[llvm] [llvm-exegesis][AArch64] Check for PAC keys before disabling them (PR #138643)

Anatoly Trosinenko via llvm-commits llvm-commits at lists.llvm.org
Fri May 30 02:38:46 PDT 2025 

================
@@ -207,18 +215,50 @@ class ExegesisAArch64Target : public ExegesisTarget {
 
     if (isPointerAuth(Opcode)) {
 #if defined(__aarch64__) && defined(__linux__)
-      // Disable all PAC keys. Note that while we expect the measurements to
-      // be the same with PAC keys disabled, they could potentially be lower
-      // since authentication checks are bypassed.
-      if (prctl(PR_PAC_SET_ENABLED_KEYS,
-                PR_PAC_APIAKEY | PR_PAC_APIBKEY | PR_PAC_APDAKEY |
-                    PR_PAC_APDBKEY, // all keys
-                0,                  // disable all
-                0, 0) < 0) {
-        return "Failed to disable PAC keys";
+      // Only proceed with PAC key control if explicitly requested
+      if (!AArch64DisablePacControl) {
+        // For some systems with existing PAC keys set, it is better to
+        // check the existing state of the key before setting it.
+        // For systems without PAC, this is a No-op but with PAC, it is
+        // better to check the existing key state and then disable/enable them
+        // to avoid runtime crashes owing to unsupported prctl opcodes or if the
+        // CPU implements FEAT_PAuth with FEAT_FPAC (in which case this method
+        // would silently return.). If the CPU implements FEAT_FPAC,
+        // authentication instructions almost certainly crash when being
+        // benchmarked, so disable all the keys by default. On the other hand,
+        // disabling the keys at run-time can probably crash llvm-exegesis at
+        // some later point, depending on how it was built. For that reason, the
+        // user may pass
+        // --COMMAND-LINE-OPTION-NAME in case llvm-exegesis crashes or
+        // instruction timings are affected. Hence the guard for switching.
----------------
atrosinenko wrote:

Could you please recheck this comment as a whole and remove/fix obsolete parts, etc.? For example, while disabling the keys could be considered no-op w.r.t. snippet execution on systems without PAuth, it doesn't seem to be no-op w.r.t `prctl` calls: as far as I can see from Linux kernel sources, these calls explicitly return EINVAL when PAuth is not available.

https://github.com/llvm/llvm-project/pull/138643

More information about the llvm-commits mailing list