From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <musl-return-20361-ml=inbox.vuxu.org@lists.openwall.com>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=5.0 tests=DKIM_ADSP_CUSTOM_MED,
	DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,T_SCC_BODY_TEXT_LINE
	autolearn=ham autolearn_force=no version=3.4.4
Received: from second.openwall.net (second.openwall.net [193.110.157.125])
	by inbox.vuxu.org (Postfix) with SMTP id 388D824583
	for <ml@inbox.vuxu.org>; Mon, 12 Feb 2024 22:34:57 +0100 (CET)
Received: (qmail 9354 invoked by uid 550); 12 Feb 2024 21:31:58 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Reply-To: musl@lists.openwall.com
Received: (qmail 9321 invoked from network); 12 Feb 2024 21:31:57 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1707773684; x=1708378484; darn=lists.openwall.com;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=24qbBXg+4neaP8yodn7x2KsYUiLMGWp+ZRedo1Oyj5g=;
        b=MypXYMxB6dlkDEvAdG5Vd9JBjVrF5651+/LKQAo2zDmwuHHsUsd4fmbkZIlZitWQ3t
         8AxxdjNpcEZ8rrnlEby3xAGDjxRP9vC6Cpkx4n4OaC8CniQTjfuDSkUZO8QZ+7W6wZtF
         EbBc0moARaA9haKF9HqqY9BJxI0EyRSCjtuZ5CJjeuK446j/YBOHrNVVrtc/WSTtHiOM
         Ozbuc+uQWXnhA8bTehz+OymBDcEkILqnW792MoTkxx4a0/t7ePStyLlUdHguT37SdW+r
         D6BSsO+H3FPKFio2YwRDxjOl0z5zy2CaUZyXYG3cggSUTgAG3XTgw/pegtKH49UM0+5e
         0I5g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1707773684; x=1708378484;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=24qbBXg+4neaP8yodn7x2KsYUiLMGWp+ZRedo1Oyj5g=;
        b=rGIlZRKXG7+npCC0V04Sj3PVliaNFzhNicYnEXFWL9tGf7FVR9e+whs8U4cgQCcwc2
         2Etc2Ikf6Ua9wa2Y/MS10YdCeOEeY5yrenkZLnAcwMpn/Nn4LVf81Ax1LoBJx6TaKH7X
         OW7E6xAoVzOrqwnYUVxnsrlHQ8wE7b2iuOs+8lwOibaqXZUMG07RlxJIKw+hmisbbadG
         7pEffGuxhWQncumyFCwESXVZ1sA5SFMfjmx/C3yDEMAkAXKo61rS5TWbUd4aE4epV2h7
         UWHHvH/yI+/8egVJQk3cKRUe0OUWMcMOi4w9W7XnKI9UObFDsUJG5/Kx5UrQDq8bXpo1
         mcXQ==
X-Gm-Message-State: AOJu0YySjZTP4RaUHaZUJVDRT1W3ci5qsj1BwkLh3121Gmo3CIDAiSAX
	Y3yBLt7QfPEClSmvTYoIPPzfQzZb8ii/HJzHPwE83THcUV3JaJRRMo5qmI46CGbhbLwqdqH8WHL
	JONvst09juAiYE4dt5Fuu1VzPGLJrOzU4DWAkYdRrsMMg4Ig6i0oJppk=
X-Google-Smtp-Source: AGHT+IGMGAVBtLmwxzWv/Foa+nl0GtK0lxlehFNOBgkHYWnxo0JEpuGtjIi6NpXqQA9SerRsQuyFQDFh9ZXJZRgEmmk=
X-Received: by 2002:a0c:dd89:0:b0:68c:a6ab:19ba with SMTP id
 v9-20020a0cdd89000000b0068ca6ab19bamr7291761qvk.16.1707773684015; Mon, 12 Feb
 2024 13:34:44 -0800 (PST)
MIME-Version: 1.0
References: <CAFftDdqgJSvfaAYPDFKeu6pijobosS=VwHfkvSwBni6G=sUZJg@mail.gmail.com>
 <20240212184236.GZ4163@brightrain.aerifal.cx> <CAFftDdpoPk_=OQAZeohTWL4j6NcNte_eOG=euEq2u+WQYDSY2w@mail.gmail.com>
In-Reply-To: <CAFftDdpoPk_=OQAZeohTWL4j6NcNte_eOG=euEq2u+WQYDSY2w@mail.gmail.com>
From: enh <enh@google.com>
Date: Mon, 12 Feb 2024 13:34:32 -0800
Message-ID: <CAJgzZoqy294CRN3s5oKaFZY8Uca9Za98vDoRjzQBmKtg4OjHrQ@mail.gmail.com>
To: musl@lists.openwall.com
Cc: Rich Felker <dalias@libc.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [musl] PAC/BTI Support on aarch64

On Mon, Feb 12, 2024 at 1:26=E2=80=AFPM William Roberts
<bill.c.roberts@gmail.com> wrote:
>
> On Mon, Feb 12, 2024 at 12:42=E2=80=AFPM Rich Felker <dalias@libc.org> wr=
ote:
> >
> > On Mon, Feb 12, 2024 at 10:38:50AM -0600, William Roberts wrote:
> > > Hello,
> > >
> > > I was just wondering if there was any work being done to support PAC
> > > and BTI in aarch64? I could add support but didn't want to duplicate
> > > the work.
> >
> > I'm not aware of any active work on this, but before writing a full
> > implementation, it would be really helpful to start with a basic
> > proposal for the scope of changes needed to make it work to assess
> > whether these are manageable and acceptable cost.
>
> It's a matter of building with -mbranch-protection=3Dstandard
>
> Just the ASM labels need the first instruction to be a BTI. They're in
> the NOP space
> so they are backwards compatible, older hardware will just NOP it.
>
> It's been done for many projects, glibc and bionic have it. The
> problem with BTI is that when one item in the link
> list doesn't support BTI the loader/linker turns it off. So when it's
> something like a libc that is fundamental in the link chain,
> it turns it off for everything.

note that bionic was quite sneaky, and if you look at bionic's arm64
.S files, you'll think we _haven't_ done the BTI work... we hid the
`bti c` instruction in the implementation of our ENTRY() macro
[https://android.googlesource.com/platform/bionic/+/main/libc/private/bioni=
c_asm_arm64.h#48]
and similarly the ELF note you need is hidden by macros too
[https://android.googlesource.com/platform/bionic/+/main/libc/private/bioni=
c_asm_arm64.h#60].

> The initial scope of code changes would be what's reported when
> LDFLAGS=3D-Wl,-zforce-bti,--fatal-warnings
>
> /usr/bin/ld: obj/src/fenv/aarch64/fenv.lo: warning: BTI turned on by
> -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/ldso/aarch64/dlsym.lo: warning: BTI turned on by
> -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/ldso/aarch64/tlsdesc.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/process/aarch64/vfork.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/setjmp/aarch64/longjmp.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/setjmp/aarch64/setjmp.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/signal/aarch64/restore.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/signal/aarch64/sigsetjmp.lo: warning: BTI turned
> on by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/string/aarch64/memcpy.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/string/aarch64/memset.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/thread/aarch64/__set_thread_area.lo: warning: BTI
> turned on by -z force-bti when all inputs do not have BTI in NOTE
> section.
> /usr/bin/ld: obj/src/thread/aarch64/__unmapself.lo: warning: BTI
> turned on by -z force-bti when all inputs do not have BTI in NOTE
> section.
> /usr/bin/ld: obj/src/thread/aarch64/clone.lo: warning: BTI turned on
> by -z force-bti when all inputs do not have BTI in NOTE section.
> /usr/bin/ld: obj/src/thread/aarch64/syscall_cp.lo: warning: BTI turned
> on by -z force-bti when all inputs do not have BTI in NOTE section.
>
> >
> > Rich