cmd/internal/obj/arm64: add support for PAC instructions

Add support for the Pointer Authentication Code instructions
required for the ELF ABI when enabling PAC aware binaries.

This allows for assembly writers to add PAC instructions where needed to
support this ABI. Follow up work is to enable the compiler to emit these
instructions in the appropriate places.

The TL;DR for the Linux ABI is that the prologue of a function that
pushes the link register (LR) to the stack, signs the LR with a key
managed by the operating system and hardware using a PAC instruction,
like "paciasp". The function epilog, when restoring the LR from the
stack will verify the signature, using an instruction like "autiasp".

This helps prevents attackers from modifying the return address on the
stack, a common technique for ROP attacks.

Details on PAC can be found here:
  - https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enabling-pac-and-bti-on-aarch64
  - https://developer.arm.com/documentation/109576/0100/Pointer-Authentication-Code

The ABI details can be found here:
  - https://github.com/ARM-software/abi-aa/blob/main/aaelf64/aaelf64.rst

Change-Id: I4516ed1294d19f9ff9d278833d542821b6642aa9
Reviewed-on: https://go-review.googlesource.com/c/go/+/676675
Reviewed-by: Cherry Mui <cherryyz@google.com>
Reviewed-by: Joel Sing <joel@sing.id.au>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

diff --git a/src/cmd/asm/internal/asm/testdata/arm64.s b/src/cmd/asm/internal/asm/testdata/arm64.s
index 236f1a66979099193fd21f00b67415e0ba03e348..109a3d8316678bb1bb9d0320d7e90d9a77f46c29 100644 (file)
--- a/src/cmd/asm/internal/asm/testdata/arm64.s
+++ b/src/cmd/asm/internal/asm/testdata/arm64.s
@@ -1894,4 +1894,12 @@ next:
        BTI     J                                  // 9f2403d5
        BTI     JC                                 // df2403d5
 
+// Pointer Authentication Codes (PAC)
+       PACIASP                                    // 3f2303d5
+       AUTIASP                                    // bf2303d5
+       PACIBSP                                    // 7f2303d5
+       AUTIBSP                                    // ff2303d5
+       AUTIA1716                                  // 9f2103d5
+       AUTIB1716                                  // df2103d5
+
        END

diff --git a/src/cmd/asm/internal/asm/testdata/arm64error.s b/src/cmd/asm/internal/asm/testdata/arm64error.s
index 55890ce3e631a48a8d59aeaab76e9b71c81fc554..ce88e3ca540f13732d2816359a559765dd3758f2 100644 (file)
--- a/src/cmd/asm/internal/asm/testdata/arm64error.s
+++ b/src/cmd/asm/internal/asm/testdata/arm64error.s
@@ -422,4 +422,10 @@ TEXT errors(SB),$0
        SHA1H   V1.B16, V2.B16                                   // ERROR "invalid operands"
        BTI                                                      // ERROR "missing operand"
        BTI     PLDL1KEEP                                        // ERROR "illegal argument"
+       PACIASP C                                                // ERROR "illegal combination"
+       AUTIASP R2                                               // ERROR "illegal combination"
+       PACIBSP R0                                               // ERROR "illegal combination"
+       AUTIBSP C                                                // ERROR "illegal combination"
+       AUTIA1716       $45                                      // ERROR "illegal combination"
+       AUTIB1716       R0                                       // ERROR "illegal combination"
        RET

diff --git a/src/cmd/internal/obj/arm64/a.out.go b/src/cmd/internal/obj/arm64/a.out.go
index 710dd64b304c126f39d5d7951088e4bba7486705..814dba2c100b30232836837e7ca7772089e17e49 100644 (file)
--- a/src/cmd/internal/obj/arm64/a.out.go
+++ b/src/cmd/internal/obj/arm64/a.out.go
@@ -1020,6 +1020,12 @@ const (
        AWORD
        AYIELD
        ABTI
+       APACIASP
+       AAUTIASP
+       APACIBSP
+       AAUTIBSP
+       AAUTIA1716
+       AAUTIB1716
        ALAST
        AB  = obj.AJMP
        ABL = obj.ACALL

diff --git a/src/cmd/internal/obj/arm64/anames.go b/src/cmd/internal/obj/arm64/anames.go
index 379f53bab37cdb81e7b4e54a6ffd48c4f4d788c7..497429d99859222fdaf5011f6bff308d3ac1a9ba 100644 (file)
--- a/src/cmd/internal/obj/arm64/anames.go
+++ b/src/cmd/internal/obj/arm64/anames.go
@@ -537,5 +537,11 @@ var Anames = []string{
        "WORD",
        "YIELD",
        "BTI",
+       "PACIASP",
+       "AUTIASP",
+       "PACIBSP",
+       "AUTIBSP",
+       "AUTIA1716",
+       "AUTIB1716",
        "LAST",
 }

diff --git a/src/cmd/internal/obj/arm64/asm7.go b/src/cmd/internal/obj/arm64/asm7.go
index 172c2256d7eede836259c133c6736926f8b696af..cfb70cf08a3fd85eae966086f18df00b20e4d983 100644 (file)
--- a/src/cmd/internal/obj/arm64/asm7.go
+++ b/src/cmd/internal/obj/arm64/asm7.go
@@ -3017,6 +3017,13 @@ func buildop(ctxt *obj.Link) {
                        oprangeset(ANOOP, t)
                        oprangeset(ADRPS, t)
 
+                       oprangeset(APACIASP, t)
+                       oprangeset(AAUTIASP, t)
+                       oprangeset(APACIBSP, t)
+                       oprangeset(AAUTIBSP, t)
+                       oprangeset(AAUTIA1716, t)
+                       oprangeset(AAUTIB1716, t)
+
                case ACBZ:
                        oprangeset(ACBZW, t)
                        oprangeset(ACBNZ, t)
@@ -7016,6 +7023,24 @@ func (c *ctxt7) op0(p *obj.Prog, a obj.As) uint32 {
 
        case ASEVL:
                return SYSHINT(5)
+
+       case APACIASP:
+               return SYSHINT(25)
+
+       case AAUTIASP:
+               return SYSHINT(29)
+
+       case APACIBSP:
+               return SYSHINT(27)
+
+       case AAUTIBSP:
+               return SYSHINT(31)
+
+       case AAUTIA1716:
+               return SYSHINT(12)
+
+       case AAUTIB1716:
+               return SYSHINT(14)
        }
 
        c.ctxt.Diag("%v: bad op0 %v", p, a)