauthtest explicitly reject static CRT, as the target requires dynamic
+// linking. Pauthtest is based on musl, the only supported unwinding mechanism
+// is provided by libunwind.
+#[cfg(target_env = "pauthtest")]
+cfg_select! {
+    target_feature = "crt-static" => {
+        compile_error!("pauthtest target only supports dynamic linking to `unwind`");
+    }
+    _ => {
+        #[link(name = "unwind")]
+        unsafe extern "C" {}
+    }
+}
+
 // This is the same as musl except that we default to using the system libunwind
 // instead of libgcc.
 #[cfg(target_env = "ohos")]