From aac367abfdd0750388a5a9825b69d8977c5439c7 Mon Sep 17 00:00:00 2001
From: Bill Roberts <bill.roberts@arm.com>
Date: Wed, 12 Jun 2024 14:02:26 -0500
Subject: [PATCH] aarch64: enable PAC and BTI

Enable Pointer Authentication Codes (PAC) and Branch Target
Identification (BTI) support for ARM 64 targets.

Since the code base has no indirect branches or indirect jumps to any of
the assembly code, no need to mark up any of the assembly with PAC or
BTI instructions.

For BTI to work, all object files linked for a unit of execution,
whether an executable or a library must have the GNU Notes section of
the ELF file marked to indicate BTI support. This is so loader/linkers
can apply the proper permission bits (PROT_BRI) on the memory region.

PAC can also be annotated in the GNU ELF notes section, but it's not
required for enablement, as interleaved PAC and non-pac code works as
expected since it's the callee that performs all the checking.

Signed-off-by: Bill Roberts <bill.roberts@arm.com>
---
 Asm/arm64/LzmaDecOpt.S | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/Asm/arm64/LzmaDecOpt.S b/Asm/arm64/LzmaDecOpt.S
index 10dc473..0eafb10 100644
--- a/Asm/arm64/LzmaDecOpt.S
+++ b/Asm/arm64/LzmaDecOpt.S
@@ -10,6 +10,38 @@
 ; LzmaDec_DecodeReal_*() must be equal in both versions (C / ASM).
 */
 
+/*
+ ; AAarch64 PAC and BTI Support.
+ ;
+ ; Assembly:
+ ;  Since this code base has no indirect calls or jumps to any assembly,
+ ;  there is no need to modify the source code with bti or pac instructions.
+ ;
+ ; GNU Notes:
+ ;   BTI requires the GNU Elf notes section in order to be enabled. This is
+ ;   because linkers/loaders look at this section to determine page protections,
+ ;   specifically PROT_BTI when mapping in the instructions. PAC is a nice to
+ ;   have for auditing purposes. Note that unconditionally adding PAC and BTI here
+ ;   is OK since the linker will just discard the note for the produced linked
+ ;   object file.
+ */
+#if defined(__ELF__)
+  /* Define the property values for GNU notes section in ELF */
+  #define GNU_PROPERTY_AARCH64_BTI 0x1
+  #define GNU_PROPERTY_AARCH64_POINTER_AUTH 0x2
+
+  .pushsection .note.gnu.property, "a";
+  .balign 8;
+  .long 4;
+  .long 0x10;
+  .long 0x5;
+  .asciz "GNU";
+  .long 0xc0000000; /* GNU_PROPERTY_AARCH64_FEATURE_1_AND */
+  .long 4;
+  .long(GNU_PROPERTY_AARCH64_POINTER_AUTH | GNU_PROPERTY_AARCH64_BTI);
+  .long 0;
+  .popsection;
+#endif
 
 #include "7zAsm.S"