[clang] [llvm] [AArch64][PAC] Support ptrauth builtins and -fptrauth-intrinsics. (PR #65996)
Kristof Beyls via cfe-commits
cfe-commits at lists.llvm.org
Mon Mar 4 02:07:09 PST 2024
================
@@ -0,0 +1,485 @@
+Pointer Authentication
+======================
+
+.. contents::
+ :local:
+
+Introduction
+------------
+
+Pointer authentication is a technology which offers strong probabilistic
+protection against exploiting a broad class of memory bugs to take control of
+program execution. When adopted consistently in a language ABI, it provides
+a form of relatively fine-grained control flow integrity (CFI) check that
+resists both return-oriented programming (ROP) and jump-oriented programming
+(JOP) attacks.
+
+While pointer authentication can be implemented purely in software, direct
+hardware support (e.g. as provided by Armv8.3 PAuth) can dramatically improve
+performance and code size. Similarly, while pointer authentication
+can be implemented on any architecture, taking advantage of the (typically)
+excess addressing range of a target with 64-bit pointers minimizes the impact
+on memory performance and can allow interoperation with existing code (by
+disabling pointer authentication dynamically). This document will generally
+attempt to present the pointer authentication feature independent of any
+hardware implementation or ABI. Considerations that are
+implementation-specific are clearly identified throughout.
+
+Note that there are several different terms in use:
+
+- **Pointer authentication** is a target-independent language technology.
+
+- **PAuth** (sometimes referred to as **PAC**, for Pointer Authentication
+ Codes) is an AArch64 architecture extension that provides hardware support
+ for pointer authentication. Additional extensions either modify some of the
+ PAuth instruction behavior (notably FPAC), or provide new instruction
+ variants (PAuth_LR).
+
+- **Armv8.3** is an AArch64 architecture revision that makes PAuth mandatory.
+
+- **arm64e** is a specific ABI (not yet fully stable) for implementing pointer
+ authentication using PAuth on certain Apple operating systems.
+
+This document serves four purposes:
+
+- It describes the basic ideas of pointer authentication.
+
+- It documents several language extensions that are useful on targets using
+ pointer authentication.
+
+- It will eventually present a theory of operation for the security mitigation,
+ describing the basic requirements for correctness, various weaknesses in the
+ mechanism, and ways in which programmers can strengthen its protections
+ (including recommendations for language implementors).
+
+- It will eventually document the language ABIs currently used for C, C++,
+ Objective-C, and Swift on arm64e, although these are not yet stable on any
+ target.
+
+Basic Concepts
+--------------
+
+The simple address of an object or function is a **raw pointer**. A raw
+pointer can be **signed** to produce a **signed pointer**. A signed pointer
+can be then **authenticated** in order to verify that it was **validly signed**
+and extract the original raw pointer. These terms reflect the most likely
+implementation technique: computing and storing a cryptographic signature along
+with the pointer.
+
+An **abstract signing key** is a name which refers to a secret key which can
+used to sign and authenticate pointers. The concrete key value for a
----------------
kbeyls wrote:
s/can used/is used/?
https://github.com/llvm/llvm-project/pull/65996
More information about the cfe-commits
mailing list