Skip to content

Remove pointer authentication from fibers#13118

Open
alexcrichton wants to merge 1 commit intobytecodealliance:mainfrom
alexcrichton:remove-pointer-authentication
Open

Remove pointer authentication from fibers#13118
alexcrichton wants to merge 1 commit intobytecodealliance:mainfrom
alexcrichton:remove-pointer-authentication

Conversation

@alexcrichton
Copy link
Copy Markdown
Member

@alexcrichton alexcrichton commented Apr 16, 2026

This commit removes the pointer authentication instructions from our fiber implementation. There's more rationale in #12778 for this but the basic problems are:

  • Android uses the "A" key to sign return addresses, but the "A" key differs between threads. This causes resuming fibers across threads to crash.
  • Rust does not provide the ability to know when pointer authentication is enabled, nor does it have a way of enabling pointer authentication for generated code on stable.
  • We can't currently find reference documentation for which key should be used ABI-wise for each target, nor why the Android "A" key is changing across threads in the same process.

Overall it seems like we're a bit too far out on a limb trying to enable this. In the future if all Rust code, except this inline assembly, uses pointer authentication we'll be in a good spot to reevaluate this perhaps. Until that day though it seems premature to enable this.

Closes #12778

@alexcrichton
Remove pointer authentication from fibers
7017aa6 
This commit removes the pointer authentication instructions from our
fiber implementation. There's more rationale in bytecodealliance#12778 for this but the
basic problems are:

* Android uses the "A" key to sign return addresses, but the "A" key
  differs between threads. This causes resuming fibers across threads to
  crash.
* Rust does not provide the ability to know when pointer authentication
  is enabled, nor does it have a way of enabling pointer authentication
  for generated code on stable.
* We can't currently find reference documentation for which key should
  be used ABI-wise for each target, nor why the Android "A" key is
  changing across threads in the same process.

Overall it seems like we're a bit too far out on a limb trying to enable
this. In the future if all Rust code, except this inline assembly, uses
pointer authentication we'll be in a good spot to reevaluate this
perhaps. Until that day though it seems premature to enable this.

Closes bytecodealliance#12778
@alexcrichton alexcrichton requested a review from cfallin April 16, 2026 01:10
@alexcrichton alexcrichton requested a review from a team as a code owner April 16, 2026 01:10
cfallin
cfallin approved these changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@cfallin cfallin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@cfallin cfallin enabled auto-merge April 16, 2026 01:21
@cfallin cfallin added this pull request to the merge queue Apr 16, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Apr 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cfallin cfallin cfallin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Illegal instruction on arm64 Android, when the wasi-http response body is larger.

2 participants

@alexcrichton @cfallin