From 9c8a542ef0e34bc456b77b0a4ff621280839b813 Mon Sep 17 00:00:00 2001
From: Francisco Javier Honduvilla Coto <javierhonduco@gmail.com>
Date: Tue, 14 May 2024 11:04:40 +0100
Subject: [PATCH] arm64: Add executable compiled with PAC

arm64 (aka aarch64) has a security feature called PAC (Pointer
Authentication Codes) to sign pointers which are later checked by the
CPU to ensure the addresses haven't been tampered with. This commit adds
a program to ensure we canunwind through code compiled with signed
return addresses.

Test Plan
========

```
(gdb) bt
```
---
 flake.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index 470b6bf..6d517a0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -11,6 +11,7 @@
     };
   };
   outputs = { self, nixpkgs, flake-utils, rust-overlay }:
+
     flake-utils.lib.eachSystem [ "x86_64-linux" "aarch64-linux" ]
       (system:
         let
@@ -57,6 +58,8 @@
               clang -O3 main.cpp -o main_cpp_clang_O3
 
               clang -O3 -fno-omit-frame-pointer main.cpp -o main_cpp_clang_no_omit_fp_O3
+
+              ${if system == "aarch64-linux" then "clang -O3 -mbranch-protection=pac-ret main.cpp -o main_cpp_clang_pac" else ""}
             '';
             installPhase = ''
               mkdir -p $out/bin
@@ -73,7 +76,7 @@
               cp main_cpp_clang_O3 $out/bin
 
               cp main_cpp_clang_no_omit_fp_O3 $out/bin
-
+              ${if system == "aarch64-linux" then "cp main_cpp_clang_pac $out/bin" else ""}
             '';
             buildInputs = [
               pkgs.gcc