Initial back-edge CFI implementation (#3606)

Give the user the option to sign and to authenticate function return addresses with the operations introduced by the Pointer Authentication extension to the Arm instruction set architecture. Copyright (c) 2021, Arm Limited.
2022-08-03 19:08:29 +01:00
parent 709716bb8e
commit a897742593
17 changed files with 319 additions and 43 deletions
--- a/cranelift/codegen/meta/src/isa/arm64.rs
+++ b/cranelift/codegen/meta/src/isa/arm64.rs
@@ -5,7 +5,45 @@ use crate::shared::Definitions as SharedDefinitions;

 fn define_settings(_shared: &SettingGroup) -> SettingGroup {
    let mut setting = SettingGroupBuilder::new("arm64");
-    let has_lse = setting.add_bool("has_lse", "Has Large System Extensions support.", "", false);
+    let has_lse = setting.add_bool(
+        "has_lse",
+        "Has Large System Extensions (FEAT_LSE) support.",
+        "",
+        false,
+    );
+
+    setting.add_bool(
+        "has_pauth",
+        "Has Pointer authentication (FEAT_PAuth) support; enables the use of \
+         non-HINT instructions, but does not have an effect on code generation \
+         by itself.",
+        "",
+        false,
+    );
+    setting.add_bool(
+        "sign_return_address_all",
+        "If function return address signing is enabled, then apply it to all \
+        functions; does not have an effect on code generation by itself.",
+        "",
+        false,
+    );
+    setting.add_bool(
+        "sign_return_address",
+        "Use pointer authentication instructions to sign function return \
+         addresses; HINT-space instructions using the A key are generated \
+         and simple functions that do not use the stack are not affected \
+         unless overridden by other settings.",
+        "",
+        false,
+    );
+    setting.add_bool(
+        "sign_return_address_with_bkey",
+        "Use the B key with pointer authentication instructions instead of \
+        the default A key; does not have an effect on code generation by \
+        itself. Some platform ABIs may require this, for example.",
+        "",
+        false,
+    );

    setting.add_predicate("use_lse", predicate!(has_lse));
    setting.build()