From 837cc1687f7c0d35a4e90a2f6bee377b5a2ecfd5 Mon Sep 17 00:00:00 2001 From: James McGregor Date: Tue, 13 Jul 2021 12:14:26 +0100 Subject: [PATCH 1/2] Add codegen option for branch protection and pointer authentication on AArch64 The branch-protection codegen option enables the use of hint-space pointer authentication code for AArch64 targets --- compiler/rustc_codegen_llvm/src/attributes.rs | 54 ++++++++++++++++++- compiler/rustc_codegen_llvm/src/context.rs | 34 +++++++++++- compiler/rustc_codegen_llvm/src/declare.rs | 5 ++ compiler/rustc_interface/src/tests.rs | 9 +++- compiler/rustc_session/src/config.rs | 31 +++++++++-- compiler/rustc_session/src/options.rs | 31 +++++++++++ src/doc/rustc/src/codegen-options/index.md | 23 ++++++++ src/test/assembly/aarch64-pointer-auth.rs | 22 ++++++++ src/test/codegen/branch-protection.rs | 41 ++++++++++++++ .../pointer-auth-link-with-c/Makefile | 14 +++++ .../pointer-auth-link-with-c/test.c | 1 + .../pointer-auth-link-with-c/test.rs | 8 +++ 12 files changed, 266 insertions(+), 7 deletions(-) create mode 100644 src/test/assembly/aarch64-pointer-auth.rs create mode 100644 src/test/codegen/branch-protection.rs create mode 100644 src/test/run-make-fulldeps/pointer-auth-link-with-c/Makefile create mode 100644 src/test/run-make-fulldeps/pointer-auth-link-with-c/test.c create mode 100644 src/test/run-make-fulldeps/pointer-auth-link-with-c/test.rs diff --git a/compiler/rustc_codegen_llvm/src/attributes.rs b/compiler/rustc_codegen_llvm/src/attributes.rs index 8e6329a997f14..768e03b5ef358 100644 --- a/compiler/rustc_codegen_llvm/src/attributes.rs +++ b/compiler/rustc_codegen_llvm/src/attributes.rs @@ -9,7 +9,7 @@ use rustc_hir::def_id::DefId; use rustc_middle::middle::codegen_fn_attrs::CodegenFnAttrFlags; use rustc_middle::ty::layout::HasTyCtxt; use rustc_middle::ty::{self, TyCtxt}; -use rustc_session::config::OptLevel; +use rustc_session::config::{BranchProtection, OptLevel, PAuthKey}; use rustc_session::Session; use rustc_target::spec::abi::Abi; use rustc_target::spec::{FramePointer, SanitizerSet, StackProbeType, StackProtector}; @@ -203,6 +203,58 @@ pub fn non_lazy_bind(sess: &Session, llfn: &'ll Value) { } } +pub fn set_branch_protection(sess: &Session, llfn: &'ll Value) { + // Setting PAC/BTI function attributes is only necessary for LLVM 11 and earlier. + // For LLVM 12 and greater, module-level metadata attributes are set in + // `compiler/rustc_codegen_llvm/src/context.rs`. + if llvm_util::get_version() >= (12, 0, 0) { + return; + } + + let BranchProtection { bti, pac_ret: pac } = sess.opts.cg.branch_protection; + + if bti { + llvm::AddFunctionAttrString( + llfn, + llvm::AttributePlace::Function, + cstr!("branch-target-enforcement"), + ); + } + + if let Some(pac_opts) = pac { + if pac_opts.leaf { + llvm::AddFunctionAttrStringValue( + llfn, + llvm::AttributePlace::Function, + cstr!("sign-return-address"), + cstr!("non-leaf"), + ); + } else { + llvm::AddFunctionAttrStringValue( + llfn, + llvm::AttributePlace::Function, + cstr!("sign-return-address"), + cstr!("all"), + ); + } + + match pac_opts.key { + PAuthKey::A => llvm::AddFunctionAttrStringValue( + llfn, + llvm::AttributePlace::Function, + cstr!("sign-return-address-key"), + cstr!("a_key"), + ), + PAuthKey::B => llvm::AddFunctionAttrStringValue( + llfn, + llvm::AttributePlace::Function, + cstr!("sign-return-address-key"), + cstr!("b_key"), + ), + } + } +} + pub(crate) fn default_optimisation_attrs(sess: &Session, llfn: &'ll Value) { match sess.opts.optimize { OptLevel::Size => { diff --git a/compiler/rustc_codegen_llvm/src/context.rs b/compiler/rustc_codegen_llvm/src/context.rs index 613a8df891ce4..da05b5c0cba74 100644 --- a/compiler/rustc_codegen_llvm/src/context.rs +++ b/compiler/rustc_codegen_llvm/src/context.rs @@ -21,7 +21,7 @@ use rustc_middle::ty::layout::{ }; use rustc_middle::ty::{self, Instance, Ty, TyCtxt}; use rustc_middle::{bug, span_bug}; -use rustc_session::config::{CFGuard, CrateType, DebugInfo}; +use rustc_session::config::{BranchProtection, CFGuard, CrateType, DebugInfo, PAuthKey}; use rustc_session::Session; use rustc_span::source_map::Span; use rustc_span::symbol::Symbol; @@ -242,6 +242,38 @@ pub unsafe fn create_module( } } + if sess.target.arch == "aarch64" { + let BranchProtection { bti, pac_ret: pac } = sess.opts.cg.branch_protection; + + llvm::LLVMRustAddModuleFlag( + llmod, + "branch-target-enforcement\0".as_ptr().cast(), + bti.into(), + ); + + if let Some(pac_opts) = pac { + llvm::LLVMRustAddModuleFlag(llmod, "sign-return-address\0".as_ptr().cast(), 1); + llvm::LLVMRustAddModuleFlag( + llmod, + "sign-return-address-all\0".as_ptr().cast(), + pac_opts.leaf.into(), + ); + llvm::LLVMRustAddModuleFlag( + llmod, + "sign-return-address-with-bkey\0".as_ptr().cast(), + if pac_opts.key == PAuthKey::A { 0 } else { 1 }, + ); + } else { + llvm::LLVMRustAddModuleFlag(llmod, "sign-return-address\0".as_ptr().cast(), 0); + llvm::LLVMRustAddModuleFlag(llmod, "sign-return-address-all\0".as_ptr().cast(), 0); + llvm::LLVMRustAddModuleFlag( + llmod, + "sign-return-address-with-bkey\0".as_ptr().cast(), + 0, + ); + } + } + llmod } diff --git a/compiler/rustc_codegen_llvm/src/declare.rs b/compiler/rustc_codegen_llvm/src/declare.rs index 8977fa085b9bb..f4e754b80c976 100644 --- a/compiler/rustc_codegen_llvm/src/declare.rs +++ b/compiler/rustc_codegen_llvm/src/declare.rs @@ -45,8 +45,13 @@ fn declare_raw_fn( llvm::Attribute::NoRedZone.apply_llfn(Function, llfn); } + if cx.tcx.sess.target.arch == "aarch64" { + attributes::set_branch_protection(cx.tcx.sess, llfn); + } + attributes::default_optimisation_attrs(cx.tcx.sess, llfn); attributes::non_lazy_bind(cx.sess(), llfn); + llfn } diff --git a/compiler/rustc_interface/src/tests.rs b/compiler/rustc_interface/src/tests.rs index 6147311af6159..1ceb11ede19e3 100644 --- a/compiler/rustc_interface/src/tests.rs +++ b/compiler/rustc_interface/src/tests.rs @@ -8,10 +8,11 @@ use rustc_session::config::{build_configuration, build_session_options, to_crate use rustc_session::config::{ rustc_optgroups, ErrorOutputType, ExternLocation, LocationDetail, Options, Passes, }; -use rustc_session::config::{CFGuard, ExternEntry, LinkerPluginLto, LtoCli, SwitchWithOptPath}; use rustc_session::config::{ - Externs, OutputType, OutputTypes, SymbolManglingVersion, WasiExecModel, + BranchProtection, Externs, OutputType, OutputTypes, PAuthKey, PacRet, SymbolManglingVersion, + WasiExecModel, }; +use rustc_session::config::{CFGuard, ExternEntry, LinkerPluginLto, LtoCli, SwitchWithOptPath}; use rustc_session::lint::Level; use rustc_session::search_paths::SearchPath; use rustc_session::utils::{CanonicalizedPath, NativeLib, NativeLibKind}; @@ -566,6 +567,10 @@ fn test_codegen_options_tracking_hash() { // Make sure that changing a [TRACKED] option changes the hash. // This list is in alphabetical order. + tracked!( + branch_protection, + BranchProtection { bti: true, pac_ret: Some(PacRet { leaf: true, key: PAuthKey::B }) } + ); tracked!(code_model, Some(CodeModel::Large)); tracked!(control_flow_guard, CFGuard::Checks); tracked!(debug_assertions, Some(true)); diff --git a/compiler/rustc_session/src/config.rs b/compiler/rustc_session/src/config.rs index 16b68d95858b8..d994e52e04963 100644 --- a/compiler/rustc_session/src/config.rs +++ b/compiler/rustc_session/src/config.rs @@ -842,6 +842,30 @@ impl Passes { } } +#[derive(Clone, Copy, Hash, Debug, PartialEq)] +pub enum PAuthKey { + A, + B, +} + +#[derive(Clone, Copy, Hash, Debug, PartialEq)] +pub struct PacRet { + pub leaf: bool, + pub key: PAuthKey, +} + +#[derive(Clone, Copy, Hash, Debug, PartialEq)] +pub struct BranchProtection { + pub bti: bool, + pub pac_ret: Option, +} + +impl Default for BranchProtection { + fn default() -> Self { + BranchProtection { bti: false, pac_ret: None } + } +} + pub const fn default_lib_output() -> CrateType { CrateType::Rlib } @@ -2487,9 +2511,9 @@ impl PpMode { crate mod dep_tracking { use super::LdImpl; use super::{ - CFGuard, CrateType, DebugInfo, ErrorOutputType, InstrumentCoverage, LinkerPluginLto, - LocationDetail, LtoCli, OptLevel, OutputType, OutputTypes, Passes, SourceFileHashAlgorithm, - SwitchWithOptPath, SymbolManglingVersion, TrimmedDefPaths, + BranchProtection, CFGuard, CrateType, DebugInfo, ErrorOutputType, InstrumentCoverage, + LinkerPluginLto, LocationDetail, LtoCli, OptLevel, OutputType, OutputTypes, Passes, + SourceFileHashAlgorithm, SwitchWithOptPath, SymbolManglingVersion, TrimmedDefPaths, }; use crate::lint; use crate::options::WasiExecModel; @@ -2583,6 +2607,7 @@ crate mod dep_tracking { OutputType, RealFileName, LocationDetail, + BranchProtection, ); impl DepTrackingHash for (T1, T2) diff --git a/compiler/rustc_session/src/options.rs b/compiler/rustc_session/src/options.rs index 779f29e3dfedf..03ce0cc42cd36 100644 --- a/compiler/rustc_session/src/options.rs +++ b/compiler/rustc_session/src/options.rs @@ -389,6 +389,8 @@ mod desc { pub const parse_gcc_ld: &str = "one of: no value, `lld`"; pub const parse_stack_protector: &str = "one of (`none` (default), `basic`, `strong`, or `all`)"; + pub const parse_branch_protection: &str = + "a `+` separated combination of `bti`, `b-key`, `pac-ret`, or `leaf`"; } mod parse { @@ -929,6 +931,33 @@ mod parse { } true } + + crate fn parse_branch_protection(slot: &mut BranchProtection, v: Option<&str>) -> bool { + match v { + Some(s) => { + for opt in s.split('+') { + match opt { + "bti" => slot.bti = true, + "pac-ret" if slot.pac_ret.is_none() => { + slot.pac_ret = Some(PacRet { leaf: false, key: PAuthKey::A }) + } + "leaf" => match slot.pac_ret.as_mut() { + Some(pac) => pac.leaf = true, + _ => return false, + }, + "b-key" => match slot.pac_ret.as_mut() { + Some(pac) => pac.key = PAuthKey::B, + _ => return false, + }, + _ => return false, + }; + } + } + + _ => return false, + } + true + } } options! { @@ -942,6 +971,8 @@ options! { ar: String = (String::new(), parse_string, [UNTRACKED], "this option is deprecated and does nothing"), + branch_protection: BranchProtection = (BranchProtection::default(), parse_branch_protection, [TRACKED], + "set options for branch target identification and pointer authentication on AArch64"), code_model: Option = (None, parse_code_model, [TRACKED], "choose the code model to use (`rustc --print code-models` for details)"), codegen_units: Option = (None, parse_opt_number, [UNTRACKED], diff --git a/src/doc/rustc/src/codegen-options/index.md b/src/doc/rustc/src/codegen-options/index.md index 0201b88417a8b..484242d86fe10 100644 --- a/src/doc/rustc/src/codegen-options/index.md +++ b/src/doc/rustc/src/codegen-options/index.md @@ -7,6 +7,29 @@ a version of this list for your exact compiler by running `rustc -C help`. This option is deprecated and does nothing. +## branch-protection + +This option lets you enable branch authentication instructions on AArch64. +This option is ignored for non-AArch64 architectures. +It takes some combination of the following values, separated by a `+`. + +- `pac-ret` - Enable pointer authentication for non-leaf functions. +- `leaf` - Enable pointer authentication for all functions, including leaf functions. +- `b-key` - Sign return addresses with key B, instead of the default key A. +- `bti` - Enable branch target identification. + +`leaf` and `b-key` are only valid if `pac-ret` was previously specified. +For example, `-C branch-protection=bti+pac-ret+leaf` is valid, but +`-C branch-protection=bti+leaf+pac-ret` is not. + +Repeated values are ignored. +For example, `-C branch-protection=pac-ret+leaf+pac-ret` is equivalent to +`-C branch-protection=pac-ret+leaf`. + +Rust's standard library does not ship with BTI or pointer authentication enabled by default. \ +In Cargo projects the standard library can be recompiled with pointer authentication using the nightly +[build-std](https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#build-std) feature. + ## code-model This option lets you choose which code model to use. \ diff --git a/src/test/assembly/aarch64-pointer-auth.rs b/src/test/assembly/aarch64-pointer-auth.rs new file mode 100644 index 0000000000000..e778e67e1b384 --- /dev/null +++ b/src/test/assembly/aarch64-pointer-auth.rs @@ -0,0 +1,22 @@ +// Test that PAC instructions are emitted when branch-protection is specified. + +// min-llvm-version: 10.0.1 +// assembly-output: emit-asm +// compile-flags: --target aarch64-unknown-linux-gnu +// compile-flags: -C branch-protection=pac-ret+leaf +// needs-llvm-components: aarch64 + +#![feature(no_core, lang_items)] +#![no_std] +#![no_core] +#![crate_type = "lib"] + +#[lang = "sized"] +trait Sized {} + +// CHECK: hint #25 +// CHECK: hint #29 +#[no_mangle] +pub fn test() -> u8 { + 42 +} diff --git a/src/test/codegen/branch-protection.rs b/src/test/codegen/branch-protection.rs new file mode 100644 index 0000000000000..79706cdf070e5 --- /dev/null +++ b/src/test/codegen/branch-protection.rs @@ -0,0 +1,41 @@ +// Test that the correct module flags are emitted with different branch protection flags. + +// revisions: bti pac-ret leaf b-key +// min-llvm-version: 12.0.0 +// needs-llvm-components: aarch64 +// [bti] compile-flags: -C branch-protection=bti +// [pac-ret] compile-flags: -C branch-protection=pac-ret +// [leaf] compile-flags: -C branch-protection=pac-ret+leaf +// [b-key] compile-flags: -C branch-protection=pac-ret+b-key +// compile-flags: --target aarch64-unknown-linux-gnu + +#![crate_type = "lib"] +#![feature(no_core, lang_items)] +#![no_core] + +#[lang="sized"] +trait Sized { } + +// A basic test function. +pub fn test() { +} + +// bti: !"branch-target-enforcement", i32 1 +// bti: !"sign-return-address", i32 0 +// bti: !"sign-return-address-all", i32 0 +// bti: !"sign-return-address-with-bkey", i32 0 + +// pac-ret: !"branch-target-enforcement", i32 0 +// pac-ret: !"sign-return-address", i32 1 +// pac-ret: !"sign-return-address-all", i32 0 +// pac-ret: !"sign-return-address-with-bkey", i32 0 + +// leaf: !"branch-target-enforcement", i32 0 +// leaf: !"sign-return-address", i32 1 +// leaf: !"sign-return-address-all", i32 1 +// leaf: !"sign-return-address-with-bkey", i32 0 + +// b-key: !"branch-target-enforcement", i32 0 +// b-key: !"sign-return-address", i32 1 +// b-key: !"sign-return-address-all", i32 0 +// b-key: !"sign-return-address-with-bkey", i32 1 diff --git a/src/test/run-make-fulldeps/pointer-auth-link-with-c/Makefile b/src/test/run-make-fulldeps/pointer-auth-link-with-c/Makefile new file mode 100644 index 0000000000000..36d0f0e5a19e0 --- /dev/null +++ b/src/test/run-make-fulldeps/pointer-auth-link-with-c/Makefile @@ -0,0 +1,14 @@ +-include ../tools.mk + +# only-aarch64 + +all: + $(COMPILE_OBJ) $(TMPDIR)/test.o test.c + $(AR) rcs $(TMPDIR)/libtest.a $(TMPDIR)/test.o + $(RUSTC) -C branch-protection=bti+pac-ret+leaf test.rs + $(call RUN,test) + + $(COMPILE_OBJ) $(TMPDIR)/test.o test.c -mbranch-protection=bti+pac-ret+leaf + $(AR) rcs $(TMPDIR)/libtest.a $(TMPDIR)/test.o + $(RUSTC) -C branch-protection=bti+pac-ret+leaf test.rs + $(call RUN,test) \ No newline at end of file diff --git a/src/test/run-make-fulldeps/pointer-auth-link-with-c/test.c b/src/test/run-make-fulldeps/pointer-auth-link-with-c/test.c new file mode 100644 index 0000000000000..9fe07f82f9ed1 --- /dev/null +++ b/src/test/run-make-fulldeps/pointer-auth-link-with-c/test.c @@ -0,0 +1 @@ +int foo() { return 0; } diff --git a/src/test/run-make-fulldeps/pointer-auth-link-with-c/test.rs b/src/test/run-make-fulldeps/pointer-auth-link-with-c/test.rs new file mode 100644 index 0000000000000..615ad0aeb3d0e --- /dev/null +++ b/src/test/run-make-fulldeps/pointer-auth-link-with-c/test.rs @@ -0,0 +1,8 @@ +#[link(name = "test")] +extern "C" { + fn foo() -> i32; +} + +fn main() { + unsafe {foo();} +} From 984ca4689dbceea29bbfcf54c4743b45fccf7ad1 Mon Sep 17 00:00:00 2001 From: Jamie Cunliffe Date: Wed, 1 Dec 2021 15:56:59 +0000 Subject: [PATCH 2/2] Review comments - Changed the separator from '+' to ','. - Moved the branch protection options from -C to -Z. - Additional test for incorrect branch-protection option. - Remove LLVM < 12 code. - Style fixes. Co-authored-by: James McGregor --- compiler/rustc_codegen_llvm/src/attributes.rs | 54 +------------------ compiler/rustc_codegen_llvm/src/context.rs | 42 +++++++-------- compiler/rustc_codegen_llvm/src/declare.rs | 4 -- compiler/rustc_interface/src/tests.rs | 8 +-- compiler/rustc_session/src/options.rs | 9 ++-- src/doc/rustc/src/codegen-options/index.md | 23 -------- .../src/compiler-flags/branch-protection.md | 18 +++++++ src/test/assembly/aarch64-pointer-auth.rs | 2 +- src/test/codegen/branch-protection.rs | 8 +-- .../pointer-auth-link-with-c/Makefile | 6 +-- .../branch-protection-missing-pac-ret.rs | 1 + .../branch-protection-missing-pac-ret.stderr | 2 + 12 files changed, 57 insertions(+), 120 deletions(-) create mode 100644 src/doc/unstable-book/src/compiler-flags/branch-protection.md create mode 100644 src/test/ui/invalid-compile-flags/branch-protection-missing-pac-ret.rs create mode 100644 src/test/ui/invalid-compile-flags/branch-protection-missing-pac-ret.stderr diff --git a/compiler/rustc_codegen_llvm/src/attributes.rs b/compiler/rustc_codegen_llvm/src/attributes.rs index 768e03b5ef358..8e6329a997f14 100644 --- a/compiler/rustc_codegen_llvm/src/attributes.rs +++ b/compiler/rustc_codegen_llvm/src/attributes.rs @@ -9,7 +9,7 @@ use rustc_hir::def_id::DefId; use rustc_middle::middle::codegen_fn_attrs::CodegenFnAttrFlags; use rustc_middle::ty::layout::HasTyCtxt; use rustc_middle::ty::{self, TyCtxt}; -use rustc_session::config::{BranchProtection, OptLevel, PAuthKey}; +use rustc_session::config::OptLevel; use rustc_session::Session; use rustc_target::spec::abi::Abi; use rustc_target::spec::{FramePointer, SanitizerSet, StackProbeType, StackProtector}; @@ -203,58 +203,6 @@ pub fn non_lazy_bind(sess: &Session, llfn: &'ll Value) { } } -pub fn set_branch_protection(sess: &Session, llfn: &'ll Value) { - // Setting PAC/BTI function attributes is only necessary for LLVM 11 and earlier. - // For LLVM 12 and greater, module-level metadata attributes are set in - // `compiler/rustc_codegen_llvm/src/context.rs`. - if llvm_util::get_version() >= (12, 0, 0) { - return; - } - - let BranchProtection { bti, pac_ret: pac } = sess.opts.cg.branch_protection; - - if bti { - llvm::AddFunctionAttrString( - llfn, - llvm::AttributePlace::Function, - cstr!("branch-target-enforcement"), - ); - } - - if let Some(pac_opts) = pac { - if pac_opts.leaf { - llvm::AddFunctionAttrStringValue( - llfn, - llvm::AttributePlace::Function, - cstr!("sign-return-address"), - cstr!("non-leaf"), - ); - } else { - llvm::AddFunctionAttrStringValue( - llfn, - llvm::AttributePlace::Function, - cstr!("sign-return-address"), - cstr!("all"), - ); - } - - match pac_opts.key { - PAuthKey::A => llvm::AddFunctionAttrStringValue( - llfn, - llvm::AttributePlace::Function, - cstr!("sign-return-address-key"), - cstr!("a_key"), - ), - PAuthKey::B => llvm::AddFunctionAttrStringValue( - llfn, - llvm::AttributePlace::Function, - cstr!("sign-return-address-key"), - cstr!("b_key"), - ), - } - } -} - pub(crate) fn default_optimisation_attrs(sess: &Session, llfn: &'ll Value) { match sess.opts.optimize { OptLevel::Size => { diff --git a/compiler/rustc_codegen_llvm/src/context.rs b/compiler/rustc_codegen_llvm/src/context.rs index da05b5c0cba74..0f5487a4447d8 100644 --- a/compiler/rustc_codegen_llvm/src/context.rs +++ b/compiler/rustc_codegen_llvm/src/context.rs @@ -21,7 +21,7 @@ use rustc_middle::ty::layout::{ }; use rustc_middle::ty::{self, Instance, Ty, TyCtxt}; use rustc_middle::{bug, span_bug}; -use rustc_session::config::{BranchProtection, CFGuard, CrateType, DebugInfo, PAuthKey}; +use rustc_session::config::{BranchProtection, CFGuard, CrateType, DebugInfo, PAuthKey, PacRet}; use rustc_session::Session; use rustc_span::source_map::Span; use rustc_span::symbol::Symbol; @@ -243,7 +243,7 @@ pub unsafe fn create_module( } if sess.target.arch == "aarch64" { - let BranchProtection { bti, pac_ret: pac } = sess.opts.cg.branch_protection; + let BranchProtection { bti, pac_ret: pac } = sess.opts.debugging_opts.branch_protection; llvm::LLVMRustAddModuleFlag( llmod, @@ -251,27 +251,23 @@ pub unsafe fn create_module( bti.into(), ); - if let Some(pac_opts) = pac { - llvm::LLVMRustAddModuleFlag(llmod, "sign-return-address\0".as_ptr().cast(), 1); - llvm::LLVMRustAddModuleFlag( - llmod, - "sign-return-address-all\0".as_ptr().cast(), - pac_opts.leaf.into(), - ); - llvm::LLVMRustAddModuleFlag( - llmod, - "sign-return-address-with-bkey\0".as_ptr().cast(), - if pac_opts.key == PAuthKey::A { 0 } else { 1 }, - ); - } else { - llvm::LLVMRustAddModuleFlag(llmod, "sign-return-address\0".as_ptr().cast(), 0); - llvm::LLVMRustAddModuleFlag(llmod, "sign-return-address-all\0".as_ptr().cast(), 0); - llvm::LLVMRustAddModuleFlag( - llmod, - "sign-return-address-with-bkey\0".as_ptr().cast(), - 0, - ); - } + llvm::LLVMRustAddModuleFlag( + llmod, + "sign-return-address\0".as_ptr().cast(), + pac.is_some().into(), + ); + let pac_opts = pac.unwrap_or(PacRet { leaf: false, key: PAuthKey::A }); + llvm::LLVMRustAddModuleFlag( + llmod, + "sign-return-address-all\0".as_ptr().cast(), + pac_opts.leaf.into(), + ); + let is_bkey = if pac_opts.key == PAuthKey::A { false } else { true }; + llvm::LLVMRustAddModuleFlag( + llmod, + "sign-return-address-with-bkey\0".as_ptr().cast(), + is_bkey.into(), + ); } llmod diff --git a/compiler/rustc_codegen_llvm/src/declare.rs b/compiler/rustc_codegen_llvm/src/declare.rs index f4e754b80c976..5db82dd7669d1 100644 --- a/compiler/rustc_codegen_llvm/src/declare.rs +++ b/compiler/rustc_codegen_llvm/src/declare.rs @@ -45,10 +45,6 @@ fn declare_raw_fn( llvm::Attribute::NoRedZone.apply_llfn(Function, llfn); } - if cx.tcx.sess.target.arch == "aarch64" { - attributes::set_branch_protection(cx.tcx.sess, llfn); - } - attributes::default_optimisation_attrs(cx.tcx.sess, llfn); attributes::non_lazy_bind(cx.sess(), llfn); diff --git a/compiler/rustc_interface/src/tests.rs b/compiler/rustc_interface/src/tests.rs index 1ceb11ede19e3..c9970898d25a5 100644 --- a/compiler/rustc_interface/src/tests.rs +++ b/compiler/rustc_interface/src/tests.rs @@ -567,10 +567,6 @@ fn test_codegen_options_tracking_hash() { // Make sure that changing a [TRACKED] option changes the hash. // This list is in alphabetical order. - tracked!( - branch_protection, - BranchProtection { bti: true, pac_ret: Some(PacRet { leaf: true, key: PAuthKey::B }) } - ); tracked!(code_model, Some(CodeModel::Large)); tracked!(control_flow_guard, CFGuard::Checks); tracked!(debug_assertions, Some(true)); @@ -723,6 +719,10 @@ fn test_debugging_options_tracking_hash() { tracked!(asm_comments, true); tracked!(assume_incomplete_release, true); tracked!(binary_dep_depinfo, true); + tracked!( + branch_protection, + BranchProtection { bti: true, pac_ret: Some(PacRet { leaf: true, key: PAuthKey::B }) } + ); tracked!(chalk, true); tracked!(codegen_backend, Some("abc".to_string())); tracked!(crate_attr, vec!["abc".to_string()]); diff --git a/compiler/rustc_session/src/options.rs b/compiler/rustc_session/src/options.rs index 03ce0cc42cd36..d3ffae36c6706 100644 --- a/compiler/rustc_session/src/options.rs +++ b/compiler/rustc_session/src/options.rs @@ -390,7 +390,7 @@ mod desc { pub const parse_stack_protector: &str = "one of (`none` (default), `basic`, `strong`, or `all`)"; pub const parse_branch_protection: &str = - "a `+` separated combination of `bti`, `b-key`, `pac-ret`, or `leaf`"; + "a `,` separated combination of `bti`, `b-key`, `pac-ret`, or `leaf`"; } mod parse { @@ -935,7 +935,7 @@ mod parse { crate fn parse_branch_protection(slot: &mut BranchProtection, v: Option<&str>) -> bool { match v { Some(s) => { - for opt in s.split('+') { + for opt in s.split(',') { match opt { "bti" => slot.bti = true, "pac-ret" if slot.pac_ret.is_none() => { @@ -953,7 +953,6 @@ mod parse { }; } } - _ => return false, } true @@ -971,8 +970,6 @@ options! { ar: String = (String::new(), parse_string, [UNTRACKED], "this option is deprecated and does nothing"), - branch_protection: BranchProtection = (BranchProtection::default(), parse_branch_protection, [TRACKED], - "set options for branch target identification and pointer authentication on AArch64"), code_model: Option = (None, parse_code_model, [TRACKED], "choose the code model to use (`rustc --print code-models` for details)"), codegen_units: Option = (None, parse_opt_number, [UNTRACKED], @@ -1101,6 +1098,8 @@ options! { (default: no)"), borrowck: String = ("migrate".to_string(), parse_string, [UNTRACKED], "select which borrowck is used (`mir` or `migrate`) (default: `migrate`)"), + branch_protection: BranchProtection = (BranchProtection::default(), parse_branch_protection, [TRACKED], + "set options for branch target identification and pointer authentication on AArch64"), cgu_partitioning_strategy: Option = (None, parse_opt_string, [TRACKED], "the codegen unit partitioning strategy to use"), chalk: bool = (false, parse_bool, [TRACKED], diff --git a/src/doc/rustc/src/codegen-options/index.md b/src/doc/rustc/src/codegen-options/index.md index 484242d86fe10..0201b88417a8b 100644 --- a/src/doc/rustc/src/codegen-options/index.md +++ b/src/doc/rustc/src/codegen-options/index.md @@ -7,29 +7,6 @@ a version of this list for your exact compiler by running `rustc -C help`. This option is deprecated and does nothing. -## branch-protection - -This option lets you enable branch authentication instructions on AArch64. -This option is ignored for non-AArch64 architectures. -It takes some combination of the following values, separated by a `+`. - -- `pac-ret` - Enable pointer authentication for non-leaf functions. -- `leaf` - Enable pointer authentication for all functions, including leaf functions. -- `b-key` - Sign return addresses with key B, instead of the default key A. -- `bti` - Enable branch target identification. - -`leaf` and `b-key` are only valid if `pac-ret` was previously specified. -For example, `-C branch-protection=bti+pac-ret+leaf` is valid, but -`-C branch-protection=bti+leaf+pac-ret` is not. - -Repeated values are ignored. -For example, `-C branch-protection=pac-ret+leaf+pac-ret` is equivalent to -`-C branch-protection=pac-ret+leaf`. - -Rust's standard library does not ship with BTI or pointer authentication enabled by default. \ -In Cargo projects the standard library can be recompiled with pointer authentication using the nightly -[build-std](https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#build-std) feature. - ## code-model This option lets you choose which code model to use. \ diff --git a/src/doc/unstable-book/src/compiler-flags/branch-protection.md b/src/doc/unstable-book/src/compiler-flags/branch-protection.md new file mode 100644 index 0000000000000..85403748e1dcd --- /dev/null +++ b/src/doc/unstable-book/src/compiler-flags/branch-protection.md @@ -0,0 +1,18 @@ +# `branch-protection` + +This option lets you enable branch authentication instructions on AArch64. +This option is ignored for non-AArch64 architectures. +It takes some combination of the following values, separated by a `,`. + +- `pac-ret` - Enable pointer authentication for non-leaf functions. +- `leaf` - Enable pointer authentication for all functions, including leaf functions. +- `b-key` - Sign return addresses with key B, instead of the default key A. +- `bti` - Enable branch target identification. + +`leaf` and `b-key` are only valid if `pac-ret` was previously specified. +For example, `-Z branch-protection=bti,pac-ret,leaf` is valid, but +`-Z branch-protection=bti,leaf,pac-ret` is not. + +Rust's standard library does not ship with BTI or pointer authentication enabled by default. +In Cargo projects the standard library can be recompiled with pointer authentication using the nightly +[build-std](https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#build-std) feature. diff --git a/src/test/assembly/aarch64-pointer-auth.rs b/src/test/assembly/aarch64-pointer-auth.rs index e778e67e1b384..27e289086b9dd 100644 --- a/src/test/assembly/aarch64-pointer-auth.rs +++ b/src/test/assembly/aarch64-pointer-auth.rs @@ -3,7 +3,7 @@ // min-llvm-version: 10.0.1 // assembly-output: emit-asm // compile-flags: --target aarch64-unknown-linux-gnu -// compile-flags: -C branch-protection=pac-ret+leaf +// compile-flags: -Z branch-protection=pac-ret,leaf // needs-llvm-components: aarch64 #![feature(no_core, lang_items)] diff --git a/src/test/codegen/branch-protection.rs b/src/test/codegen/branch-protection.rs index 79706cdf070e5..106c9b148ee35 100644 --- a/src/test/codegen/branch-protection.rs +++ b/src/test/codegen/branch-protection.rs @@ -3,10 +3,10 @@ // revisions: bti pac-ret leaf b-key // min-llvm-version: 12.0.0 // needs-llvm-components: aarch64 -// [bti] compile-flags: -C branch-protection=bti -// [pac-ret] compile-flags: -C branch-protection=pac-ret -// [leaf] compile-flags: -C branch-protection=pac-ret+leaf -// [b-key] compile-flags: -C branch-protection=pac-ret+b-key +// [bti] compile-flags: -Z branch-protection=bti +// [pac-ret] compile-flags: -Z branch-protection=pac-ret +// [leaf] compile-flags: -Z branch-protection=pac-ret,leaf +// [b-key] compile-flags: -Z branch-protection=pac-ret,b-key // compile-flags: --target aarch64-unknown-linux-gnu #![crate_type = "lib"] diff --git a/src/test/run-make-fulldeps/pointer-auth-link-with-c/Makefile b/src/test/run-make-fulldeps/pointer-auth-link-with-c/Makefile index 36d0f0e5a19e0..d0e22cfef4c2a 100644 --- a/src/test/run-make-fulldeps/pointer-auth-link-with-c/Makefile +++ b/src/test/run-make-fulldeps/pointer-auth-link-with-c/Makefile @@ -5,10 +5,10 @@ all: $(COMPILE_OBJ) $(TMPDIR)/test.o test.c $(AR) rcs $(TMPDIR)/libtest.a $(TMPDIR)/test.o - $(RUSTC) -C branch-protection=bti+pac-ret+leaf test.rs + $(RUSTC) -Z branch-protection=bti,pac-ret,leaf test.rs $(call RUN,test) $(COMPILE_OBJ) $(TMPDIR)/test.o test.c -mbranch-protection=bti+pac-ret+leaf $(AR) rcs $(TMPDIR)/libtest.a $(TMPDIR)/test.o - $(RUSTC) -C branch-protection=bti+pac-ret+leaf test.rs - $(call RUN,test) \ No newline at end of file + $(RUSTC) -Z branch-protection=bti,pac-ret,leaf test.rs + $(call RUN,test) diff --git a/src/test/ui/invalid-compile-flags/branch-protection-missing-pac-ret.rs b/src/test/ui/invalid-compile-flags/branch-protection-missing-pac-ret.rs new file mode 100644 index 0000000000000..4f39d223a2e0c --- /dev/null +++ b/src/test/ui/invalid-compile-flags/branch-protection-missing-pac-ret.rs @@ -0,0 +1 @@ +// compile-flags: -Z branch-protection=leaf diff --git a/src/test/ui/invalid-compile-flags/branch-protection-missing-pac-ret.stderr b/src/test/ui/invalid-compile-flags/branch-protection-missing-pac-ret.stderr new file mode 100644 index 0000000000000..5528d2a0729c9 --- /dev/null +++ b/src/test/ui/invalid-compile-flags/branch-protection-missing-pac-ret.stderr @@ -0,0 +1,2 @@ +error: incorrect value `leaf` for debugging option `branch-protection` - a `,` separated combination of `bti`, `b-key`, `pac-ret`, or `leaf` was expected +