[AArch64] When signing return addresses by default, using some Concurrency primitives can cause a crash

[3405691582]

Description

Using -msign-return-address options (like in #78394 on OpenBSD) and Concurrency primitives like withTaskGroup can cause a PAC trap.

The hypothesis is that Concurrency may perform some manipulations for task switching that would otherwise require manual pointer signing, but the intrinsics for manual pointer signing in LLVM are gated on Darwin, so manual signing does not occur. This conflicts with the enabled return address/stack pointer signing.

Reproduction

@main struct Main {
  static func main() async {
    await withTaskGroup(of: Int.self) { group in print("hello") }
  }
}

Execute with swiftc -parse-as-library -g bad.swift -Xcc -Xclang=-msign-return-address=non-leaf.

Expected behavior

Code executes normally.

Environment

aarch64: swift 6.0.3 prebuilt on Linux, swift HEAD on OpenBSD.

Additional information

As mentioned, manual pointer signing is available on Darwin/aarch64, so this doesn't actually pose a problem there.

However, we use -msign-return-address on OpenBSD since enforcement of indirect branch targets is mandatory, unless explicitly opted out by informing the platform linker (with -z nobtcfi). The platform compiler adds the flags -mbranch-target-enforce, -msign-return-address=non-leaf, and -msign-return-address-key=a_key by default. When the latter two options are enabled, the compiler emits paciasp and autiasp instructions for PAC on the stack pointer. When there is a misbranch on OpenBSD, the binary will receive a SIGILL signal and code ILL_BTCFI to indicate this branch target issue. However, in the above case, the ESR indicates a pointer authentication failure.

-msign-return-address appears optional on Linux, though enabling it highlights the problem as well.

[3405691582]

This is mainly of relevance to the OpenBSD port but is not limited to it.