[COMMITTED, V2 0/6] SFrame: support for .cfi_negate_ra_state in aarch64

[COMMITTED, V2 0/6] SFrame: support for .cfi_negate_ra_state in aarch64

[Indu Bhagat]

Committed this version with some adjustments as compared to V1.  Both the
changes summarised below are minor in nature.

[Summary of changes in V2]
  - Move the removal of common-empty-4.s test earlier to the patch "gas:
  sframe: add support for .cfi_negate_ra_state" instead of "gas: sframe:
  testsuite: add testcase for .cfi_negate_ra_state".
  - [readelf/objdump] Use marker "[s]" to also designate when return address in
  register is mangled. In V1, we were doing so only for the case when return
  address is saved on stack.
[End of changes in V2]

Thanks,
Indu Bhagat (6):
  sframe.h: add support for .cfi_negate_ra_state
  gas: sframe: add support for .cfi_negate_ra_state
  libsframe: provide new access API for mangled RA bit
  objdump/readelf: sframe: emit marker for FREs with mangled RA
  gas: sframe: testsuite: add testcase for .cfi_negate_ra_state
  sframe: doc: update spec for the mangled-RA bit in FRE

 gas/gen-sframe.c                              | 42 +++++++++++++++----
 gas/gen-sframe.h                              |  6 ++-
 .../gas/cfi-sframe/cfi-sframe-aarch64-2.d     | 20 +++++++++
 ...ommon-empty-4.s => cfi-sframe-aarch64-2.s} |  3 +-
 gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  2 +-
 gas/testsuite/gas/cfi-sframe/common-empty-4.d | 14 -------
 include/sframe-api.h                          |  7 ++++
 include/sframe.h                              | 23 ++++++----
 libsframe/doc/sframe-spec.texi                |  4 +-
 libsframe/sframe-dump.c                       | 11 ++++-
 libsframe/sframe.c                            | 18 ++++++++
 11 files changed, 113 insertions(+), 37 deletions(-)
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-2.d
 rename gas/testsuite/gas/cfi-sframe/{common-empty-4.s => cfi-sframe-aarch64-2.s} (85%)
 delete mode 100644 gas/testsuite/gas/cfi-sframe/common-empty-4.d

-- 
2.37.2

[COMMITTED, V2 1/6] sframe.h: add support for .cfi_negate_ra_state

[Indu Bhagat]

[No Changes in V2]

Use the last remaining bit in the 'SFrame FRE info' word to store whether
the RA is signed/unsigned with PAC authorization code: this bit is named
as the "mangled RA" bit.  This bit is still unused for x86-64.

The behaviour of the mangled-RA info bit in SFrame format closely
follows the behaviour of DW_CFA_AARCH64_negate_ra_state in DWARF.  During
unwinding, whenever an SFrame FRE with non-zero "mangled RA" bit is
encountered, it means the upper bits of the return address contain Pointer
Authentication code.  The unwinder, hence, must use appropriate means to
restore LR correctly in such cases.

include/ChangeLog:

	* sframe.h (SFRAME_V1_FRE_INFO_UPDATE_MANGLED_RA_P): New macro.
	(SFRAME_V1_FRE_MANGLED_RA_P): Likewise.
---
 include/sframe.h | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/include/sframe.h b/include/sframe.h
index 03a2d75dfd3..b2bd41a724e 100644
--- a/include/sframe.h
+++ b/include/sframe.h
@@ -227,11 +227,12 @@ typedef struct sframe_fre_info
      - 2 bits: information about size of the offsets (S) in bytes.
      Valid values are SFRAME_FRE_OFFSET_1B, SFRAME_FRE_OFFSET_2B,
      SFRAME_FRE_OFFSET_4B
-     - 1 bit: Unused.
-     -----------------------------------------------------------------------
-     |  Unused  |  Size of offsets   |   Number of offsets    |   base_reg |
-     -----------------------------------------------------------------------
-     8          7                    5                        1            0
+     - 1 bit: Mangled RA state bit (aarch64 only).
+     ----------------------------------------------------------------------------------
+     | Mangled-RA (aarch64) |  Size of offsets   |   Number of offsets    |   base_reg |
+     |  Unused (amd64)      |                    |                        |            |
+     ----------------------------------------------------------------------------------
+     8                     7                    5                        1            0
 
      */
   uint8_t fre_info;
@@ -239,13 +240,19 @@ typedef struct sframe_fre_info
 
 /* Macros to compose and decompose FRE info.  */
 
+/* Note: Set mangled_ra_p to zero by default.  */
 #define SFRAME_V1_FRE_INFO(base_reg_id, offset_num, offset_size) \
-  ((((offset_size) & 0x3) << 5) | (((offset_num) & 0xf) << 1) | \
-   ((base_reg_id) & 0x1))
+  (((0 & 0x1) << 7) | (((offset_size) & 0x3) << 5) | \
+   (((offset_num) & 0xf) << 1) | ((base_reg_id) & 0x1))
+
+/* Set the mangled_ra_p bit as indicated.  */
+#define SFRAME_V1_FRE_INFO_UPDATE_MANGLED_RA_P(mangled_ra_p, fre_info) \
+  ((((mangled_ra_p) & 0x1) << 7) | ((fre_info) & 0x7f))
 
 #define SFRAME_V1_FRE_CFA_BASE_REG_ID(data)	  ((data) & 0x1)
 #define SFRAME_V1_FRE_OFFSET_COUNT(data)	  (((data) >> 1) & 0xf)
-#define SFRAME_V1_FRE_OFFSET_SIZE(data)	  (((data) >> 5) & 0x3)
+#define SFRAME_V1_FRE_OFFSET_SIZE(data)		  (((data) >> 5) & 0x3)
+#define SFRAME_V1_FRE_MANGLED_RA_P(data)	  (((data) >> 7) & 0x1)
 
 /* SFrame Frame Row Entry definitions.
 
-- 
2.37.2

[COMMITTED, V2 2/6] gas: sframe: add support for .cfi_negate_ra_state

[Indu Bhagat]

[Changes in V2]
  - bugfix: set merge_candidate to false when processing
    DW_CFA_GNU_window_save.
  - Instead of removing common-empty-4.s test in a later commit, remove
    the testcase common-empty-4 here in this commit.
[End of changes in V2]

DW_CFA_AARCH64_negate_ra_state in aarch64 is multiplexed with
DW_CFA_GNU_window_save in the DWARF format.

Remove the common-empty-4 testcase because the generated SFrame section
will not be be empty anymore.  A relevant test will be added in a later
commit.

ChangeLog:

	* gas/gen-sframe.c (sframe_v1_set_fre_info): Add new argument
	for mangled_ra_p.
	(sframe_set_fre_info): Likewise.
	(output_sframe_row_entry): Handle mangled_ra_p.
	(sframe_row_entry_new): Reset mangled_ra_p.
	(sframe_row_entry_initialize): Initialize mangled_ra_p.
	(sframe_xlate_do_gnu_window_save): New definition.
	(sframe_do_cfi_insn): Handle DW_CFA_GNU_window_save.
	* gas/gen-sframe.h (struct sframe_row_entry): New member.
	(struct sframe_version_ops): Add a new argument for
	mangled_ra_p.
	* gas/testsuite/gas/cfi-sframe/cfi-sframe.exp: Remove test.
	* gas/testsuite/gas/cfi-sframe/common-empty-4.d: Removed.
	* gas/testsuite/gas/cfi-sframe/common-empty-4.s: Removed.
---
 gas/gen-sframe.c                              | 42 +++++++++++++++----
 gas/gen-sframe.h                              |  6 ++-
 gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 -
 gas/testsuite/gas/cfi-sframe/common-empty-4.d | 14 -------
 gas/testsuite/gas/cfi-sframe/common-empty-4.s | 17 --------
 5 files changed, 39 insertions(+), 41 deletions(-)
 delete mode 100644 gas/testsuite/gas/cfi-sframe/common-empty-4.d
 delete mode 100644 gas/testsuite/gas/cfi-sframe/common-empty-4.s

diff --git a/gas/gen-sframe.c b/gas/gen-sframe.c
index 075720facd6..9baf20bd873 100644
--- a/gas/gen-sframe.c
+++ b/gas/gen-sframe.c
@@ -243,10 +243,11 @@ static struct sframe_version_ops sframe_ver_ops;
 
 static unsigned char
 sframe_v1_set_fre_info (unsigned int base_reg, unsigned int num_offsets,
-			unsigned int offset_size)
+			unsigned int offset_size, bool mangled_ra_p)
 {
   unsigned char fre_info;
   fre_info = SFRAME_V1_FRE_INFO (base_reg, num_offsets, offset_size);
+  fre_info = SFRAME_V1_FRE_INFO_UPDATE_MANGLED_RA_P (mangled_ra_p, fre_info);
   return fre_info;
 }
 
@@ -275,10 +276,10 @@ sframe_set_version (uint32_t sframe_version __attribute__((unused)))
 
 static unsigned char
 sframe_set_fre_info (unsigned int base_reg, unsigned int num_offsets,
-		     unsigned int offset_size)
+		     unsigned int offset_size, bool mangled_ra_p)
 {
   return sframe_ver_ops.set_fre_info (base_reg, num_offsets,
-					 offset_size);
+				      offset_size, mangled_ra_p);
 }
 
 /* SFrame set func info. */
@@ -507,7 +508,7 @@ output_sframe_row_entry (symbolS *fde_start_addr,
   fre_num_offsets = get_fre_num_offsets (sframe_fre);
   fre_offset_size = sframe_get_fre_offset_size (sframe_fre);
   fre_info = sframe_set_fre_info (fre_base_reg, fre_num_offsets,
-				     fre_offset_size);
+				  fre_offset_size, sframe_fre->mangled_ra_p);
   out_one (fre_info);
 
   idx = sframe_fre_offset_func_map_index (fre_offset_size);
@@ -845,6 +846,9 @@ sframe_row_entry_new (void)
      for the supported arches.  */
   fre->cfa_base_reg = -1;
   fre->merge_candidate = true;
+  /* Reset the mangled RA status bit to zero by default.  We will initialize it in
+     sframe_row_entry_initialize () with the sticky bit if set.  */
+  fre->mangled_ra_p = false;
 
   return fre;
 }
@@ -890,6 +894,9 @@ sframe_row_entry_initialize (struct sframe_row_entry *cur_fre,
   cur_fre->bp_offset = prev_fre->bp_offset;
   cur_fre->ra_loc = prev_fre->ra_loc;
   cur_fre->ra_offset = prev_fre->ra_offset;
+  /* Treat RA mangling as a sticky bit.  It retains its value until another
+     .cfi_negate_ra_state is seen.  */
+  cur_fre->mangled_ra_p = prev_fre->mangled_ra_p;
 }
 
 /* Translate DW_CFA_advance_loc into SFrame context.
@@ -1150,6 +1157,23 @@ sframe_xlate_do_restore (struct sframe_xlate_ctx *xlate_ctx,
   return SFRAME_XLATE_OK;
 }
 
+/* Translate DW_CFA_GNU_window_save into SFrame context.
+   Return SFRAME_XLATE_OK if success.  */
+
+static int
+sframe_xlate_do_gnu_window_save (struct sframe_xlate_ctx *xlate_ctx,
+				 struct cfi_insn_data *cfi_insn ATTRIBUTE_UNUSED)
+{
+  struct sframe_row_entry *cur_fre = xlate_ctx->cur_fre;
+
+  gas_assert (cur_fre);
+  /* Toggle the mangled RA status bit.  */
+  cur_fre->mangled_ra_p = !cur_fre->mangled_ra_p;
+  cur_fre->merge_candidate = false;
+
+  return SFRAME_XLATE_OK;
+}
+
 /* Process CFI_INSN and update the translation context with the FRE
    information.
 
@@ -1195,6 +1219,11 @@ sframe_do_cfi_insn (struct sframe_xlate_ctx *xlate_ctx,
     case DW_CFA_restore:
       err = sframe_xlate_do_restore (xlate_ctx, cfi_insn);
       break;
+    /* DW_CFA_AARCH64_negate_ra_state is multiplexed with
+       DW_CFA_GNU_window_save.  */
+    case DW_CFA_GNU_window_save:
+      err = sframe_xlate_do_gnu_window_save (xlate_ctx, cfi_insn);
+      break;
     case DW_CFA_undefined:
     case DW_CFA_same_value:
       break;
@@ -1207,10 +1236,7 @@ sframe_do_cfi_insn (struct sframe_xlate_ctx *xlate_ctx,
 	    - ...
 
 	   Following skipped operations do, however, impact the asynchronicity:
-	     - CFI_escape,
-	     - DW_CFA_GNU_window_save,
-	     - DW_CFA_AARCH64_negate_ra_state (multiplexed with
-	       DW_CFA_GNU_window_save)  */
+	     - CFI_escape  */
 
 	err = SFRAME_XLATE_ERR_NOTREPRESENTED;
 	// printf (_("SFrame Unsupported or unknown Dwarf CFI number: %#x\n"), op);
diff --git a/gas/gen-sframe.h b/gas/gen-sframe.h
index 93af499278c..5d5702a57ca 100644
--- a/gas/gen-sframe.h
+++ b/gas/gen-sframe.h
@@ -50,6 +50,9 @@ struct sframe_row_entry
      on it.  */
   bool merge_candidate;
 
+  /* Whether the return address is mangled with pauth code.  */
+  bool mangled_ra_p;
+
   /* Track CFA base (architectural) register ID.  */
   unsigned int cfa_base_reg;
   /* Offset from the CFA base register for recovering CFA.  */
@@ -140,7 +143,8 @@ struct sframe_version_ops
 {
   unsigned char format_version;    /* SFrame format version.  */
   /* set SFrame FRE info.  */
-  unsigned char (*set_fre_info) (unsigned int, unsigned int, unsigned int);
+  unsigned char (*set_fre_info) (unsigned int, unsigned int, unsigned int,
+				 bool);
   /* set SFrame Func info.  */
   unsigned char (*set_func_info) (unsigned int, unsigned int);
 };
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
index eb6da614c2f..8129e86ccce 100644
--- a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
@@ -82,7 +82,6 @@ if  { ([istarget "x86_64-*-*"] || [istarget "aarch64*-*-*"]) \
     run_dump_test "common-empty-1"
     run_dump_test "common-empty-2"
     run_dump_test "common-empty-3"
-    run_dump_test "common-empty-4"
 }
 
 # x86-64 specific tests
diff --git a/gas/testsuite/gas/cfi-sframe/common-empty-4.d b/gas/testsuite/gas/cfi-sframe/common-empty-4.d
deleted file mode 100644
index f7a6062d392..00000000000
--- a/gas/testsuite/gas/cfi-sframe/common-empty-4.d
+++ /dev/null
@@ -1,14 +0,0 @@
-#as: --gsframe
-#objdump: --sframe=.sframe
-#name: SFrame supports only default return column
-#...
-Contents of the SFrame section .sframe:
-
-  Header :
-
-    Version: SFRAME_VERSION_1
-    Flags: NONE
-    Num FDEs: 0
-    Num FREs: 0
-
-#pass
diff --git a/gas/testsuite/gas/cfi-sframe/common-empty-4.s b/gas/testsuite/gas/cfi-sframe/common-empty-4.s
deleted file mode 100644
index f97ca2f7ff9..00000000000
--- a/gas/testsuite/gas/cfi-sframe/common-empty-4.s
+++ /dev/null
@@ -1,17 +0,0 @@
-## ARMv8.3 addded support a new security feature named Pointer Authentication. The
-## main idea behind this is to use the unused bits in the pointer values.
-## Each pointer is patched with a PAC before writing to memory, and is verified
-## before using it.
-## When the pointers are mangled, the unwinder needs to know so it can mask off
-## the PAC from the pointer value to recover the return address, and
-## conversely, skip doing so if the pointers are not mangled.
-##
-## .cfi_negate_ra_state CFI directive is used to convey this information.
-##
-## SFrame does not have any means to represent this information at this time.
-	.cfi_startproc
-	.long 0
-	.cfi_def_cfa_offset 16
-	.cfi_negate_ra_state
-	.long 0
-	.cfi_endproc
-- 
2.37.2

[COMMITTED, V2 3/6] libsframe: provide new access API for mangled RA bit

[Indu Bhagat]

[No Change in V2]

include/ChangeLog:

	* sframe-api.h (sframe_fre_get_ra_mangled_p): New declaration.

ChangeLog:

	* libsframe/sframe.c (sframe_get_fre_ra_mangled_p): New
	definition.
	(sframe_fre_get_ra_mangled_p): New static function.
---
 include/sframe-api.h |  7 +++++++
 libsframe/sframe.c   | 18 ++++++++++++++++++
 2 files changed, 25 insertions(+)

diff --git a/include/sframe-api.h b/include/sframe-api.h
index c9db39eaaf0..bd1833558a4 100644
--- a/include/sframe-api.h
+++ b/include/sframe-api.h
@@ -21,6 +21,7 @@
 #define	_SFRAME_API_H
 
 #include <sframe.h>
+#include <stdbool.h>
 
 #ifdef	__cplusplus
 extern "C"
@@ -184,6 +185,12 @@ extern int32_t
 sframe_fre_get_ra_offset (sframe_decoder_ctx *dctx,
 			  sframe_frame_row_entry *fre, int *errp);
 
+/* Get whether the RA is mangled.  */
+
+extern bool
+sframe_fre_get_ra_mangled_p (sframe_decoder_ctx *dctx,
+			     sframe_frame_row_entry *fre, int *errp);
+
 /* The SFrame Encoder.  */
 
 /* Create an encoder context with the given SFrame format version VER, FLAGS
diff --git a/libsframe/sframe.c b/libsframe/sframe.c
index b17d3234236..b8fde2f04f8 100644
--- a/libsframe/sframe.c
+++ b/libsframe/sframe.c
@@ -124,6 +124,12 @@ sframe_fre_get_offset_size (unsigned char fre_info)
   return SFRAME_V1_FRE_OFFSET_SIZE (fre_info);
 }
 
+static bool
+sframe_get_fre_ra_mangled_p (unsigned char fre_info)
+{
+  return SFRAME_V1_FRE_MANGLED_RA_P (fre_info);
+}
+
 /* Access functions for info from function descriptor entry.  */
 
 static unsigned int
@@ -640,6 +646,18 @@ sframe_fre_get_ra_offset (sframe_decoder_ctx *dctx,
   return sframe_get_fre_offset (fre, SFRAME_FRE_RA_OFFSET_IDX, errp);
 }
 
+/* Get whether the RA is mangled.  */
+
+bool
+sframe_fre_get_ra_mangled_p (sframe_decoder_ctx *dctx ATTRIBUTE_UNUSED,
+			     sframe_frame_row_entry *fre, int *errp)
+{
+  if (fre == NULL || !sframe_fre_sanity_check_p (fre))
+    return sframe_set_errno (errp, SFRAME_ERR_FRE_INVAL);
+
+  return sframe_get_fre_ra_mangled_p (fre->fre_info);
+}
+
 static int
 sframe_frame_row_entry_copy (sframe_frame_row_entry *dst, sframe_frame_row_entry *src)
 {
-- 
2.37.2

[COMMITTED, V2 4/6] objdump/readelf: sframe: emit marker for FREs with mangled RA

[Indu Bhagat]

[Chnages in V2]
  - Emit "[s]" marker also when return address is in a register.
[End of changes in V2]

In the textual dump of the SFrame section, when an SFrame FRE recovers a
mangled RA, use string "[s]" in the output to indicate that the return
address is a signed (mangled) one.

ChangeLog:

        * libsframe/sframe-dump.c (dump_sframe_func_with_fres): Postfix
	with "[s]" if RA is signed with authorization code.
---
 libsframe/sframe-dump.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/libsframe/sframe-dump.c b/libsframe/sframe-dump.c
index 5b063c9962d..5f778bee338 100644
--- a/libsframe/sframe-dump.c
+++ b/libsframe/sframe-dump.c
@@ -116,7 +116,7 @@ dump_sframe_func_with_fres (sframe_decoder_ctx *sfd_ctx,
   char temp[100];
   memset (temp, 0, 100);
 
-  printf ("\n    %-7s%-8s %-10s%-10s%-10s", "STARTPC", fde_type_marker, "CFA", "FP", "RA");
+  printf ("\n    %-7s%-8s %-10s%-10s%-13s", "STARTPC", fde_type_marker, "CFA", "FP", "RA");
   for (j = 0; j < num_fres; j++)
     {
       sframe_decoder_get_fre (sfd_ctx, funcidx, j, &fre);
@@ -152,7 +152,14 @@ dump_sframe_func_with_fres (sframe_decoder_ctx *sfd_ctx,
 	sprintf (temp, "c%+d", ra_offset);
       else
 	strcpy (temp, "u");
-      printf ("%-10s", temp);
+      /* Mark SFrame FRE's RA information with "[s]" if the RA is mangled
+	 with signature bits.  */
+      const char *ra_mangled_p_str
+	= ((sframe_fre_get_ra_mangled_p (sfd_ctx, &fre, &err[2]))
+	   ? "[s]" : "   ");
+      size_t ra_mangled_p_str_size = strlen (ra_mangled_p_str);
+      strncat (temp, ra_mangled_p_str, ra_mangled_p_str_size);
+      printf ("%-13s", temp);
     }
 }
 
-- 
2.37.2

[COMMITTED, V2 5/6] gas: sframe: testsuite: add testcase for .cfi_negate_ra_state

[Indu Bhagat]

[Changes in V2]
  - Split out a subset of this commit deleting testcase to a previous
    commit.
[End of changes in V2]

Add a new test to check that .cfi_negate_ra_state on aarch64 is handled
well (a non-empty SFrame section with valid SFrame FREs is generated).

ChangeLog:

	* testsuite/gas/cfi-sframe/cfi-sframe-aarch64-2.d: New test.
	* testsuite/gas/cfi-sframe/cfi-sframe-aarch64-2.s: Likewise.
	* testsuite/gas/cfi-sframe/cfi-sframe.exp: Adjust the list
	accordingly.
---
 .../gas/cfi-sframe/cfi-sframe-aarch64-2.d     | 20 +++++++++++++++++++
 .../gas/cfi-sframe/cfi-sframe-aarch64-2.s     | 18 +++++++++++++++++
 gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
 3 files changed, 39 insertions(+)
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-2.d
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-2.s

diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-2.d b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-2.d
new file mode 100644
index 00000000000..985f51fcda9
--- /dev/null
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-2.d
@@ -0,0 +1,20 @@
+#as: --gsframe
+#objdump: --sframe=.sframe
+#name: SFrame cfi_negate_ra_state test
+#...
+Contents of the SFrame section .sframe:
+
+  Header :
+
+    Version: SFRAME_VERSION_1
+    Flags: NONE
+    Num FDEs: 1
+    Num FREs: 2
+
+  Function Index :
+    func idx \[0\]: pc = 0x0, size = 8 bytes
+    STARTPC + CFA + FP + RA +
+#...
+    0+0004 +sp\+16 +u +u\[s\] +
+
+#pass
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-2.s b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-2.s
new file mode 100644
index 00000000000..8106c937b39
--- /dev/null
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-2.s
@@ -0,0 +1,18 @@
+## ARMv8.3 addded support a new security feature named Pointer Authentication. The
+## main idea behind this is to use the unused bits in the pointer values.
+## Each pointer is patched with a PAC before writing to memory, and is verified
+## before using it.
+## When the pointers are mangled, the unwinder needs to know so it can mask off
+## the PAC from the pointer value to recover the return address, and
+## conversely, skip doing so if the pointers are not mangled.
+##
+## .cfi_negate_ra_state CFI directive is used to convey this information.
+##
+## SFrame has support for this. This testcase ensures that the directive
+## is interpreted successfully.
+	.cfi_startproc
+	.long 0
+	.cfi_def_cfa_offset 16
+	.cfi_negate_ra_state
+	.long 0
+	.cfi_endproc
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
index 8129e86ccce..f001fad0e8e 100644
--- a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
@@ -96,4 +96,5 @@ if { [istarget "x86_64-*-*"] && [gas_sframe_check] } then {
 # aarch64 specific tests
 if { [istarget "aarch64*-*-*"] && [gas_sframe_check] } then {
     run_dump_test "cfi-sframe-aarch64-1"
+    run_dump_test "cfi-sframe-aarch64-2"
 }
-- 
2.37.2

[COMMITTED, V2 6/6] sframe: doc: update spec for the mangled-RA bit in FRE

[Indu Bhagat]

[No changes in V2]

ChangeLog:

	* libsframe/doc/sframe-spec.texi
---
 libsframe/doc/sframe-spec.texi | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libsframe/doc/sframe-spec.texi b/libsframe/doc/sframe-spec.texi
index 0559d7c3882..fa66d801dd3 100644
--- a/libsframe/doc/sframe-spec.texi
+++ b/libsframe/doc/sframe-spec.texi
@@ -566,8 +566,8 @@ The SFrame FRE info word is a bitfield split into four parts.  From MSB to LSB:
 @multitable {Bit offset} {@code{fre_cfa_base_reg_id}} {Size of stack offsets in bytes.  Valid values}
 @headitem Bit offset @tab Name @tab Description
 @item 7
-@tab @code{unused}
-@tab Unused bit.
+@tab @code{fre_mangled_ra_p}
+@tab Indicate whether the return address is mangled with any authorization bits (signed RA).
 
 @item 5-6
 @tab @code{fre_offset_size}
-- 
2.37.2