It was quiet here; however lots of pauth-changes are readily available in LLVM 19 release and LLVM mainline:
- @ahmedbougacha @ahatanak @rjmccall et al ported many changes from Apple’s downstream branch. Besides the common pauth LLVM IR changes, the most important one is frontend support for C++ Pointer Authentication ABI that was presented previously at LLVM DevMeeting 2019 (https://llvm.org/devmtg/2019-10/talk-abstracts.html#tech15) and was available only on Apple targets as the arm64e ABI / platform.
- Daniil Kovalev and @atrosinenko contributed the ELF codegeneration according to PAuth ABI Extension to ELF for AArch64 (authored by @smithp35 et al at ARM).
- We’re now having a
pauthtestABI available for AArch64/Linux, so everyone can test pointer authentication on Linux. The reference implementation of required dynamic loader / standard library changes are available for Musl at [AArch64] Add initial support for PAC relocs by kovdan01 · Pull Request #2 · access-softek/musl · GitHub. LLVM testsuite passes on AArch64/Linux with pointer authentication enabled. One can either use-mabi=pauthtestor usepauthtestenvironment in target triple to enable pointer authentication ABI.
Still, there are some things that are currently work in progress:
- Not all arm64e changes have been upstreamed. So, mainline support for pointer authentication on Apple targets is not there yet.
- For ELF targets there are a few missed features including signed GOT (usually optional if the platform implements a read-only GOT) and signed TLS. There are PRs for these features, so hopefully they will be in LLVM mainline soon.
- There are cases of missed optimizations around authenticated pointers. These optimizations are available in Apple downstream fork and have not been upstreamed yet.
- The signing scheme is hardcoded as in
pauthtest. We do not have a way for target (yet) to specify a signing scheme / ABI version for pauth. - We do not have any other ABIs besides
pauthtestnor do we have a way to support multiple ABIs if necessary. - Some language extensions, the
__ptrauthqualifier in particular is currently under discussion. See RFC: `__ptrauth` qualifier for more information. - There is some duplication in functionality wrt mainline PAC-RET codegen that is supposed to be unified soon.
- We may want to revise some runtime libraries (
libunwindin particular) to ensure it synthesizes pointers in safer way during exceptions handling. - Something else I might have forgotten
We do have a tracking project for pauh-related issues at Pointer Authentication Tasks · GitHub
Last, but not least, I would certainly want to thank everyone who made this possible. And if I’ve forgotten something or someone – this was not intentional, please do let me know, and I will certainly correct it.