[PATCH v3 0/4] aarch64: add DWARF and SFrame support for new CFI directive used for PAuth_LR

[PATCH v3 0/4] aarch64: add DWARF and SFrame support for new CFI directive used for PAuth_LR

[Matthieu Longo]

This patch series is based on the feedback obtained from previous reviews [1] and [2].
This is in no way a complete implementation of PAuth_LR, and only focuses on DWARF and SFrame.

## Context:

The Pointer Authentication (PAuth) feature provides instructions that enable software to sign an address using SP as a diversifier. This form of PAC instruction is typically used for signing return addresses that are stored on the stack.
The new Armv9.5-A architecture introduces an enhancement of the previous PAuth feature, called PAuth_LR. It aims at hardening the PAC in a signed return address. When signing the return address in LR, the PC is used as a diversifier, in addition to the SP to generate the PAC code.

## Details

1. Patches 1/4 and 2/4 clarify which CFI directive should be used on AArch64 for PAuth. In GCC 14 and older, the AArch64 GCC backend emits a directive corresponding to a Sparc DWARF extension (".cfi_gnu_window_save" instead of ".cfi_negate_ra_state"). This behavior contradicts the document for DWARF extensions on AArch64 (see [3]). In practice, this behavior didn't have any consequence as the two CFI directives share the same binary encoding (0x2d), but from a developer perspective, created confusion when looking at the generated assembly. This issue was fixed in GCC 15 [4], but this behavior is preserved in binutils for backward compatibility with older versions of GCC.
2. Patch 3/4 defines the new CFI directive .cfi_negate_ra_state_with_pc for PAuth_LR, and adds support for it into DWARF.
3. Patch 4/4 skips the new CFI directive and emits a warning, before failing to generate the FDE entry.

Regression tested on aarch64-none-linux-gnu, and no regression found.

Ok for binutils-master?

Regards,
Matthieu.

[1]: https://inbox.sourceware.org/binutils/20241108152505.3554049-1-matthieu.longo@arm.com/
[2]: https://inbox.sourceware.org/binutils/20241125162846.94691-1-matthieu.longo@arm.com/
[3]: https://github.com/ARM-software/abi-aa/blob/main/aadwarf64/aadwarf64.rst#id1
[4]: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=9e1c71bab50d51a1a8ec1a75080ffde6ca3d854c

Diff from v1:
- patch 1: Address Indu Bhagat's comment regarding "dot, space, space, new sentence" issues in the comment block.
- patch 2: No change.
- patch 3: Address Jan Beulich's comment regarding the order of the declaration of DWARF directives in include/dwarf2.def
           The second comment regarding the guard for architecture-specific CFI directives will be addressed in a follow-up patch series.
- patch 4: No change.

Diff from v2:
- patch 1: Improve comment about backward compatibility test for .cfi_window_save as suggested by Richard Earnshaw in v1.
- patch 2: Idem.

Matthieu Longo (4):
  aarch64: make explicit that CFI gnu_window_save is for Sparc, not AArch64
  aarch64 SFrame: use preferred CFI directive for AArch64 PAC
  aarch64 DWARF: add new CFI directive for PAuth_LR
  aarch64 SFrame: skip with warning new CFI directive used with pauth_lr

 bfd/elf-eh-frame.c                            |  1 +
 binutils/dwarf.c                              |  5 +++
 gas/dw2gencfi.c                               | 10 +++++
 gas/gen-sframe.c                              | 24 +++++++++-
 gas/scfidw2gen.c                              |  1 +
 gas/testsuite/gas/aarch64/pac_ab_key.s        |  4 +-
 .../gas/aarch64/pac_compat_cfi_window_save.d  | 44 +++++++++++++++++++
 .../gas/aarch64/pac_compat_cfi_window_save.s  | 20 +++++++++
 .../gas/cfi-sframe/cfi-sframe-aarch64-3.d     | 20 +++++++++
 .../gas/cfi-sframe/cfi-sframe-aarch64-3.s     | 26 +++++++++++
 .../gas/cfi-sframe/cfi-sframe-aarch64-4.d     | 25 +++++++++++
 .../gas/cfi-sframe/cfi-sframe-aarch64-4.s     | 23 ++++++++++
 .../cfi-sframe-aarch64-pac-ab-key-1.s         |  8 ++--
 gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  2 +
 include/dwarf2.def                            |  2 +
 15 files changed, 208 insertions(+), 7 deletions(-)
 create mode 100644 gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.d
 create mode 100644 gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.s
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.d
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.s
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s

-- 
2.47.1

[PATCH v3 1/4] aarch64: make explicit that CFI gnu_window_save is for Sparc, not AArch64

[Matthieu Longo]

- add a detailed comment when parsing DW_CFA_GNU_window_save in SFrame to
  explain why we are checking whether the targeted architecture is AArch64,
  whereas this CFI is a Sparc extension.
- replace .cfi_gnu_window_save by .cfi_negate_ra_state in existing AArch64
  DWARF tests as this is the preferred directive since GCC 15.
- add a new AARch64 test to check backward compatibility with old GCC
  versions that emits .cfi_gnu_window_save.
---
 gas/gen-sframe.c                              |  8 +++-
 gas/testsuite/gas/aarch64/pac_ab_key.s        |  4 +-
 .../gas/aarch64/pac_compat_cfi_window_save.d  | 44 +++++++++++++++++++
 .../gas/aarch64/pac_compat_cfi_window_save.s  | 20 +++++++++
 4 files changed, 73 insertions(+), 3 deletions(-)
 create mode 100644 gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.d
 create mode 100644 gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.s

diff --git a/gas/gen-sframe.c b/gas/gen-sframe.c
index 71296f2f4fb..a3c40bdd735 100644
--- a/gas/gen-sframe.c
+++ b/gas/gen-sframe.c
@@ -1273,7 +1273,13 @@ sframe_xlate_do_aarch64_negate_ra_state (struct sframe_xlate_ctx *xlate_ctx,
 }
 
 /* Translate DW_CFA_GNU_window_save into SFrame context.
-   DW_CFA_AARCH64_negate_ra_state is multiplexed with DW_CFA_GNU_window_save.
+   DW_CFA_GNU_window_save is a DWARF Sparc extension, but is multiplexed with a
+   directive of DWARF AArch64 extension: DW_CFA_AARCH64_negate_ra_state.
+   The AArch64 backend of GCC 14 and older versions was emitting mistakenly the
+   Sparc CFI directive (.cfi_window_save).  From GCC 15, the AArch64 backend
+   only emits .cfi_negate_ra_state.  For backward compatibility, the handler for
+   .cfi_window_save needs to check whether the directive was used in a AArch ABI
+   context or not.
    Return SFRAME_XLATE_OK if success.  */
 
 static int
diff --git a/gas/testsuite/gas/aarch64/pac_ab_key.s b/gas/testsuite/gas/aarch64/pac_ab_key.s
index 4b328e72ae4..3b81919409d 100644
--- a/gas/testsuite/gas/aarch64/pac_ab_key.s
+++ b/gas/testsuite/gas/aarch64/pac_ab_key.s
@@ -7,7 +7,7 @@ _Z5foo_av:
 .LFB0:
 	.cfi_startproc
 	hint	25 // paciasp
-	.cfi_window_save
+	.cfi_negate_ra_state
 	stp	x29, x30, [sp, -16]!
 	.cfi_def_cfa_offset 16
 	.cfi_offset 29, -16
@@ -23,7 +23,7 @@ _Z5foo_bv:
 	.cfi_startproc
 	.cfi_b_key_frame
 	hint	27 // pacibsp
-	.cfi_window_save
+	.cfi_negate_ra_state
 	stp	x29, x30, [sp, -16]!
 	.cfi_def_cfa_offset 16
 	.cfi_offset 29, -16
diff --git a/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.d b/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.d
new file mode 100644
index 00000000000..8e59086c1b4
--- /dev/null
+++ b/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.d
@@ -0,0 +1,44 @@
+#objdump: --dwarf=frames
+# This test is only valid on ELF based ports.
+#notarget: *-*-*coff *-*-pe *-*-wince *-*-*aout* *-*-netbsd
+
+## ARMv8.3 adds support for a new security feature named Pointer Authentication.
+## The main idea behind this is to use the unused bits in the pointer values.
+## Each pointer is patched with a PAC before writing to memory, and is verified
+## before using it.
+## When the pointers are mangled, the stack trace generator needs to know so it
+## can mask off the PAC from the pointer value to recover the return address,
+## and conversely, skip doing so if the pointers are not mangled.
+##
+## .cfi_negate_ra_state CFI directive is usually used to convey this information.
+## .cfi_negate_ra_state and .cfi_window_save are both in the processor-specific
+## numbering space, but use the same code value in the dwarf tables.
+## In GCC 14 and older, the Sparc DWARF extension .cfi_window_save is emitted
+## instead of .cfi_negate_ra_state, but it mapped to the same value. GCC 15 fixed
+## this naming issue and there is no change to the object file created when the
+## source is assembled. Nevertheless the support for the SPARC directive is
+## preserved in binutils for backward compatibility with existing GCC releases,
+## hence this test.
+
+.+:     file .+
+
+Contents of the .eh_frame section:
+
+0+ 0+10 0+ CIE
+  Version:               1
+  Augmentation:          "zR"
+  Code alignment factor: 4
+  Data alignment factor: -8
+  Return address column: 30
+  Augmentation data:     1b
+  DW_CFA_def_cfa: r31 \(sp\) ofs 0
+
+0+14 0+18 0+18 FDE cie=0+ pc=0+\.\.0+8
+  DW_CFA_advance_loc: 4 to 0+4
+  DW_CFA_AARCH64_negate_ra_state
+  DW_CFA_advance_loc: 4 to 0+8
+  DW_CFA_def_cfa_offset: 16
+  DW_CFA_offset: r29 \(x29\) at cfa-16
+  DW_CFA_offset: r30 \(x30\) at cfa-8
+  DW_CFA_nop
+  DW_CFA_nop
diff --git a/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.s b/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.s
new file mode 100644
index 00000000000..92a54f3a344
--- /dev/null
+++ b/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.s
@@ -0,0 +1,20 @@
+	.arch armv8-a
+	.text
+	.align	2
+	.global	_Z5foo_av
+	.type	_Z5foo_av, %function
+_Z5foo_av:
+.LFB0:
+	.cfi_startproc
+	hint	25 // paciasp
+	.cfi_window_save // really .cfi_negate_ra_state
+	stp	x29, x30, [sp, -16]!
+	.cfi_def_cfa_offset 16
+	.cfi_offset 29, -16
+	.cfi_offset 30, -8
+	.cfi_endproc
+.LFE0:
+	.size	_Z5foo_av, .-_Z5foo_av
+	.align	2
+	.global	_Z5foo_bv
+	.type	_Z5foo_bv, %function
-- 
2.47.1

[PATCH v3 2/4] aarch64 SFrame: use preferred CFI directive for AArch64 PAC

[Matthieu Longo]

ARMv8.3 addded support for a new security feature named Pointer
Authentication. Support for this feature in SFrame already exists,
but is relying on the deprecated "AArch64" (actually Sparc) CFI
directive .cfi_gnu_window_save. .cfi_negate_ra_state CFI directive
should be used instead to convey this information.

In GCC 14 and older, the Sparc DWARF extension .cfi_gnu_window_save
is emitted instead of .cfi_negate_ra_state.
GCC 15 fixed this issue, but this behavior is preserved for backward
compatibility.

The existing sframe test for AArch64 PAC was using .cfi_gnu_window_save.
This patch replaces this CFI in the existing test by the preferred one,
and adds a new test to check for backward compatibility when using
.cfi_gnu_window_save.
---
 .../gas/cfi-sframe/cfi-sframe-aarch64-3.d     | 20 ++++++++++++++
 .../gas/cfi-sframe/cfi-sframe-aarch64-3.s     | 26 +++++++++++++++++++
 .../cfi-sframe-aarch64-pac-ab-key-1.s         |  8 +++---
 gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
 4 files changed, 51 insertions(+), 4 deletions(-)
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.d
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.s

diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.d b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.d
new file mode 100644
index 00000000000..f72b70a970a
--- /dev/null
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.d
@@ -0,0 +1,20 @@
+#as: --gsframe
+#objdump: --sframe=.sframe
+#name: SFrame cfi_negate_ra_state test (using cfi_window_save)
+#...
+Contents of the SFrame section .sframe:
+
+  Header :
+
+    Version: SFRAME_VERSION_2
+    Flags: NONE
+    Num FDEs: 1
+    Num FREs: 2
+
+  Function Index :
+    func idx \[0\]: pc = 0x0, size = 8 bytes
+    STARTPC + CFA + FP + RA +
+#...
+    0+0004 +sp\+16 +u +u\[s\] +
+
+#pass
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.s b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.s
new file mode 100644
index 00000000000..de96b2071a5
--- /dev/null
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.s
@@ -0,0 +1,26 @@
+## ARMv8.3 adds support for a new security feature named Pointer Authentication.
+## The main idea behind this is to use the unused bits in the pointer values.
+## Each pointer is patched with a PAC before writing to memory, and is verified
+## before using it.
+## When the pointers are mangled, the stack trace generator needs to know so it
+## can mask off the PAC from the pointer value to recover the return address,
+## and conversely, skip doing so if the pointers are not mangled.
+##
+## .cfi_negate_ra_state CFI directive is usually used to convey this information.
+## .cfi_negate_ra_state and .cfi_window_save are both in the processor-specific
+## numbering space, but use the same code value in the dwarf tables.
+## In GCC 14 and older, the Sparc DWARF extension .cfi_window_save is emitted
+## instead of .cfi_negate_ra_state, but it mapped to the same value. GCC 15 fixed
+## this naming issue and there is no change to the object file created when the
+## source is assembled. Nevertheless the support for the SPARC directive is
+## preserved in binutils for backward compatibility with existing GCC releases,
+## hence this test.
+##
+## SFrame has support for this. This testcase ensures that the directive
+## is interpreted successfully.
+	.cfi_startproc
+	.long 0
+	.cfi_def_cfa_offset 16
+	.cfi_window_save // really .cfi_negate_ra_state
+	.long 0
+	.cfi_endproc
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
index d9a408c668c..84230a99e3c 100644
--- a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
@@ -8,12 +8,12 @@ _Z5foo_av:
 .LFB0:
 	.cfi_startproc
 	hint	25 // paciasp
-	.cfi_window_save
+	.cfi_negate_ra_state
 	stp	x29, x30, [sp, -16]!
 	.cfi_def_cfa_offset 16
 	.cfi_offset 29, -16
 	.cfi_offset 30, -8
-        ret
+	ret
 	.cfi_endproc
 .LFE0:
 	.size	_Z5foo_av, .-_Z5foo_av
@@ -25,12 +25,12 @@ _Z5foo_bv:
 	.cfi_startproc
 	.cfi_b_key_frame
 	hint	27 // pacibsp
-	.cfi_window_save
+	.cfi_negate_ra_state
 	stp	x29, x30, [sp, -16]!
 	.cfi_def_cfa_offset 16
 	.cfi_offset 29, -16
 	.cfi_offset 30, -8
 	nop
 	nop
-        ret
+	ret
 	.cfi_endproc
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
index 48eb0ed2182..1de2c9f8037 100644
--- a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
@@ -97,5 +97,6 @@ if { [istarget "x86_64-*-*"] && [gas_sframe_check] } then {
 if { [istarget "aarch64*-*-*"] && [gas_sframe_check] } then {
     run_dump_test "cfi-sframe-aarch64-1"
     run_dump_test "cfi-sframe-aarch64-2"
+    run_dump_test "cfi-sframe-aarch64-3"
     run_dump_test "cfi-sframe-aarch64-pac-ab-key-1"
 }
-- 
2.47.1

[PATCH v3 3/4] aarch64 DWARF: add new CFI directive for PAuth_LR

[Matthieu Longo]

This patch adds a new CFI directive (cfi_negate_ra_state_with_pc) which
set an additional bit in the RA state to inform that RA was signed with
SP but also PC as an additional diversifier.

RA state | Description
0b00     | Return address not signed (default if no cfi_negate_ra_state*)
0b01     | Return address signed with SP (cfi_negate_ra_state)
0b10     | Invalid state
0b11     | Return address signed with SP+PC (cfi_negate_ra_state_with_pc)
---
 bfd/elf-eh-frame.c |  1 +
 binutils/dwarf.c   |  5 +++++
 gas/dw2gencfi.c    | 10 ++++++++++
 gas/scfidw2gen.c   |  1 +
 include/dwarf2.def |  2 ++
 5 files changed, 19 insertions(+)

diff --git a/bfd/elf-eh-frame.c b/bfd/elf-eh-frame.c
index d903e27a676..b6f5078bb33 100644
--- a/bfd/elf-eh-frame.c
+++ b/bfd/elf-eh-frame.c
@@ -359,6 +359,7 @@ skip_cfa_op (bfd_byte **iter, bfd_byte *end, unsigned int encoded_ptr_width)
     case DW_CFA_remember_state:
     case DW_CFA_restore_state:
     case DW_CFA_GNU_window_save:
+    case DW_CFA_AARCH64_negate_ra_state_with_pc:
       /* No arguments.  */
       return true;
 
diff --git a/binutils/dwarf.c b/binutils/dwarf.c
index 626efb2eb9a..8e004cea839 100644
--- a/binutils/dwarf.c
+++ b/binutils/dwarf.c
@@ -10408,6 +10408,11 @@ display_debug_frames (struct dwarf_section *section,
 	      fc->pc_begin += ofs;
 	      break;
 
+	    case DW_CFA_AARCH64_negate_ra_state_with_pc:
+	      if (! do_debug_frames_interp)
+		printf ("  DW_CFA_AARCH64_negate_ra_state_with_pc\n");
+	      break;
+
 	    case DW_CFA_GNU_window_save:
 	      if (! do_debug_frames_interp)
 		printf ("  %s\n", DW_CFA_GNU_window_save_name[is_aarch64]);
diff --git a/gas/dw2gencfi.c b/gas/dw2gencfi.c
index fbeb697af09..c984d8326d0 100644
--- a/gas/dw2gencfi.c
+++ b/gas/dw2gencfi.c
@@ -714,6 +714,7 @@ const pseudo_typeS cfi_pseudo_table[] =
     { "cfi_restore_state", dot_cfi, DW_CFA_restore_state },
     { "cfi_window_save", dot_cfi, DW_CFA_GNU_window_save },
     { "cfi_negate_ra_state", dot_cfi, DW_CFA_AARCH64_negate_ra_state },
+    { "cfi_negate_ra_state_with_pc", dot_cfi, DW_CFA_AARCH64_negate_ra_state_with_pc },
     { "cfi_escape", dot_cfi_escape, 0 },
     { "cfi_signal_frame", dot_cfi, CFI_signal_frame },
     { "cfi_personality", dot_cfi_personality, 0 },
@@ -914,6 +915,10 @@ dot_cfi (int arg)
       cfi_add_CFA_insn (DW_CFA_GNU_window_save);
       break;
 
+    case DW_CFA_AARCH64_negate_ra_state_with_pc:
+      cfi_add_CFA_insn (DW_CFA_AARCH64_negate_ra_state_with_pc);
+      break;
+
     case CFI_signal_frame:
       frchain_now->frch_cfi_data->cur_fde_data->signal_frame = 1;
       break;
@@ -1754,6 +1759,10 @@ output_cfi_insn (struct cfi_insn_data *insn)
       out_one (DW_CFA_GNU_window_save);
       break;
 
+    case DW_CFA_AARCH64_negate_ra_state_with_pc:
+      out_one (DW_CFA_AARCH64_negate_ra_state_with_pc);
+      break;
+
     case CFI_escape:
       {
 	struct cfi_escape_data *e;
@@ -2212,6 +2221,7 @@ cfi_change_reg_numbers (struct cfi_insn_data *insn, segT ccseg)
 	case DW_CFA_remember_state:
 	case DW_CFA_restore_state:
 	case DW_CFA_GNU_window_save:
+	case DW_CFA_AARCH64_negate_ra_state_with_pc:
 	case CFI_escape:
 	case CFI_label:
 	  break;
diff --git a/gas/scfidw2gen.c b/gas/scfidw2gen.c
index 7463207e170..9b3ad4b13e0 100644
--- a/gas/scfidw2gen.c
+++ b/gas/scfidw2gen.c
@@ -113,6 +113,7 @@ const pseudo_typeS scfi_pseudo_table[] =
     { "cfi_restore_state", dot_scfi_ignore, 0 },
     { "cfi_window_save", dot_scfi_ignore, 0 },
     { "cfi_negate_ra_state", dot_scfi_ignore, 0 },
+    { "cfi_negate_ra_state_with_pc", dot_scfi_ignore, 0 },
     { "cfi_escape", dot_scfi_ignore, 0 },
     { "cfi_personality", dot_scfi_ignore, 0 },
     { "cfi_personality_id", dot_scfi_ignore, 0 },
diff --git a/include/dwarf2.def b/include/dwarf2.def
index 63cb35560e7..477b2ca20c0 100644
--- a/include/dwarf2.def
+++ b/include/dwarf2.def
@@ -785,6 +785,8 @@ DW_CFA (DW_CFA_hi_user, 0x3f)
 
 /* SGI/MIPS specific.  */
 DW_CFA (DW_CFA_MIPS_advance_loc8, 0x1d)
+/* AArch64 extensions. */
+DW_CFA (DW_CFA_AARCH64_negate_ra_state_with_pc, 0x2c)
 /* GNU extensions.
    NOTE: DW_CFA_GNU_window_save is multiplexed on Sparc and AArch64.  */
 DW_CFA (DW_CFA_GNU_window_save, 0x2d)
-- 
2.47.1

[PATCH v3 4/4] aarch64 SFrame: skip with warning new CFI directive used with pauth_lr

[Matthieu Longo]

Today, SFrame v2 specification does not describe how to encode the
information corresponding to the PAC signing method.
SFrame v3 specification should hopefully specify it.

In the meantime, if the GNU assembler finds .cfi_negate_ra_state_with_pc
and --gsframe is specified, it will output a warning to the user and
will fail to generate the FDE entry.

A new SFrame test for .cfi_negate_ra_state_with_pc is also added to
reflect this issue.
---
 gas/gen-sframe.c                              | 16 ++++++++++++
 .../gas/cfi-sframe/cfi-sframe-aarch64-4.d     | 25 +++++++++++++++++++
 .../gas/cfi-sframe/cfi-sframe-aarch64-4.s     | 23 +++++++++++++++++
 gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
 4 files changed, 65 insertions(+)
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s

diff --git a/gas/gen-sframe.c b/gas/gen-sframe.c
index a3c40bdd735..e96b7c02d09 100644
--- a/gas/gen-sframe.c
+++ b/gas/gen-sframe.c
@@ -1272,6 +1272,19 @@ sframe_xlate_do_aarch64_negate_ra_state (struct sframe_xlate_ctx *xlate_ctx,
   return SFRAME_XLATE_OK;
 }
 
+/* Translate DW_CFA_AARCH64_negate_ra_state_with_pc into SFrame context.
+   Return SFRAME_XLATE_OK if success.  */
+
+static int
+sframe_xlate_do_aarch64_negate_ra_state_with_pc (struct sframe_xlate_ctx *xlate_ctx ATTRIBUTE_UNUSED,
+						 struct cfi_insn_data *cfi_insn ATTRIBUTE_UNUSED)
+{
+  as_warn (_("skipping SFrame FDE; .cfi_negate_ra_state_with_pc"));
+  /* The used signing method should be encoded inside the FDE in SFrame v3.
+     For now, PAuth_LR extension is not supported with SFrame.  */
+  return SFRAME_XLATE_ERR_NOTREPRESENTED;  /* Not represented.  */
+}
+
 /* Translate DW_CFA_GNU_window_save into SFrame context.
    DW_CFA_GNU_window_save is a DWARF Sparc extension, but is multiplexed with a
    directive of DWARF AArch64 extension: DW_CFA_AARCH64_negate_ra_state.
@@ -1387,6 +1400,9 @@ sframe_do_cfi_insn (struct sframe_xlate_ctx *xlate_ctx,
     case DW_CFA_GNU_window_save:
       err = sframe_xlate_do_gnu_window_save (xlate_ctx, cfi_insn);
       break;
+    case DW_CFA_AARCH64_negate_ra_state_with_pc:
+      err = sframe_xlate_do_aarch64_negate_ra_state_with_pc (xlate_ctx, cfi_insn);
+      break;
     case DW_CFA_register:
       err = sframe_xlate_do_register (xlate_ctx, cfi_insn);
       break;
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d
new file mode 100644
index 00000000000..c81888b0021
--- /dev/null
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d
@@ -0,0 +1,25 @@
+#as: --gsframe
+#objdump: --sframe=.sframe
+#name: SFrame cfi_negate_ra_state_with_pc test
+#warning: Warning: skipping SFrame FDE; \.cfi_negate_ra_state_with_pc
+
+## The support for .cfi_negate_ra_state_with_pc is currently pending on SFrame
+## v3 (currently in development). The unimplemented support is reported to the
+## user as a warning. Then the handler returns an error that will cause no
+## creation of a SFrame FDE later (hence "Num FDEs: 0").
+## Note: this test will be expected to fail when the support of PAuth_LR in
+## SFrame will be added, so will have to be fixed.
+
+#...
+Contents of the SFrame section .sframe:
+
+  Header :
+
+    Version: SFRAME_VERSION_2
+    Flags: NONE
+    Num FDEs: 0
+    Num FREs: 0
+
+  Function Index :
+
+#pass
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s
new file mode 100644
index 00000000000..5fec6740047
--- /dev/null
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s
@@ -0,0 +1,23 @@
+## ARMv9.5 enhanced the existing PAuth feature with a new extensio called
+## PAuth_LR. It aims at hardening the PAC in a signed return address. When
+## signing the return address in LR, the PC is used as a diversifier, in
+## addition to the SP to generate the PAC code.
+## As for PAuth, when the pointers are mangled with PAuth_LR, the stack trace
+## generator needs to know so it can mask off the PAC from the pointer value to
+## recover the return address, and conversely, skip doing so if the pointers are
+## not mangled.
+##
+## .cfi_negate_ra_state_with_pc CFI directive is used to convey this information.
+##
+## SFrame has currently no support for this. The support is expected in SFrame
+## v3. This testcase ensures that the directive is understood, and outputs
+## a warning to the user before failing to generate the FDE.
+	.cfi_startproc
+	.long 0
+	.cfi_def_cfa_offset 16
+	.cfi_negate_ra_state_with_pc
+	.long 0
+	.cfi_offset 29, -16
+	.cfi_offset 30, -8
+	.long 0
+	.cfi_endproc
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
index 1de2c9f8037..b119b9da73d 100644
--- a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
@@ -98,5 +98,6 @@ if { [istarget "aarch64*-*-*"] && [gas_sframe_check] } then {
     run_dump_test "cfi-sframe-aarch64-1"
     run_dump_test "cfi-sframe-aarch64-2"
     run_dump_test "cfi-sframe-aarch64-3"
+    run_dump_test "cfi-sframe-aarch64-4"
     run_dump_test "cfi-sframe-aarch64-pac-ab-key-1"
 }
-- 
2.47.1

Re: [PATCH v3 4/4] aarch64 SFrame: skip with warning new CFI directive used with pauth_lr

[Hans-Peter Nilsson]

Random review comment:

On Mon, 13 Jan 2025, Matthieu Longo wrote:
> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s
> @@ -0,0 +1,23 @@
> +## ARMv9.5 enhanced the existing PAuth feature with a new extensio called

"extension"

brgds, H-P

Re: [PATCH v3 1/4] aarch64: make explicit that CFI gnu_window_save is for Sparc, not AArch64

[Indu Bhagat]

On 1/13/25 3:22 AM, Matthieu Longo wrote:
> - add a detailed comment when parsing DW_CFA_GNU_window_save in SFrame to
>    explain why we are checking whether the targeted architecture is AArch64,
>    whereas this CFI is a Sparc extension.
> - replace .cfi_gnu_window_save by .cfi_negate_ra_state in existing AArch64
>    DWARF tests as this is the preferred directive since GCC 15.
> - add a new AARch64 test to check backward compatibility with old GCC

Nit: AARch64 -> AArch64

>    versions that emits .cfi_gnu_window_save.
> ---
>   gas/gen-sframe.c                              |  8 +++-
>   gas/testsuite/gas/aarch64/pac_ab_key.s        |  4 +-
>   .../gas/aarch64/pac_compat_cfi_window_save.d  | 44 +++++++++++++++++++
>   .../gas/aarch64/pac_compat_cfi_window_save.s  | 20 +++++++++
>   4 files changed, 73 insertions(+), 3 deletions(-)
>   create mode 100644 gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.d
>   create mode 100644 gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.s
> 
> diff --git a/gas/gen-sframe.c b/gas/gen-sframe.c
> index 71296f2f4fb..a3c40bdd735 100644
> --- a/gas/gen-sframe.c
> +++ b/gas/gen-sframe.c
> @@ -1273,7 +1273,13 @@ sframe_xlate_do_aarch64_negate_ra_state (struct sframe_xlate_ctx *xlate_ctx,
>   }
>   
>   /* Translate DW_CFA_GNU_window_save into SFrame context.
> -   DW_CFA_AARCH64_negate_ra_state is multiplexed with DW_CFA_GNU_window_save.
> +   DW_CFA_GNU_window_save is a DWARF Sparc extension, but is multiplexed with a
> +   directive of DWARF AArch64 extension: DW_CFA_AARCH64_negate_ra_state.
> +   The AArch64 backend of GCC 14 and older versions was emitting mistakenly the
> +   Sparc CFI directive (.cfi_window_save).  From GCC 15, the AArch64 backend
> +   only emits .cfi_negate_ra_state.  For backward compatibility, the handler for
> +   .cfi_window_save needs to check whether the directive was used in a AArch ABI

Nit: AArch -> AArch64 ?

In context of the SFrame changes here,  AArch64 should still make sense 
(although the multiplexing of directives is applicable to the 32-bit Arm 
as well).

OK for the SFrame file changes.

> +   context or not.
>      Return SFRAME_XLATE_OK if success.  */
>   
>   static int
> diff --git a/gas/testsuite/gas/aarch64/pac_ab_key.s b/gas/testsuite/gas/aarch64/pac_ab_key.s
> index 4b328e72ae4..3b81919409d 100644
> --- a/gas/testsuite/gas/aarch64/pac_ab_key.s
> +++ b/gas/testsuite/gas/aarch64/pac_ab_key.s
> @@ -7,7 +7,7 @@ _Z5foo_av:
>   .LFB0:
>   	.cfi_startproc
>   	hint	25 // paciasp
> -	.cfi_window_save
> +	.cfi_negate_ra_state
>   	stp	x29, x30, [sp, -16]!
>   	.cfi_def_cfa_offset 16
>   	.cfi_offset 29, -16
> @@ -23,7 +23,7 @@ _Z5foo_bv:
>   	.cfi_startproc
>   	.cfi_b_key_frame
>   	hint	27 // pacibsp
> -	.cfi_window_save
> +	.cfi_negate_ra_state
>   	stp	x29, x30, [sp, -16]!
>   	.cfi_def_cfa_offset 16
>   	.cfi_offset 29, -16
> diff --git a/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.d b/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.d
> new file mode 100644
> index 00000000000..8e59086c1b4
> --- /dev/null
> +++ b/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.d
> @@ -0,0 +1,44 @@
> +#objdump: --dwarf=frames
> +# This test is only valid on ELF based ports.
> +#notarget: *-*-*coff *-*-pe *-*-wince *-*-*aout* *-*-netbsd
> +
> +## ARMv8.3 adds support for a new security feature named Pointer Authentication.
> +## The main idea behind this is to use the unused bits in the pointer values.
> +## Each pointer is patched with a PAC before writing to memory, and is verified
> +## before using it.
> +## When the pointers are mangled, the stack trace generator needs to know so it
> +## can mask off the PAC from the pointer value to recover the return address,
> +## and conversely, skip doing so if the pointers are not mangled.
> +##
> +## .cfi_negate_ra_state CFI directive is usually used to convey this information.
> +## .cfi_negate_ra_state and .cfi_window_save are both in the processor-specific
> +## numbering space, but use the same code value in the dwarf tables.
> +## In GCC 14 and older, the Sparc DWARF extension .cfi_window_save is emitted
> +## instead of .cfi_negate_ra_state, but it mapped to the same value. GCC 15 fixed
> +## this naming issue and there is no change to the object file created when the
> +## source is assembled. Nevertheless the support for the SPARC directive is
> +## preserved in binutils for backward compatibility with existing GCC releases,
> +## hence this test.
> +
> +.+:     file .+
> +
> +Contents of the .eh_frame section:
> +
> +0+ 0+10 0+ CIE
> +  Version:               1
> +  Augmentation:          "zR"
> +  Code alignment factor: 4
> +  Data alignment factor: -8
> +  Return address column: 30
> +  Augmentation data:     1b
> +  DW_CFA_def_cfa: r31 \(sp\) ofs 0
> +
> +0+14 0+18 0+18 FDE cie=0+ pc=0+\.\.0+8
> +  DW_CFA_advance_loc: 4 to 0+4
> +  DW_CFA_AARCH64_negate_ra_state
> +  DW_CFA_advance_loc: 4 to 0+8
> +  DW_CFA_def_cfa_offset: 16
> +  DW_CFA_offset: r29 \(x29\) at cfa-16
> +  DW_CFA_offset: r30 \(x30\) at cfa-8
> +  DW_CFA_nop
> +  DW_CFA_nop
> diff --git a/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.s b/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.s
> new file mode 100644
> index 00000000000..92a54f3a344
> --- /dev/null
> +++ b/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.s
> @@ -0,0 +1,20 @@
> +	.arch armv8-a
> +	.text
> +	.align	2
> +	.global	_Z5foo_av
> +	.type	_Z5foo_av, %function
> +_Z5foo_av:
> +.LFB0:
> +	.cfi_startproc
> +	hint	25 // paciasp
> +	.cfi_window_save // really .cfi_negate_ra_state
> +	stp	x29, x30, [sp, -16]!
> +	.cfi_def_cfa_offset 16
> +	.cfi_offset 29, -16
> +	.cfi_offset 30, -8
> +	.cfi_endproc
> +.LFE0:
> +	.size	_Z5foo_av, .-_Z5foo_av
> +	.align	2
> +	.global	_Z5foo_bv
> +	.type	_Z5foo_bv, %function

Re: [PATCH v3 2/4] aarch64 SFrame: use preferred CFI directive for AArch64 PAC

[Indu Bhagat]

On 1/13/25 3:22 AM, Matthieu Longo wrote:
> ARMv8.3 addded support for a new security feature named Pointer
> Authentication. Support for this feature in SFrame already exists,
> but is relying on the deprecated "AArch64" (actually Sparc) CFI
> directive .cfi_gnu_window_save. .cfi_negate_ra_state CFI directive
> should be used instead to convey this information.
> 

Nit again, but I find the statement somewhat misleading.  SFrame support 
is not _relying_ on the specific CFI directive as you have already 
noted.  I guess this is just somewhat stale commit log now ?

How about we simply truncate the phrase "but is relying on the 
deprecated ... should be used instead of convey this information".

Patch OK otherwise.

Thanks

> In GCC 14 and older, the Sparc DWARF extension .cfi_gnu_window_save
> is emitted instead of .cfi_negate_ra_state.
> GCC 15 fixed this issue, but this behavior is preserved for backward
> compatibility.
> 
> The existing sframe test for AArch64 PAC was using .cfi_gnu_window_save.
> This patch replaces this CFI in the existing test by the preferred one,
> and adds a new test to check for backward compatibility when using
> .cfi_gnu_window_save.
> ---
>   .../gas/cfi-sframe/cfi-sframe-aarch64-3.d     | 20 ++++++++++++++
>   .../gas/cfi-sframe/cfi-sframe-aarch64-3.s     | 26 +++++++++++++++++++
>   .../cfi-sframe-aarch64-pac-ab-key-1.s         |  8 +++---
>   gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
>   4 files changed, 51 insertions(+), 4 deletions(-)
>   create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.d
>   create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.s
> 
> diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.d b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.d
> new file mode 100644
> index 00000000000..f72b70a970a
> --- /dev/null
> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.d
> @@ -0,0 +1,20 @@
> +#as: --gsframe
> +#objdump: --sframe=.sframe
> +#name: SFrame cfi_negate_ra_state test (using cfi_window_save)
> +#...
> +Contents of the SFrame section .sframe:
> +
> +  Header :
> +
> +    Version: SFRAME_VERSION_2
> +    Flags: NONE
> +    Num FDEs: 1
> +    Num FREs: 2
> +
> +  Function Index :
> +    func idx \[0\]: pc = 0x0, size = 8 bytes
> +    STARTPC + CFA + FP + RA +
> +#...
> +    0+0004 +sp\+16 +u +u\[s\] +
> +
> +#pass
> diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.s b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.s
> new file mode 100644
> index 00000000000..de96b2071a5
> --- /dev/null
> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.s
> @@ -0,0 +1,26 @@
> +## ARMv8.3 adds support for a new security feature named Pointer Authentication.
> +## The main idea behind this is to use the unused bits in the pointer values.
> +## Each pointer is patched with a PAC before writing to memory, and is verified
> +## before using it.
> +## When the pointers are mangled, the stack trace generator needs to know so it
> +## can mask off the PAC from the pointer value to recover the return address,
> +## and conversely, skip doing so if the pointers are not mangled.
> +##
> +## .cfi_negate_ra_state CFI directive is usually used to convey this information.
> +## .cfi_negate_ra_state and .cfi_window_save are both in the processor-specific
> +## numbering space, but use the same code value in the dwarf tables.
> +## In GCC 14 and older, the Sparc DWARF extension .cfi_window_save is emitted
> +## instead of .cfi_negate_ra_state, but it mapped to the same value. GCC 15 fixed
> +## this naming issue and there is no change to the object file created when the
> +## source is assembled. Nevertheless the support for the SPARC directive is
> +## preserved in binutils for backward compatibility with existing GCC releases,
> +## hence this test.
> +##
> +## SFrame has support for this. This testcase ensures that the directive
> +## is interpreted successfully.
> +	.cfi_startproc
> +	.long 0
> +	.cfi_def_cfa_offset 16
> +	.cfi_window_save // really .cfi_negate_ra_state
> +	.long 0
> +	.cfi_endproc
> diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
> index d9a408c668c..84230a99e3c 100644
> --- a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
> @@ -8,12 +8,12 @@ _Z5foo_av:
>   .LFB0:
>   	.cfi_startproc
>   	hint	25 // paciasp
> -	.cfi_window_save
> +	.cfi_negate_ra_state
>   	stp	x29, x30, [sp, -16]!
>   	.cfi_def_cfa_offset 16
>   	.cfi_offset 29, -16
>   	.cfi_offset 30, -8
> -        ret
> +	ret
>   	.cfi_endproc
>   .LFE0:
>   	.size	_Z5foo_av, .-_Z5foo_av
> @@ -25,12 +25,12 @@ _Z5foo_bv:
>   	.cfi_startproc
>   	.cfi_b_key_frame
>   	hint	27 // pacibsp
> -	.cfi_window_save
> +	.cfi_negate_ra_state
>   	stp	x29, x30, [sp, -16]!
>   	.cfi_def_cfa_offset 16
>   	.cfi_offset 29, -16
>   	.cfi_offset 30, -8
>   	nop
>   	nop
> -        ret
> +	ret
>   	.cfi_endproc
> diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
> index 48eb0ed2182..1de2c9f8037 100644
> --- a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
> @@ -97,5 +97,6 @@ if { [istarget "x86_64-*-*"] && [gas_sframe_check] } then {
>   if { [istarget "aarch64*-*-*"] && [gas_sframe_check] } then {
>       run_dump_test "cfi-sframe-aarch64-1"
>       run_dump_test "cfi-sframe-aarch64-2"
> +    run_dump_test "cfi-sframe-aarch64-3"
>       run_dump_test "cfi-sframe-aarch64-pac-ab-key-1"
>   }

Re: [PATCH v3 4/4] aarch64 SFrame: skip with warning new CFI directive used with pauth_lr

[Indu Bhagat]

On 1/13/25 3:22 AM, Matthieu Longo wrote:
> Today, SFrame v2 specification does not describe how to encode the
> information corresponding to the PAC signing method.
> SFrame v3 specification should hopefully specify it.
> 

How about we add "Pauth_LR" as the specific PAC signing method in the 
statement above? Something like:

"Today, SFrame V2 specification does not describe how to encode the 
information corresponding to the Pauth_LR PAC signing method (it only 
support Pauth PAC signing method).  SFrame V3 ..."

> In the meantime, if the GNU assembler finds .cfi_negate_ra_state_with_pc
> and --gsframe is specified, it will output a warning to the user and
> will fail to generate the FDE entry.
> 
> A new SFrame test for .cfi_negate_ra_state_with_pc is also added to
> reflect this issue.

OK.

Thanks for the patch

> ---
>   gas/gen-sframe.c                              | 16 ++++++++++++
>   .../gas/cfi-sframe/cfi-sframe-aarch64-4.d     | 25 +++++++++++++++++++
>   .../gas/cfi-sframe/cfi-sframe-aarch64-4.s     | 23 +++++++++++++++++
>   gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
>   4 files changed, 65 insertions(+)
>   create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d
>   create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s
> 
> diff --git a/gas/gen-sframe.c b/gas/gen-sframe.c
> index a3c40bdd735..e96b7c02d09 100644
> --- a/gas/gen-sframe.c
> +++ b/gas/gen-sframe.c
> @@ -1272,6 +1272,19 @@ sframe_xlate_do_aarch64_negate_ra_state (struct sframe_xlate_ctx *xlate_ctx,
>     return SFRAME_XLATE_OK;
>   }
>   
> +/* Translate DW_CFA_AARCH64_negate_ra_state_with_pc into SFrame context.
> +   Return SFRAME_XLATE_OK if success.  */
> +
> +static int
> +sframe_xlate_do_aarch64_negate_ra_state_with_pc (struct sframe_xlate_ctx *xlate_ctx ATTRIBUTE_UNUSED,
> +						 struct cfi_insn_data *cfi_insn ATTRIBUTE_UNUSED)
> +{
> +  as_warn (_("skipping SFrame FDE; .cfi_negate_ra_state_with_pc"));
> +  /* The used signing method should be encoded inside the FDE in SFrame v3.
> +     For now, PAuth_LR extension is not supported with SFrame.  */
> +  return SFRAME_XLATE_ERR_NOTREPRESENTED;  /* Not represented.  */
> +}
> +
>   /* Translate DW_CFA_GNU_window_save into SFrame context.
>      DW_CFA_GNU_window_save is a DWARF Sparc extension, but is multiplexed with a
>      directive of DWARF AArch64 extension: DW_CFA_AARCH64_negate_ra_state.
> @@ -1387,6 +1400,9 @@ sframe_do_cfi_insn (struct sframe_xlate_ctx *xlate_ctx,
>       case DW_CFA_GNU_window_save:
>         err = sframe_xlate_do_gnu_window_save (xlate_ctx, cfi_insn);
>         break;
> +    case DW_CFA_AARCH64_negate_ra_state_with_pc:
> +      err = sframe_xlate_do_aarch64_negate_ra_state_with_pc (xlate_ctx, cfi_insn);
> +      break;
>       case DW_CFA_register:
>         err = sframe_xlate_do_register (xlate_ctx, cfi_insn);
>         break;
> diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d
> new file mode 100644
> index 00000000000..c81888b0021
> --- /dev/null
> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d
> @@ -0,0 +1,25 @@
> +#as: --gsframe
> +#objdump: --sframe=.sframe
> +#name: SFrame cfi_negate_ra_state_with_pc test
> +#warning: Warning: skipping SFrame FDE; \.cfi_negate_ra_state_with_pc
> +
> +## The support for .cfi_negate_ra_state_with_pc is currently pending on SFrame
> +## v3 (currently in development). The unimplemented support is reported to the
> +## user as a warning. Then the handler returns an error that will cause no
> +## creation of a SFrame FDE later (hence "Num FDEs: 0").
> +## Note: this test will be expected to fail when the support of PAuth_LR in
> +## SFrame will be added, so will have to be fixed.
> +
> +#...
> +Contents of the SFrame section .sframe:
> +
> +  Header :
> +
> +    Version: SFRAME_VERSION_2
> +    Flags: NONE
> +    Num FDEs: 0
> +    Num FREs: 0
> +
> +  Function Index :
> +
> +#pass
> diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s
> new file mode 100644
> index 00000000000..5fec6740047
> --- /dev/null
> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s
> @@ -0,0 +1,23 @@
> +## ARMv9.5 enhanced the existing PAuth feature with a new extensio called
> +## PAuth_LR. It aims at hardening the PAC in a signed return address. When
> +## signing the return address in LR, the PC is used as a diversifier, in
> +## addition to the SP to generate the PAC code.
> +## As for PAuth, when the pointers are mangled with PAuth_LR, the stack trace
> +## generator needs to know so it can mask off the PAC from the pointer value to
> +## recover the return address, and conversely, skip doing so if the pointers are
> +## not mangled.
> +##
> +## .cfi_negate_ra_state_with_pc CFI directive is used to convey this information.
> +##
> +## SFrame has currently no support for this. The support is expected in SFrame
> +## v3. This testcase ensures that the directive is understood, and outputs
> +## a warning to the user before failing to generate the FDE.
> +	.cfi_startproc
> +	.long 0
> +	.cfi_def_cfa_offset 16
> +	.cfi_negate_ra_state_with_pc
> +	.long 0
> +	.cfi_offset 29, -16
> +	.cfi_offset 30, -8
> +	.long 0
> +	.cfi_endproc
> diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
> index 1de2c9f8037..b119b9da73d 100644
> --- a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
> @@ -98,5 +98,6 @@ if { [istarget "aarch64*-*-*"] && [gas_sframe_check] } then {
>       run_dump_test "cfi-sframe-aarch64-1"
>       run_dump_test "cfi-sframe-aarch64-2"
>       run_dump_test "cfi-sframe-aarch64-3"
> +    run_dump_test "cfi-sframe-aarch64-4"
>       run_dump_test "cfi-sframe-aarch64-pac-ab-key-1"
>   }

Re: [PATCH v3 3/4] aarch64 DWARF: add new CFI directive for PAuth_LR

[Indu Bhagat]

On 1/13/25 3:22 AM, Matthieu Longo wrote:
> This patch adds a new CFI directive (cfi_negate_ra_state_with_pc) which
> set an additional bit in the RA state to inform that RA was signed with
> SP but also PC as an additional diversifier.
> 
> RA state | Description
> 0b00     | Return address not signed (default if no cfi_negate_ra_state*)
> 0b01     | Return address signed with SP (cfi_negate_ra_state)
> 0b10     | Invalid state
> 0b11     | Return address signed with SP+PC (cfi_negate_ra_state_with_pc)
> ---
>   bfd/elf-eh-frame.c |  1 +
>   binutils/dwarf.c   |  5 +++++
>   gas/dw2gencfi.c    | 10 ++++++++++
>   gas/scfidw2gen.c   |  1 +
>   include/dwarf2.def |  2 ++
>   5 files changed, 19 insertions(+)
> 

Comments below. The changes look OK to me for the scfi*; I cannot 
approve the other components.

Thanks

> diff --git a/bfd/elf-eh-frame.c b/bfd/elf-eh-frame.c
> index d903e27a676..b6f5078bb33 100644
> --- a/bfd/elf-eh-frame.c
> +++ b/bfd/elf-eh-frame.c
> @@ -359,6 +359,7 @@ skip_cfa_op (bfd_byte **iter, bfd_byte *end, unsigned int encoded_ptr_width)
>       case DW_CFA_remember_state:
>       case DW_CFA_restore_state:
>       case DW_CFA_GNU_window_save:
> +    case DW_CFA_AARCH64_negate_ra_state_with_pc:
>         /* No arguments.  */
>         return true;
>   
> diff --git a/binutils/dwarf.c b/binutils/dwarf.c
> index 626efb2eb9a..8e004cea839 100644
> --- a/binutils/dwarf.c
> +++ b/binutils/dwarf.c
> @@ -10408,6 +10408,11 @@ display_debug_frames (struct dwarf_section *section,
>   	      fc->pc_begin += ofs;
>   	      break;
>   
> +	    case DW_CFA_AARCH64_negate_ra_state_with_pc:
> +	      if (! do_debug_frames_interp)
> +		printf ("  DW_CFA_AARCH64_negate_ra_state_with_pc\n");
> +	      break;
> +
>   	    case DW_CFA_GNU_window_save:
>   	      if (! do_debug_frames_interp)
>   		printf ("  %s\n", DW_CFA_GNU_window_save_name[is_aarch64]);
> diff --git a/gas/dw2gencfi.c b/gas/dw2gencfi.c
> index fbeb697af09..c984d8326d0 100644
> --- a/gas/dw2gencfi.c
> +++ b/gas/dw2gencfi.c
> @@ -714,6 +714,7 @@ const pseudo_typeS cfi_pseudo_table[] =
>       { "cfi_restore_state", dot_cfi, DW_CFA_restore_state },
>       { "cfi_window_save", dot_cfi, DW_CFA_GNU_window_save },
>       { "cfi_negate_ra_state", dot_cfi, DW_CFA_AARCH64_negate_ra_state },
> +    { "cfi_negate_ra_state_with_pc", dot_cfi, DW_CFA_AARCH64_negate_ra_state_with_pc },

Also keep the cfi_pseudo_table[] for the case when "#else /* 
TARGET_USE_CFIPOP */" in the file in sync ?

>       { "cfi_escape", dot_cfi_escape, 0 },
>       { "cfi_signal_frame", dot_cfi, CFI_signal_frame },
>       { "cfi_personality", dot_cfi_personality, 0 },
> @@ -914,6 +915,10 @@ dot_cfi (int arg)
>         cfi_add_CFA_insn (DW_CFA_GNU_window_save);
>         break;
>   
> +    case DW_CFA_AARCH64_negate_ra_state_with_pc:
> +      cfi_add_CFA_insn (DW_CFA_AARCH64_negate_ra_state_with_pc);
> +      break;
> +
>       case CFI_signal_frame:
>         frchain_now->frch_cfi_data->cur_fde_data->signal_frame = 1;
>         break;
> @@ -1754,6 +1759,10 @@ output_cfi_insn (struct cfi_insn_data *insn)
>         out_one (DW_CFA_GNU_window_save);
>         break;
>   
> +    case DW_CFA_AARCH64_negate_ra_state_with_pc:
> +      out_one (DW_CFA_AARCH64_negate_ra_state_with_pc);
> +      break;
> +
>       case CFI_escape:
>         {
>   	struct cfi_escape_data *e;
> @@ -2212,6 +2221,7 @@ cfi_change_reg_numbers (struct cfi_insn_data *insn, segT ccseg)
>   	case DW_CFA_remember_state:
>   	case DW_CFA_restore_state:
>   	case DW_CFA_GNU_window_save:
> +	case DW_CFA_AARCH64_negate_ra_state_with_pc:
>   	case CFI_escape:
>   	case CFI_label:
>   	  break;
> diff --git a/gas/scfidw2gen.c b/gas/scfidw2gen.c
> index 7463207e170..9b3ad4b13e0 100644
> --- a/gas/scfidw2gen.c
> +++ b/gas/scfidw2gen.c
> @@ -113,6 +113,7 @@ const pseudo_typeS scfi_pseudo_table[] =
>       { "cfi_restore_state", dot_scfi_ignore, 0 },
>       { "cfi_window_save", dot_scfi_ignore, 0 },
>       { "cfi_negate_ra_state", dot_scfi_ignore, 0 },
> +    { "cfi_negate_ra_state_with_pc", dot_scfi_ignore, 0 },
>       { "cfi_escape", dot_scfi_ignore, 0 },
>       { "cfi_personality", dot_scfi_ignore, 0 },
>       { "cfi_personality_id", dot_scfi_ignore, 0 },
> diff --git a/include/dwarf2.def b/include/dwarf2.def
> index 63cb35560e7..477b2ca20c0 100644
> --- a/include/dwarf2.def
> +++ b/include/dwarf2.def
> @@ -785,6 +785,8 @@ DW_CFA (DW_CFA_hi_user, 0x3f)
>   
>   /* SGI/MIPS specific.  */
>   DW_CFA (DW_CFA_MIPS_advance_loc8, 0x1d)
> +/* AArch64 extensions. */

Nit: dot, space, space, end of comment

> +DW_CFA (DW_CFA_AARCH64_negate_ra_state_with_pc, 0x2c)
>   /* GNU extensions.
>      NOTE: DW_CFA_GNU_window_save is multiplexed on Sparc and AArch64.  */
>   DW_CFA (DW_CFA_GNU_window_save, 0x2d)

Re: [PATCH v3 1/4] aarch64: make explicit that CFI gnu_window_save is for Sparc, not AArch64

[Matthieu Longo]

On 2025-01-13 23:10, Indu Bhagat wrote:
> On 1/13/25 3:22 AM, Matthieu Longo wrote:
>> - add a detailed comment when parsing DW_CFA_GNU_window_save in SFrame to
>>    explain why we are checking whether the targeted architecture is 
>> AArch64,
>>    whereas this CFI is a Sparc extension.
>> - replace .cfi_gnu_window_save by .cfi_negate_ra_state in existing 
>> AArch64
>>    DWARF tests as this is the preferred directive since GCC 15.
>> - add a new AARch64 test to check backward compatibility with old GCC
> 
> Nit: AARch64 -> AArch64
> 

Fixed.

>>    versions that emits .cfi_gnu_window_save.
>> ---
>>   gas/gen-sframe.c                              |  8 +++-
>>   gas/testsuite/gas/aarch64/pac_ab_key.s        |  4 +-
>>   .../gas/aarch64/pac_compat_cfi_window_save.d  | 44 +++++++++++++++++++
>>   .../gas/aarch64/pac_compat_cfi_window_save.s  | 20 +++++++++
>>   4 files changed, 73 insertions(+), 3 deletions(-)
>>   create mode 100644 gas/testsuite/gas/aarch64/ 
>> pac_compat_cfi_window_save.d
>>   create mode 100644 gas/testsuite/gas/aarch64/ 
>> pac_compat_cfi_window_save.s
>>
>> diff --git a/gas/gen-sframe.c b/gas/gen-sframe.c
>> index 71296f2f4fb..a3c40bdd735 100644
>> --- a/gas/gen-sframe.c
>> +++ b/gas/gen-sframe.c
>> @@ -1273,7 +1273,13 @@ sframe_xlate_do_aarch64_negate_ra_state (struct 
>> sframe_xlate_ctx *xlate_ctx,
>>   }
>>   /* Translate DW_CFA_GNU_window_save into SFrame context.
>> -   DW_CFA_AARCH64_negate_ra_state is multiplexed with 
>> DW_CFA_GNU_window_save.
>> +   DW_CFA_GNU_window_save is a DWARF Sparc extension, but is 
>> multiplexed with a
>> +   directive of DWARF AArch64 extension: DW_CFA_AARCH64_negate_ra_state.
>> +   The AArch64 backend of GCC 14 and older versions was emitting 
>> mistakenly the
>> +   Sparc CFI directive (.cfi_window_save).  From GCC 15, the AArch64 
>> backend
>> +   only emits .cfi_negate_ra_state.  For backward compatibility, the 
>> handler for
>> +   .cfi_window_save needs to check whether the directive was used in 
>> a AArch ABI
> 
> Nit: AArch -> AArch64 ?

Fixed.

> In context of the SFrame changes here,  AArch64 should still make sense 
> (although the multiplexing of directives is applicable to the 32-bit Arm 
> as well).
> 
> OK for the SFrame file changes.

Thanks.

>> +   context or not.
>>      Return SFRAME_XLATE_OK if success.  */
>>   static int
>> diff --git a/gas/testsuite/gas/aarch64/pac_ab_key.s b/gas/testsuite/ 
>> gas/aarch64/pac_ab_key.s
>> index 4b328e72ae4..3b81919409d 100644
>> --- a/gas/testsuite/gas/aarch64/pac_ab_key.s
>> +++ b/gas/testsuite/gas/aarch64/pac_ab_key.s
>> @@ -7,7 +7,7 @@ _Z5foo_av:
>>   .LFB0:
>>       .cfi_startproc
>>       hint    25 // paciasp
>> -    .cfi_window_save
>> +    .cfi_negate_ra_state
>>       stp    x29, x30, [sp, -16]!
>>       .cfi_def_cfa_offset 16
>>       .cfi_offset 29, -16
>> @@ -23,7 +23,7 @@ _Z5foo_bv:
>>       .cfi_startproc
>>       .cfi_b_key_frame
>>       hint    27 // pacibsp
>> -    .cfi_window_save
>> +    .cfi_negate_ra_state
>>       stp    x29, x30, [sp, -16]!
>>       .cfi_def_cfa_offset 16
>>       .cfi_offset 29, -16
>> diff --git a/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.d b/ 
>> gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.d
>> new file mode 100644
>> index 00000000000..8e59086c1b4
>> --- /dev/null
>> +++ b/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.d
>> @@ -0,0 +1,44 @@
>> +#objdump: --dwarf=frames
>> +# This test is only valid on ELF based ports.
>> +#notarget: *-*-*coff *-*-pe *-*-wince *-*-*aout* *-*-netbsd
>> +
>> +## ARMv8.3 adds support for a new security feature named Pointer 
>> Authentication.
>> +## The main idea behind this is to use the unused bits in the pointer 
>> values.
>> +## Each pointer is patched with a PAC before writing to memory, and 
>> is verified
>> +## before using it.
>> +## When the pointers are mangled, the stack trace generator needs to 
>> know so it
>> +## can mask off the PAC from the pointer value to recover the return 
>> address,
>> +## and conversely, skip doing so if the pointers are not mangled.
>> +##
>> +## .cfi_negate_ra_state CFI directive is usually used to convey this 
>> information.
>> +## .cfi_negate_ra_state and .cfi_window_save are both in the 
>> processor-specific
>> +## numbering space, but use the same code value in the dwarf tables.
>> +## In GCC 14 and older, the Sparc DWARF extension .cfi_window_save is 
>> emitted
>> +## instead of .cfi_negate_ra_state, but it mapped to the same value. 
>> GCC 15 fixed
>> +## this naming issue and there is no change to the object file 
>> created when the
>> +## source is assembled. Nevertheless the support for the SPARC 
>> directive is
>> +## preserved in binutils for backward compatibility with existing GCC 
>> releases,
>> +## hence this test.
>> +
>> +.+:     file .+
>> +
>> +Contents of the .eh_frame section:
>> +
>> +0+ 0+10 0+ CIE
>> +  Version:               1
>> +  Augmentation:          "zR"
>> +  Code alignment factor: 4
>> +  Data alignment factor: -8
>> +  Return address column: 30
>> +  Augmentation data:     1b
>> +  DW_CFA_def_cfa: r31 \(sp\) ofs 0
>> +
>> +0+14 0+18 0+18 FDE cie=0+ pc=0+\.\.0+8
>> +  DW_CFA_advance_loc: 4 to 0+4
>> +  DW_CFA_AARCH64_negate_ra_state
>> +  DW_CFA_advance_loc: 4 to 0+8
>> +  DW_CFA_def_cfa_offset: 16
>> +  DW_CFA_offset: r29 \(x29\) at cfa-16
>> +  DW_CFA_offset: r30 \(x30\) at cfa-8
>> +  DW_CFA_nop
>> +  DW_CFA_nop
>> diff --git a/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.s b/ 
>> gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.s
>> new file mode 100644
>> index 00000000000..92a54f3a344
>> --- /dev/null
>> +++ b/gas/testsuite/gas/aarch64/pac_compat_cfi_window_save.s
>> @@ -0,0 +1,20 @@
>> +    .arch armv8-a
>> +    .text
>> +    .align    2
>> +    .global    _Z5foo_av
>> +    .type    _Z5foo_av, %function
>> +_Z5foo_av:
>> +.LFB0:
>> +    .cfi_startproc
>> +    hint    25 // paciasp
>> +    .cfi_window_save // really .cfi_negate_ra_state
>> +    stp    x29, x30, [sp, -16]!
>> +    .cfi_def_cfa_offset 16
>> +    .cfi_offset 29, -16
>> +    .cfi_offset 30, -8
>> +    .cfi_endproc
>> +.LFE0:
>> +    .size    _Z5foo_av, .-_Z5foo_av
>> +    .align    2
>> +    .global    _Z5foo_bv
>> +    .type    _Z5foo_bv, %function
> 

Re: [PATCH v3 2/4] aarch64 SFrame: use preferred CFI directive for AArch64 PAC

[Matthieu Longo]

On 2025-01-13 23:11, Indu Bhagat wrote:
> On 1/13/25 3:22 AM, Matthieu Longo wrote:
>> ARMv8.3 addded support for a new security feature named Pointer
>> Authentication. Support for this feature in SFrame already exists,
>> but is relying on the deprecated "AArch64" (actually Sparc) CFI
>> directive .cfi_gnu_window_save. .cfi_negate_ra_state CFI directive
>> should be used instead to convey this information.
>>
> 
> Nit again, but I find the statement somewhat misleading.  SFrame support 
> is not _relying_ on the specific CFI directive as you have already 
> noted.  I guess this is just somewhat stale commit log now ?
> 
> How about we simply truncate the phrase "but is relying on the 
> deprecated ... should be used instead of convey this information".

Fixed.

> Patch OK otherwise.
> 
> Thanks
> 
>> In GCC 14 and older, the Sparc DWARF extension .cfi_gnu_window_save
>> is emitted instead of .cfi_negate_ra_state.
>> GCC 15 fixed this issue, but this behavior is preserved for backward
>> compatibility.
>>
>> The existing sframe test for AArch64 PAC was using .cfi_gnu_window_save.
>> This patch replaces this CFI in the existing test by the preferred one,
>> and adds a new test to check for backward compatibility when using
>> .cfi_gnu_window_save.
>> ---
>>   .../gas/cfi-sframe/cfi-sframe-aarch64-3.d     | 20 ++++++++++++++
>>   .../gas/cfi-sframe/cfi-sframe-aarch64-3.s     | 26 +++++++++++++++++++
>>   .../cfi-sframe-aarch64-pac-ab-key-1.s         |  8 +++---
>>   gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
>>   4 files changed, 51 insertions(+), 4 deletions(-)
>>   create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.d
>>   create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.s
>>
>> diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.d b/ 
>> gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.d
>> new file mode 100644
>> index 00000000000..f72b70a970a
>> --- /dev/null
>> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.d
>> @@ -0,0 +1,20 @@
>> +#as: --gsframe
>> +#objdump: --sframe=.sframe
>> +#name: SFrame cfi_negate_ra_state test (using cfi_window_save)
>> +#...
>> +Contents of the SFrame section .sframe:
>> +
>> +  Header :
>> +
>> +    Version: SFRAME_VERSION_2
>> +    Flags: NONE
>> +    Num FDEs: 1
>> +    Num FREs: 2
>> +
>> +  Function Index :
>> +    func idx \[0\]: pc = 0x0, size = 8 bytes
>> +    STARTPC + CFA + FP + RA +
>> +#...
>> +    0+0004 +sp\+16 +u +u\[s\] +
>> +
>> +#pass
>> diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.s b/ 
>> gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.s
>> new file mode 100644
>> index 00000000000..de96b2071a5
>> --- /dev/null
>> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-3.s
>> @@ -0,0 +1,26 @@
>> +## ARMv8.3 adds support for a new security feature named Pointer 
>> Authentication.
>> +## The main idea behind this is to use the unused bits in the pointer 
>> values.
>> +## Each pointer is patched with a PAC before writing to memory, and 
>> is verified
>> +## before using it.
>> +## When the pointers are mangled, the stack trace generator needs to 
>> know so it
>> +## can mask off the PAC from the pointer value to recover the return 
>> address,
>> +## and conversely, skip doing so if the pointers are not mangled.
>> +##
>> +## .cfi_negate_ra_state CFI directive is usually used to convey this 
>> information.
>> +## .cfi_negate_ra_state and .cfi_window_save are both in the 
>> processor-specific
>> +## numbering space, but use the same code value in the dwarf tables.
>> +## In GCC 14 and older, the Sparc DWARF extension .cfi_window_save is 
>> emitted
>> +## instead of .cfi_negate_ra_state, but it mapped to the same value. 
>> GCC 15 fixed
>> +## this naming issue and there is no change to the object file 
>> created when the
>> +## source is assembled. Nevertheless the support for the SPARC 
>> directive is
>> +## preserved in binutils for backward compatibility with existing GCC 
>> releases,
>> +## hence this test.
>> +##
>> +## SFrame has support for this. This testcase ensures that the directive
>> +## is interpreted successfully.
>> +    .cfi_startproc
>> +    .long 0
>> +    .cfi_def_cfa_offset 16
>> +    .cfi_window_save // really .cfi_negate_ra_state
>> +    .long 0
>> +    .cfi_endproc
>> diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab- 
>> key-1.s b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
>> index d9a408c668c..84230a99e3c 100644
>> --- a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
>> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
>> @@ -8,12 +8,12 @@ _Z5foo_av:
>>   .LFB0:
>>       .cfi_startproc
>>       hint    25 // paciasp
>> -    .cfi_window_save
>> +    .cfi_negate_ra_state
>>       stp    x29, x30, [sp, -16]!
>>       .cfi_def_cfa_offset 16
>>       .cfi_offset 29, -16
>>       .cfi_offset 30, -8
>> -        ret
>> +    ret
>>       .cfi_endproc
>>   .LFE0:
>>       .size    _Z5foo_av, .-_Z5foo_av
>> @@ -25,12 +25,12 @@ _Z5foo_bv:
>>       .cfi_startproc
>>       .cfi_b_key_frame
>>       hint    27 // pacibsp
>> -    .cfi_window_save
>> +    .cfi_negate_ra_state
>>       stp    x29, x30, [sp, -16]!
>>       .cfi_def_cfa_offset 16
>>       .cfi_offset 29, -16
>>       .cfi_offset 30, -8
>>       nop
>>       nop
>> -        ret
>> +    ret
>>       .cfi_endproc
>> diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp b/gas/ 
>> testsuite/gas/cfi-sframe/cfi-sframe.exp
>> index 48eb0ed2182..1de2c9f8037 100644
>> --- a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
>> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
>> @@ -97,5 +97,6 @@ if { [istarget "x86_64-*-*"] && [gas_sframe_check] } 
>> then {
>>   if { [istarget "aarch64*-*-*"] && [gas_sframe_check] } then {
>>       run_dump_test "cfi-sframe-aarch64-1"
>>       run_dump_test "cfi-sframe-aarch64-2"
>> +    run_dump_test "cfi-sframe-aarch64-3"
>>       run_dump_test "cfi-sframe-aarch64-pac-ab-key-1"
>>   }
> 

Re: [PATCH v3 3/4] aarch64 DWARF: add new CFI directive for PAuth_LR

[Matthieu Longo]

On 2025-01-13 23:29, Indu Bhagat wrote:
> On 1/13/25 3:22 AM, Matthieu Longo wrote:
>> This patch adds a new CFI directive (cfi_negate_ra_state_with_pc) which
>> set an additional bit in the RA state to inform that RA was signed with
>> SP but also PC as an additional diversifier.
>>
>> RA state | Description
>> 0b00     | Return address not signed (default if no cfi_negate_ra_state*)
>> 0b01     | Return address signed with SP (cfi_negate_ra_state)
>> 0b10     | Invalid state
>> 0b11     | Return address signed with SP+PC (cfi_negate_ra_state_with_pc)
>> ---
>>   bfd/elf-eh-frame.c |  1 +
>>   binutils/dwarf.c   |  5 +++++
>>   gas/dw2gencfi.c    | 10 ++++++++++
>>   gas/scfidw2gen.c   |  1 +
>>   include/dwarf2.def |  2 ++
>>   5 files changed, 19 insertions(+)
>>
> 
> Comments below. The changes look OK to me for the scfi*; I cannot 
> approve the other components.
> 
> Thanks

Jan Beulich also approved the changes in v2: 
https://inbox.sourceware.org/binutils/ddbf42f2-2b19-4faa-84d1-5f2a77b31a50@suse.com/

Thanks.

>> diff --git a/bfd/elf-eh-frame.c b/bfd/elf-eh-frame.c
>> index d903e27a676..b6f5078bb33 100644
>> --- a/bfd/elf-eh-frame.c
>> +++ b/bfd/elf-eh-frame.c
>> @@ -359,6 +359,7 @@ skip_cfa_op (bfd_byte **iter, bfd_byte *end, 
>> unsigned int encoded_ptr_width)
>>       case DW_CFA_remember_state:
>>       case DW_CFA_restore_state:
>>       case DW_CFA_GNU_window_save:
>> +    case DW_CFA_AARCH64_negate_ra_state_with_pc:
>>         /* No arguments.  */
>>         return true;
>> diff --git a/binutils/dwarf.c b/binutils/dwarf.c
>> index 626efb2eb9a..8e004cea839 100644
>> --- a/binutils/dwarf.c
>> +++ b/binutils/dwarf.c
>> @@ -10408,6 +10408,11 @@ display_debug_frames (struct dwarf_section 
>> *section,
>>             fc->pc_begin += ofs;
>>             break;
>> +        case DW_CFA_AARCH64_negate_ra_state_with_pc:
>> +          if (! do_debug_frames_interp)
>> +        printf ("  DW_CFA_AARCH64_negate_ra_state_with_pc\n");
>> +          break;
>> +
>>           case DW_CFA_GNU_window_save:
>>             if (! do_debug_frames_interp)
>>           printf ("  %s\n", DW_CFA_GNU_window_save_name[is_aarch64]);
>> diff --git a/gas/dw2gencfi.c b/gas/dw2gencfi.c
>> index fbeb697af09..c984d8326d0 100644
>> --- a/gas/dw2gencfi.c
>> +++ b/gas/dw2gencfi.c
>> @@ -714,6 +714,7 @@ const pseudo_typeS cfi_pseudo_table[] =
>>       { "cfi_restore_state", dot_cfi, DW_CFA_restore_state },
>>       { "cfi_window_save", dot_cfi, DW_CFA_GNU_window_save },
>>       { "cfi_negate_ra_state", dot_cfi, DW_CFA_AARCH64_negate_ra_state },
>> +    { "cfi_negate_ra_state_with_pc", dot_cfi, 
>> DW_CFA_AARCH64_negate_ra_state_with_pc },
> 
> Also keep the cfi_pseudo_table[] for the case when "#else /* 
> TARGET_USE_CFIPOP */" in the file in sync ?

Fixed. Thanks for catching this. cfi_negate_ra_state was also absent, so 
I added it along cfi_negate_ra_state_with_pc.

>>       { "cfi_escape", dot_cfi_escape, 0 },
>>       { "cfi_signal_frame", dot_cfi, CFI_signal_frame },
>>       { "cfi_personality", dot_cfi_personality, 0 },
>> @@ -914,6 +915,10 @@ dot_cfi (int arg)
>>         cfi_add_CFA_insn (DW_CFA_GNU_window_save);
>>         break;
>> +    case DW_CFA_AARCH64_negate_ra_state_with_pc:
>> +      cfi_add_CFA_insn (DW_CFA_AARCH64_negate_ra_state_with_pc);
>> +      break;
>> +
>>       case CFI_signal_frame:
>>         frchain_now->frch_cfi_data->cur_fde_data->signal_frame = 1;
>>         break;
>> @@ -1754,6 +1759,10 @@ output_cfi_insn (struct cfi_insn_data *insn)
>>         out_one (DW_CFA_GNU_window_save);
>>         break;
>> +    case DW_CFA_AARCH64_negate_ra_state_with_pc:
>> +      out_one (DW_CFA_AARCH64_negate_ra_state_with_pc);
>> +      break;
>> +
>>       case CFI_escape:
>>         {
>>       struct cfi_escape_data *e;
>> @@ -2212,6 +2221,7 @@ cfi_change_reg_numbers (struct cfi_insn_data 
>> *insn, segT ccseg)
>>       case DW_CFA_remember_state:
>>       case DW_CFA_restore_state:
>>       case DW_CFA_GNU_window_save:
>> +    case DW_CFA_AARCH64_negate_ra_state_with_pc:
>>       case CFI_escape:
>>       case CFI_label:
>>         break;
>> diff --git a/gas/scfidw2gen.c b/gas/scfidw2gen.c
>> index 7463207e170..9b3ad4b13e0 100644
>> --- a/gas/scfidw2gen.c
>> +++ b/gas/scfidw2gen.c
>> @@ -113,6 +113,7 @@ const pseudo_typeS scfi_pseudo_table[] =
>>       { "cfi_restore_state", dot_scfi_ignore, 0 },
>>       { "cfi_window_save", dot_scfi_ignore, 0 },
>>       { "cfi_negate_ra_state", dot_scfi_ignore, 0 },
>> +    { "cfi_negate_ra_state_with_pc", dot_scfi_ignore, 0 },
>>       { "cfi_escape", dot_scfi_ignore, 0 },
>>       { "cfi_personality", dot_scfi_ignore, 0 },
>>       { "cfi_personality_id", dot_scfi_ignore, 0 },
>> diff --git a/include/dwarf2.def b/include/dwarf2.def
>> index 63cb35560e7..477b2ca20c0 100644
>> --- a/include/dwarf2.def
>> +++ b/include/dwarf2.def
>> @@ -785,6 +785,8 @@ DW_CFA (DW_CFA_hi_user, 0x3f)
>>   /* SGI/MIPS specific.  */
>>   DW_CFA (DW_CFA_MIPS_advance_loc8, 0x1d)
>> +/* AArch64 extensions. */
> 
> Nit: dot, space, space, end of comment

Fixed.

>> +DW_CFA (DW_CFA_AARCH64_negate_ra_state_with_pc, 0x2c)
>>   /* GNU extensions.
>>      NOTE: DW_CFA_GNU_window_save is multiplexed on Sparc and 
>> AArch64.  */
>>   DW_CFA (DW_CFA_GNU_window_save, 0x2d)
> 

Re: [PATCH v3 4/4] aarch64 SFrame: skip with warning new CFI directive used with pauth_lr

[Matthieu Longo]

On 2025-01-13 22:44, Hans-Peter Nilsson wrote:
> Random review comment:
> 
> On Mon, 13 Jan 2025, Matthieu Longo wrote:
>> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s
>> @@ -0,0 +1,23 @@
>> +## ARMv9.5 enhanced the existing PAuth feature with a new extensio called
> 
> "extension"
> 
> brgds, H-P

Fixed.
Thanks

Re: [PATCH v3 4/4] aarch64 SFrame: skip with warning new CFI directive used with pauth_lr

[Matthieu Longo]

On 2025-01-13 23:12, Indu Bhagat wrote:
> On 1/13/25 3:22 AM, Matthieu Longo wrote:
>> Today, SFrame v2 specification does not describe how to encode the
>> information corresponding to the PAC signing method.
>> SFrame v3 specification should hopefully specify it.
>>
> 
> How about we add "Pauth_LR" as the specific PAC signing method in the 
> statement above? Something like:
> 
> "Today, SFrame V2 specification does not describe how to encode the 
> information corresponding to the Pauth_LR PAC signing method (it only 
> support Pauth PAC signing method).  SFrame V3 ..."
> 

Fixed.

>> In the meantime, if the GNU assembler finds .cfi_negate_ra_state_with_pc
>> and --gsframe is specified, it will output a warning to the user and
>> will fail to generate the FDE entry.
>>
>> A new SFrame test for .cfi_negate_ra_state_with_pc is also added to
>> reflect this issue.
> 
> OK.
> 
> Thanks for the patch
> 
>> ---
>>   gas/gen-sframe.c                              | 16 ++++++++++++
>>   .../gas/cfi-sframe/cfi-sframe-aarch64-4.d     | 25 +++++++++++++++++++
>>   .../gas/cfi-sframe/cfi-sframe-aarch64-4.s     | 23 +++++++++++++++++
>>   gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
>>   4 files changed, 65 insertions(+)
>>   create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d
>>   create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s
>>
>> diff --git a/gas/gen-sframe.c b/gas/gen-sframe.c
>> index a3c40bdd735..e96b7c02d09 100644
>> --- a/gas/gen-sframe.c
>> +++ b/gas/gen-sframe.c
>> @@ -1272,6 +1272,19 @@ sframe_xlate_do_aarch64_negate_ra_state (struct 
>> sframe_xlate_ctx *xlate_ctx,
>>     return SFRAME_XLATE_OK;
>>   }
>> +/* Translate DW_CFA_AARCH64_negate_ra_state_with_pc into SFrame context.
>> +   Return SFRAME_XLATE_OK if success.  */
>> +
>> +static int
>> +sframe_xlate_do_aarch64_negate_ra_state_with_pc (struct 
>> sframe_xlate_ctx *xlate_ctx ATTRIBUTE_UNUSED,
>> +                         struct cfi_insn_data *cfi_insn 
>> ATTRIBUTE_UNUSED)
>> +{
>> +  as_warn (_("skipping SFrame FDE; .cfi_negate_ra_state_with_pc"));
>> +  /* The used signing method should be encoded inside the FDE in 
>> SFrame v3.
>> +     For now, PAuth_LR extension is not supported with SFrame.  */
>> +  return SFRAME_XLATE_ERR_NOTREPRESENTED;  /* Not represented.  */
>> +}
>> +
>>   /* Translate DW_CFA_GNU_window_save into SFrame context.
>>      DW_CFA_GNU_window_save is a DWARF Sparc extension, but is 
>> multiplexed with a
>>      directive of DWARF AArch64 extension: 
>> DW_CFA_AARCH64_negate_ra_state.
>> @@ -1387,6 +1400,9 @@ sframe_do_cfi_insn (struct sframe_xlate_ctx 
>> *xlate_ctx,
>>       case DW_CFA_GNU_window_save:
>>         err = sframe_xlate_do_gnu_window_save (xlate_ctx, cfi_insn);
>>         break;
>> +    case DW_CFA_AARCH64_negate_ra_state_with_pc:
>> +      err = sframe_xlate_do_aarch64_negate_ra_state_with_pc 
>> (xlate_ctx, cfi_insn);
>> +      break;
>>       case DW_CFA_register:
>>         err = sframe_xlate_do_register (xlate_ctx, cfi_insn);
>>         break;
>> diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d b/ 
>> gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d
>> new file mode 100644
>> index 00000000000..c81888b0021
>> --- /dev/null
>> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d
>> @@ -0,0 +1,25 @@
>> +#as: --gsframe
>> +#objdump: --sframe=.sframe
>> +#name: SFrame cfi_negate_ra_state_with_pc test
>> +#warning: Warning: skipping SFrame FDE; \.cfi_negate_ra_state_with_pc
>> +
>> +## The support for .cfi_negate_ra_state_with_pc is currently pending 
>> on SFrame
>> +## v3 (currently in development). The unimplemented support is 
>> reported to the
>> +## user as a warning. Then the handler returns an error that will 
>> cause no
>> +## creation of a SFrame FDE later (hence "Num FDEs: 0").
>> +## Note: this test will be expected to fail when the support of 
>> PAuth_LR in
>> +## SFrame will be added, so will have to be fixed.
>> +
>> +#...
>> +Contents of the SFrame section .sframe:
>> +
>> +  Header :
>> +
>> +    Version: SFRAME_VERSION_2
>> +    Flags: NONE
>> +    Num FDEs: 0
>> +    Num FREs: 0
>> +
>> +  Function Index :
>> +
>> +#pass
>> diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s b/ 
>> gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s
>> new file mode 100644
>> index 00000000000..5fec6740047
>> --- /dev/null
>> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s
>> @@ -0,0 +1,23 @@
>> +## ARMv9.5 enhanced the existing PAuth feature with a new extensio 
>> called
>> +## PAuth_LR. It aims at hardening the PAC in a signed return address. 
>> When
>> +## signing the return address in LR, the PC is used as a diversifier, in
>> +## addition to the SP to generate the PAC code.
>> +## As for PAuth, when the pointers are mangled with PAuth_LR, the 
>> stack trace
>> +## generator needs to know so it can mask off the PAC from the 
>> pointer value to
>> +## recover the return address, and conversely, skip doing so if the 
>> pointers are
>> +## not mangled.
>> +##
>> +## .cfi_negate_ra_state_with_pc CFI directive is used to convey this 
>> information.
>> +##
>> +## SFrame has currently no support for this. The support is expected 
>> in SFrame
>> +## v3. This testcase ensures that the directive is understood, and 
>> outputs
>> +## a warning to the user before failing to generate the FDE.
>> +    .cfi_startproc
>> +    .long 0
>> +    .cfi_def_cfa_offset 16
>> +    .cfi_negate_ra_state_with_pc
>> +    .long 0
>> +    .cfi_offset 29, -16
>> +    .cfi_offset 30, -8
>> +    .long 0
>> +    .cfi_endproc
>> diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp b/gas/ 
>> testsuite/gas/cfi-sframe/cfi-sframe.exp
>> index 1de2c9f8037..b119b9da73d 100644
>> --- a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
>> +++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
>> @@ -98,5 +98,6 @@ if { [istarget "aarch64*-*-*"] && 
>> [gas_sframe_check] } then {
>>       run_dump_test "cfi-sframe-aarch64-1"
>>       run_dump_test "cfi-sframe-aarch64-2"
>>       run_dump_test "cfi-sframe-aarch64-3"
>> +    run_dump_test "cfi-sframe-aarch64-4"
>>       run_dump_test "cfi-sframe-aarch64-pac-ab-key-1"
>>   }
> 

Re: [PATCH v3 3/4] aarch64 DWARF: add new CFI directive for PAuth_LR

[Thiago Jung Bauermann]

Hello,

Matthieu Longo <matthieu.longo@arm.com> writes:

> diff --git a/include/dwarf2.def b/include/dwarf2.def
> index 63cb35560e7..477b2ca20c0 100644
> --- a/include/dwarf2.def
> +++ b/include/dwarf2.def
> @@ -785,6 +785,8 @@ DW_CFA (DW_CFA_hi_user, 0x3f)
>
>  /* SGI/MIPS specific.  */
>  DW_CFA (DW_CFA_MIPS_advance_loc8, 0x1d)
> +/* AArch64 extensions. */
> +DW_CFA (DW_CFA_AARCH64_negate_ra_state_with_pc, 0x2c)
>  /* GNU extensions.
>     NOTE: DW_CFA_GNU_window_save is multiplexed on Sparc and AArch64.  */
>  DW_CFA (DW_CFA_GNU_window_save, 0x2d)

Would it be possible to send this part of the patch to GCC as well?

Currently building GCC for arm-eabi using a combined source tree is
failing with:

  CC       elf-eh-frame.lo
../../combined-tree-src/bfd/elf-eh-frame.c: In function ‘skip_cfa_op’:
../../combined-tree-src/bfd/elf-eh-frame.c:362:10: error: ‘DW_CFA_AARCH64_negate_ra_state_with_pc’ undeclared (first use in this function); did you mean ‘DW_CFA_AARCH64_negate_ra_state’?
  362 |     case DW_CFA_AARCH64_negate_ra_state_with_pc:
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |          DW_CFA_AARCH64_negate_ra_state
../../combined-tree-src/bfd/elf-eh-frame.c:362:10: note: each undeclared identifier is reported only once for each function it appears in
make[4]: *** [Makefile:1762: elf-eh-frame.lo] Error 1

When I apply the change above the build succeeds.

--
Thiago