A common security exploit in systems where executable code is not writable involves code re-use, where "gadgets" of legitimate code are strung together by exploiting return instructions present in the code.

To make this harder to perform, version 8.3 of the Arm architecture has been extended with the ability to authenticate the contents of registers before that register is used as the target of an indirect branch or as a load.

This extension, called Pointer Authentication, adds up a security layer for mitigating attacks leveraging the execution flow control of a given program and it would improve security in Chromium.

Clang has already been updated to compile code featuring this option under the -msign-return-address flag.

However, because Chromium sometimes needs to unwind its own stack trace (for instance bug reports), this doesn't work when using -msign-return-address.

This happens because the source code is linked against an old version of unwind functions that don't support unwinding stack traces where return addresses have been stored with cryptographic signatures on the stack. 

The most commonly used unwind libraries have already been updated: 

libgcc - https://github.com/gcc-mirror/gcc/commit/d10c58fdea0b9715e11624a6216cd63316dc4ca2#diff-ea4d20a7c7c310724dd8b2e08b21d921
libunwind - https://github.com/llvm-mirror/libunwind/commit/96fa50101690f48f0e7a7ffe363a5612d9ecac41

Currently Chromium (for an Android build) picks the unwinding functions ( _Unwind_Backtrace ) from libgcc.a, which comes prebuilt in the android NDK:

third_party/android_ndk/toolchains/aarch64-linux-android-4.9/prebuilt/linux-x86_64/lib/gcc/aarch64-linux-android/4.9.x/libgcc.a

In order to support Armv8.3 Pointer Authentication, Chromium needs to link against a library with updated unwind functions. According to https://android.googlesource.com/platform/ndk/+/master/docs/Roadmap.md it looks like the plan is eventually to drop libgcc and use compiler-rt and a custom unwinder.

This bug report is intended to track info around the following topics:

1. Find out what plans the Chromium for Android developers have to use the Pointer Authentication extension in the future, if Chromium starts using 64-bit Armv8 builds. 
2. Point out to the NDK developers that the custom unwinder will need to be made aware of Pointer Authentication.
3. Highlight that when compiling Chromium for Android with -msign-return-addresses then Chromium will need to use an updated unwinder library.