Skip to content

Pointer authentication config and user facing options#156712

Open
jchlanda wants to merge 21 commits into
rust-lang:mainfrom
jchlanda:jakub/pac_config
Open

Pointer authentication config and user facing options#156712
jchlanda wants to merge 21 commits into
rust-lang:mainfrom
jchlanda:jakub/pac_config

Conversation

@jchlanda
Copy link
Copy Markdown

@jchlanda jchlanda commented May 18, 2026
edited by rustbot
Loading

View all comments

This patch brings:

  • unified handling of pointer authentication options through:
    -Zpointer-authentication, with possible values:
    aarch64-jump-table-hardening, auth-traps, calls, elf-got,
    function-pointer-type-discrimination, indirect-gotos, init-fini,
    init-fini-address-discrimination, return-addresses. Toggled with
    +/-.
  • centralized handling of pointer authentication features. Session holds
    pointer_auth_config: Option<PointerAuthConfig>
  • encapsulation of schema for function pointers and init/fini through
    PointerAuthSchema. This allowed for retiring of PacMetadata.
  • refactor enabling of pointer authentication in code, instead of
    relying on the target (pauthtest) use the session

@rustbot rustbot added A-compiletest Area: The compiletest test runner A-LLVM Area: Code generation parts specific to LLVM. Both correctness bugs and optimization-related issues. A-run-make Area: port run-make Makefiles to rmake.rs A-test-infra-minicore Area: `minicore` test auxiliary and `//@ add-core-stubs` A-testsuite Area: The testsuite used to check the correctness of rustc S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. T-bootstrap Relevant to the bootstrap subteam: Rust's build system (x.py and src/bootstrap) T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels May 18, 2026
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@jchlanda jchlanda force-pushed the jakub/pac_config branch from 77fe412 to b0a7e47 Compare May 18, 2026 13:15
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@jchlanda jchlanda force-pushed the jakub/pac_config branch from b0a7e47 to 4e8d9e3 Compare May 18, 2026 13:23
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@jchlanda jchlanda force-pushed the jakub/pac_config branch from 4e8d9e3 to 418f447 Compare May 18, 2026 13:39
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@jchlanda jchlanda force-pushed the jakub/pac_config branch from 418f447 to 6af45da Compare May 18, 2026 14:26
@jchlanda
Copy link
Copy Markdown
Author

jchlanda commented May 19, 2026

@davidtwco, @folkertdev, @tgross35, @madsmtm FWI this is a follow up to #155722 and #156548
This will have to be rebased once the above are merged.

@jchlanda jchlanda marked this pull request as ready for review May 19, 2026 12:17
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented May 19, 2026

This PR modifies src/bootstrap/src/core/config.

If appropriate, please update CONFIG_CHANGE_HISTORY in src/bootstrap/src/utils/change_tracker.rs.

Some changes occurred in src/tools/compiletest

cc @jieyouxu

The GCC codegen subtree was changed

cc @antoyo, @GuillaumeGomez

compiletest directives have been modified. Please add or update docs for the
new or modified directive in src/doc/rustc-dev-guide/.

Some changes occurred in src/doc/rustc/src/platform-support

cc @Noratrieb

This PR modifies tests/auxiliary/minicore.rs.

cc @jieyouxu

These commits modify compiler targets.
(See the Target Tier Policy.)

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. and removed S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. labels May 19, 2026
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented May 19, 2026

r? @mejrs

rustbot has assigned @mejrs.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Why was this reviewer chosen?

The reviewer was selected based on:

  • Owners of files modified in this PR: compiler
  • compiler expanded to 73 candidates
  • Random selection from 20 candidates

@rust-log-analyzer

This comment has been minimized.

Sign in to view
@jchlanda jchlanda force-pushed the jakub/pac_config branch from 82f7a40 to 1c7ac6d Compare May 20, 2026 14:41
@jchlanda jchlanda mentioned this pull request May 21, 2026
Open
@rust-bors

This comment has been minimized.

Sign in to view
@mejrs
Copy link
Copy Markdown
Contributor

mejrs commented May 24, 2026

Hi, I am not qualified to review this.

r? madsmtm or reroll maybe

@jchlanda jchlanda force-pushed the jakub/pac_config branch from 57246bd to b185861 Compare May 27, 2026 08:40
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@jchlanda jchlanda force-pushed the jakub/pac_config branch from b185861 to aed511f Compare May 27, 2026 09:52
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@jchlanda jchlanda force-pushed the jakub/pac_config branch from aed511f to 68d5206 Compare May 27, 2026 12:03
@madsmtm madsmtm mentioned this pull request May 28, 2026
Open
madsmtm
madsmtm reviewed May 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@madsmtm madsmtm left a comment
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Quick look, will go over in more detail after #155722 (and perhaps a bit before if I get the time).

View changes since this review

Comment thread compiler/rustc_session/src/options.rs
}
}

pub(crate) fn parse_pointer_authentication_list_with_polarity(
Copy link
Copy Markdown
Contributor

@madsmtm madsmtm May 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remark: Huh, I thought we'd be better at doing this parsing... I get the sense that this entire module could be simplified a bunch, but the impl you've done here is fine for now.

Comment thread compiler/rustc_session/src/config.rs
"indirect-gotos" => Some(Self::IndirectGotos),
"init-fini" => Some(Self::InitFini),
"init-fini-address-discrimination" => Some(Self::InitFiniAddressDiscrimination),
"intrinsics" => Some(Self::Intrinsics),
Copy link
Copy Markdown
Contributor

@madsmtm madsmtm May 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: This seems like it should just be part of core_intrinsics?

Copy link
Copy Markdown
Author

@jchlanda jchlanda Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure, probably not.

Intrinsics here refer to the set introduced in <ptrauth.h>. And we only need it for the calculation of the pauth ABI version.

For reference, -fptrauth-intrinsics was introduced to clang here.

Comment thread compiler/rustc_session/src/config.rs
"vt-ptr-addr-discrimination" => Some(Self::VTPtrAddrDisc),
"vt-ptr-type-discrimination" => Some(Self::VTPtrTypeDisc),
_ => None,
}
Copy link
Copy Markdown
Contributor

@madsmtm madsmtm May 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, we're not following the same naming scheme here as Clang, maybe we should? In particular:

  • -Zpointer-authentication=+return-addresses <-> -fptrauth-returns
  • -Zpointer-authentication=+typeinfo-vt-ptr-discrimination <-> -fptrauth-type-info-vtable-pointer-discrimination
  • -Zpointer-authentication=+vt-ptr-addr-discrimination <-> -fptrauth-vtable-pointer-address-discrimination
  • -Zpointer-authentication=+vt-ptr-type-discrimination <-> -fptrauth-vtable-pointer-type-discrimination

In any case, could you link to Clang's or LLVM's docs on the enum variants for reference?

Copy link
Copy Markdown
Author

@jchlanda jchlanda Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've linked clang's command line reference, slight complication is that we only support a subset of those (for instance we are unlikely to ever interact with obj-c).

Are you saying that:

  • we should get rid of -Zpointer-authentication all together,
  • or that the values that the option takes should match exactly how they are spelled out in clang (i.e. -Zpointer-authentication=+ptrauth-returns instead of what it is now: -Zpointer-authentication=+return-addresses)?

One thing that I would say is that the list with polarity provides a nice way to opt-in/opt-out. Without it we would have to duplicate every entry with -Zno-.....

Comment thread compiler/rustc_session/src/options.rs
"whether to use the PLT when calling into shared libraries;
only has effect for PIC code on systems with ELF binaries
(default: PLT is disabled if full relro is enabled on x86_64)"),
pointer_authentication: Vec<(PointerAuthOption, bool)> = (Vec::new(), parse_pointer_authentication_list_with_polarity, [TRACKED],
Copy link
Copy Markdown
Contributor

@madsmtm madsmtm May 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you create a new tracking issue for these options, and add docs for this to doc/unstable-book/compiler-flags?

Copy link
Copy Markdown
Contributor

@madsmtm madsmtm May 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One unresolved question I'd like to add before we can consider stabilizing this is "correctness"; how do we ensure the security correctness of the implementation, both for the initial implementation, and as the compiler evolves.

@jchlanda jchlanda mentioned this pull request Jun 1, 2026
Open
@jchlanda jchlanda force-pushed the jakub/pac_config branch from 68d5206 to f7791c4 Compare June 1, 2026 11:13
@jchlanda jchlanda force-pushed the jakub/pac_config branch 4 times, most recently from 5e94586 to 90c3ab6 Compare June 1, 2026 12:20
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@jchlanda jchlanda force-pushed the jakub/pac_config branch from 90c3ab6 to 503d1e6 Compare June 1, 2026 13:07
jchlanda added 12 commits June 1, 2026 15:04
@jchlanda
PR feedback: Attributes
b9c1650
@jchlanda
PR feedback: Init/Fini
1fc3327
@jchlanda
PR feedback: Teach bootstrap
c117a49
@jchlanda
PR feedback: Override static
2db4afd
@jchlanda
PR feedback: Use target_env
b0e8e26
@jchlanda
Add library support for aarch64-unknown-linux-pauthtest
df350ce
@jchlanda
Use target_env = "musl" & target_abi = "pauthtest" instead of env
b56662b
@jchlanda
Pointer authentication config and user facing options
563b458 
This patch brings:
* unified handling of pointer authentication options through:
  `-Zpointer-authentication`, with possible values:
  `aarch64-jump-table-hardening`, `auth-traps`, `calls`, `elf-got`,
  `function-pointer-type-discrimination`, `indirect-gotos`, `init-fini`,
  `init-fini-address-discrimination`, `return-addresses`. Toggled with
  `+`/`-`.
* centralized handling of pointer authentication features. Session holds
  `pointer_auth_config: Option<PointerAuthConfig>`
* encapsulation of schema for function pointers and init/fini through
  `PointerAuthSchema`. This allowed for retiring of `PacMetadata`.
* refactor enabling of pointer authentication in code, instead of
  relying on the target (`pauthtest`) use the session
@jchlanda
Extend version support with C++ specifics
7df7cd8
@jchlanda
Document -Zpointer-authentication option
52a63a7
@jchlanda
PR feedback
046ee9f 
- warning on unsupported test
- error on type discrimination
- removal of PointerAuthKind
@jchlanda
PR feedback
d601217
@jchlanda jchlanda force-pushed the jakub/pac_config branch from 361b585 to d601217 Compare June 1, 2026 15:07
@madsmtm madsmtm linked an issue Jun 2, 2026 that may be closed by this pull request
Unify handling of pointer authentication features #155868
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@madsmtm madsmtm madsmtm left review comments

+1 more reviewer

@kovdan01 kovdan01 kovdan01 left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@madsmtm madsmtm

Labels

A-compiletest Area: The compiletest test runner A-LLVM Area: Code generation parts specific to LLVM. Both correctness bugs and optimization-related issues. A-run-make Area: port run-make Makefiles to rmake.rs A-test-infra-minicore Area: `minicore` test auxiliary and `//@ add-core-stubs` A-testsuite Area: The testsuite used to check the correctness of rustc S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-bootstrap Relevant to the bootstrap subteam: Rust's build system (x.py and src/bootstrap) T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-libs Relevant to the library team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Unify handling of pointer authentication features

6 participants

@jchlanda @rust-log-analyzer @rustbot @mejrs @madsmtm @kovdan01