[PATCH 0/5] SFrame: add support for .cfi_b_key_frame

[PATCH 0/5] SFrame: add support for .cfi_b_key_frame

[Indu Bhagat]

Hello,

This patchset adds support for handling the .cfi_b_key_frame assembler
directive to the SFrame format: SFrame format representation now allows to
encode which of the pauth A key / B key are used (for signing return
addresses on aarch64), and gas, readelf/objdump now allow for generation
and textual dump of this information.

Testing notes:

- Regression tested cross build of several targets on an x86_64 host and an
aarch64 host using a regression script that checks for failures in gas, ld,
binutils, libctf and libsframe.
- Regression tested native builds on x86_64 and aarch64.
- binutils/gdb try bot showed no new regressions.

PS: This patchset assumes that the SFrame support for .cfi_negate_ra_state is
in place already.  Please apply the recently sent "[PATCH 0/6] SFrame: support
for .cfi_negate_ra_state in aarch64" series prior to applying this series, if
you intend to experiment with this patchset.

Thanks,

Indu Bhagat (5):
  [1/5] sframe.h: add support for .cfi_b_key_frame
  [2/5] gas: sframe: add support for .cfi_b_key_frame
  [3/5] objdump/readelf: sframe: emit marker for SFrame FDE with B key
  [4/5] gas: sframe: testsuite: add testcase for .cfi_b_key_frame
  [5/5] sframe: doc: update documentation for pauth key in SFrame FDE

 gas/gen-sframe.c                              | 26 +++++++++++---
 gas/gen-sframe.h                              |  2 +-
 gas/sframe-opt.c                              |  3 ++
 .../cfi-sframe-aarch64-pac-ab-key-1.d         | 25 +++++++++++++
 .../cfi-sframe-aarch64-pac-ab-key-1.s         | 36 +++++++++++++++++++
 gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
 include/sframe.h                              | 25 +++++++++----
 libsframe/doc/sframe-spec.texi                |  8 ++++-
 libsframe/sframe-dump.c                       | 19 ++++++++++
 9 files changed, 133 insertions(+), 12 deletions(-)
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s

-- 
2.37.2

[PATCH 1/5] [1/5] sframe.h: add support for .cfi_b_key_frame

[Indu Bhagat]

ARM 8.3 provides five separate keys that can be used to authenticate
pointers. There are two key for executable (instruction) pointers. The
enum pointer_auth_key in gas/config/tc-aarch64.h currently holds two keys:
  enum pointer_auth_key {
    AARCH64_PAUTH_KEY_A,
    AARCH64_PAUTH_KEY_B
  };

Analogous to the above, in SFrame format V1, a bit is reserved in the SFrame
FDE to indicate which key is used for signing the frame's return addresses:
  - SFRAME_AARCH64_PAUTH_KEY_A has a value of 0
  - SFRAME_AARCH64_PAUTH_KEY_B has a value of 1

Note that the information in this bit will always be used along with the
mangled_ra_p bit, the latter indicates whether the return addresses are
mangled/contain PAC auth bits.

include/ChangeLog:

	* sframe.h (SFRAME_AARCH64_PAUTH_KEY_A): New definition.
	(SFRAME_AARCH64_PAUTH_KEY_B): Likewise.
	(SFRAME_V1_FUNC_INFO): Adjust to accommodate pauth_key.
	(SFRAME_V1_FUNC_PAUTH_KEY): New macro.
	(SFRAME_V1_FUNC_INFO_UPDATE_PAUTH_KEY): Likewise.
---
 include/sframe.h | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/include/sframe.h b/include/sframe.h
index b2bd41a724e..77071c99d90 100644
--- a/include/sframe.h
+++ b/include/sframe.h
@@ -165,6 +165,10 @@ typedef struct sframe_header
 #define SFRAME_V1_HDR_SIZE(sframe_hdr)	\
   ((sizeof (sframe_header) + (sframe_hdr).sfh_auxhdr_len))
 
+/* Two possible keys for executable (instruction) pointers signing.  */
+#define SFRAME_AARCH64_PAUTH_KEY_A    0 /* Key A.  */
+#define SFRAME_AARCH64_PAUTH_KEY_B    1 /* Key B.  */
+
 typedef struct sframe_func_desc_entry
 {
   /* Function start address.  Encoded as a signed offset, relative to the
@@ -181,21 +185,30 @@ typedef struct sframe_func_desc_entry
      function.
      - 4-bits: Identify the FRE type used for the function.
      - 1-bit: Identify the FDE type of the function - mask or inc.
-     - 3-bits: Unused.
-     --------------------------------------------
-     |     Unused    |  FDE type |   FRE type   |
-     --------------------------------------------
-     8               5           4              0     */
+     - 1-bit: PAC authorization A/B key (aarch64).
+     - 2-bits: Unused.
+     ------------------------------------------------------------------------
+     |     Unused    |  PAC auth A/B key (aarch64) |  FDE type |   FRE type   |
+     |               |        Unused (amd64)       |           |              |
+     ------------------------------------------------------------------------
+     8               6                             5           4              0     */
   uint8_t sfde_func_info;
 } ATTRIBUTE_PACKED sframe_func_desc_entry;
 
 /* Macros to compose and decompose function info in FDE.  */
 
+/* Note: Set PAC auth key to SFRAME_AARCH64_PAUTH_KEY_A by default.  */
 #define SFRAME_V1_FUNC_INFO(fde_type, fre_enc_type) \
-  ((((fde_type) & 0x1) << 4) | ((fre_enc_type) & 0xf))
+  (((SFRAME_AARCH64_PAUTH_KEY_A & 0x1) << 5) | \
+   (((fde_type) & 0x1) << 4) | ((fre_enc_type) & 0xf))
 
 #define SFRAME_V1_FUNC_FRE_TYPE(data)	  ((data) & 0xf)
 #define SFRAME_V1_FUNC_FDE_TYPE(data)	  (((data) >> 4) & 0x1)
+#define SFRAME_V1_FUNC_PAUTH_KEY(data)	  (((data) >> 5) & 0x1)
+
+/* Set the pauth key as indicated.  */
+#define SFRAME_V1_FUNC_INFO_UPDATE_PAUTH_KEY(pauth_key, fde_info) \
+  ((((pauth_key) & 0x1) << 5) | ((fde_info) & 0xdf))
 
 /* Size of stack frame offsets in an SFrame Frame Row Entry.  A single
    SFrame FRE has all offsets of the same size.  Offset size may vary
-- 
2.37.2

[PATCH 2/5] [2/5] gas: sframe: add support for .cfi_b_key_frame

[Indu Bhagat]

Gather the information from the DWARF FDE on whether frame's return
addresses are signed using the B key or A key.  Reflect the information in
the SFrame counterpart data structure, the SFrame FDE.

ChangeLog:

	* gas/gen-sframe.c (get_dw_fde_pauth_b_key_p): New definition.
	(sframe_v1_set_func_info): Add new argument for pauth_key.
	(sframe_set_func_info): Likewise.
	(output_sframe_funcdesc): Likewise.
	* gas/gen-sframe.h (struct sframe_version_ops): Add new argument
	  to the function pointer declaration.
	* gas/sframe-opt.c (sframe_convert_frag): Handle pauth_key.
---
 gas/gen-sframe.c | 26 ++++++++++++++++++++++----
 gas/gen-sframe.h |  2 +-
 gas/sframe-opt.c |  3 +++
 3 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/gas/gen-sframe.c b/gas/gen-sframe.c
index f31a66da377..5a642f9a683 100644
--- a/gas/gen-sframe.c
+++ b/gas/gen-sframe.c
@@ -106,6 +106,17 @@ get_dw_fde_end_addrS (const struct fde_entry *dw_fde)
   return dw_fde->end_address;
 }
 
+/* Get whether PAUTH B key is used.  */
+static bool
+get_dw_fde_pauth_b_key_p (const struct fde_entry *dw_fde ATTRIBUTE_UNUSED)
+{
+#ifdef tc_fde_entry_extras
+  return (dw_fde->pauth_key == AARCH64_PAUTH_KEY_B);
+#else
+  return false;
+#endif
+}
+
 /* SFrame Frame Row Entry (FRE) related functions.  */
 
 static void
@@ -253,10 +264,12 @@ sframe_v1_set_fre_info (unsigned int base_reg, unsigned int num_offsets,
 
 /* SFrame (SFRAME_VERSION_1) set function info.  */
 static unsigned char
-sframe_v1_set_func_info (unsigned int fde_type, unsigned int fre_type)
+sframe_v1_set_func_info (unsigned int fde_type, unsigned int fre_type,
+			 unsigned int pauth_key)
 {
   unsigned char func_info;
   func_info = SFRAME_V1_FUNC_INFO (fde_type, fre_type);
+  func_info = SFRAME_V1_FUNC_INFO_UPDATE_PAUTH_KEY (pauth_key, func_info);
   return func_info;
 }
 
@@ -285,9 +298,10 @@ sframe_set_fre_info (unsigned int base_reg, unsigned int num_offsets,
 /* SFrame set func info. */
 
 ATTRIBUTE_UNUSED static unsigned char
-sframe_set_func_info (unsigned int fde_type, unsigned int fre_type)
+sframe_set_func_info (unsigned int fde_type, unsigned int fre_type,
+		      unsigned int pauth_key)
 {
-  return sframe_ver_ops.set_func_info (fde_type, fre_type);
+  return sframe_ver_ops.set_func_info (fde_type, fre_type, pauth_key);
 }
 
 /* Get the number of SFrame FDEs for the current file.  */
@@ -544,6 +558,7 @@ output_sframe_funcdesc (symbolS *start_of_fre_section,
   expressionS exp;
   unsigned int addr_size;
   symbolS *dw_fde_start_addrS, *dw_fde_end_addrS;
+  unsigned int pauth_key;
 
   addr_size = SFRAME_RELOC_SIZE;
   dw_fde_start_addrS = get_dw_fde_start_addrS (sframe_fde->dw_fde);
@@ -575,8 +590,11 @@ output_sframe_funcdesc (symbolS *start_of_fre_section,
 
   /* SFrame FDE function info.  */
   unsigned char func_info;
+  pauth_key = (get_dw_fde_pauth_b_key_p (sframe_fde->dw_fde)
+	       ? SFRAME_AARCH64_PAUTH_KEY_B : SFRAME_AARCH64_PAUTH_KEY_A);
   func_info = sframe_set_func_info (SFRAME_FDE_TYPE_PCINC,
-				    SFRAME_FRE_TYPE_ADDR4);
+				    SFRAME_FRE_TYPE_ADDR4,
+				    pauth_key);
 #if SFRAME_FRE_TYPE_SELECTION_OPT
   expressionS cexp;
   create_func_info_exp (&cexp, dw_fde_end_addrS, dw_fde_start_addrS,
diff --git a/gas/gen-sframe.h b/gas/gen-sframe.h
index aa8be5df457..590bf7b505b 100644
--- a/gas/gen-sframe.h
+++ b/gas/gen-sframe.h
@@ -146,7 +146,7 @@ struct sframe_version_ops
   unsigned char (*set_fre_info) (unsigned int, unsigned int, unsigned int,
 				 bool);
   /* set SFrame Func info.  */
-  unsigned char (*set_func_info) (unsigned int, unsigned int);
+  unsigned char (*set_func_info) (unsigned int, unsigned int, unsigned int);
 };
 
 /* Generate SFrame unwind info and prepare contents for the output.
diff --git a/gas/sframe-opt.c b/gas/sframe-opt.c
index f08a424fd88..cf7ca5c1893 100644
--- a/gas/sframe-opt.c
+++ b/gas/sframe-opt.c
@@ -95,6 +95,7 @@ sframe_convert_frag (fragS *frag)
 
   offsetT rest_of_data;
   uint8_t fde_type, fre_type;
+  uint8_t pauth_key;
 
   expressionS *exp;
   symbolS *dataS;
@@ -116,6 +117,7 @@ sframe_convert_frag (fragS *frag)
       dataS = exp->X_add_symbol;
       rest_of_data = (symbol_get_value_expression(dataS))->X_add_number;
       fde_type = SFRAME_V1_FUNC_FDE_TYPE (rest_of_data);
+      pauth_key = SFRAME_V1_FUNC_PAUTH_KEY (rest_of_data);
       gas_assert (fde_type == SFRAME_FDE_TYPE_PCINC);
 
       /* Calculate the applicable fre_type.  */
@@ -130,6 +132,7 @@ sframe_convert_frag (fragS *frag)
 
       /* Create the new function info.  */
       value = SFRAME_V1_FUNC_INFO (fde_type, fre_type);
+      value = SFRAME_V1_FUNC_INFO_UPDATE_PAUTH_KEY (pauth_key, value);
 
       frag->fr_literal[frag->fr_fix] = value;
     }
-- 
2.37.2

[PATCH 3/5] [3/5] objdump/readelf: sframe: emit marker for SFrame FDE with B key

[Indu Bhagat]

ChangeLog:

	* libsframe/sframe-dump.c (is_sframe_abi_arch_aarch64): New
	definition.
	(dump_sframe_func_with_fres): emit a string if B key is used.
---
 libsframe/sframe-dump.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/libsframe/sframe-dump.c b/libsframe/sframe-dump.c
index 8e5cd6116ef..6c655655ab3 100644
--- a/libsframe/sframe-dump.c
+++ b/libsframe/sframe-dump.c
@@ -25,6 +25,21 @@
 
 #define SFRAME_HEADER_FLAGS_STR_MAX_LEN 50
 
+/* Return TRUE if the SFrame section is associated with the aarch64 ABIs.  */
+
+static bool
+is_sframe_abi_arch_aarch64 (sframe_decoder_ctx *sfd_ctx)
+{
+  bool aarch64_p = false;
+
+  unsigned char abi_arch = sframe_decoder_get_abi_arch (sfd_ctx);
+  if ((abi_arch == SFRAME_ABI_AARCH64_ENDIAN_BIG)
+      || (abi_arch == SFRAME_ABI_AARCH64_ENDIAN_LITTLE))
+    aarch64_p = true;
+
+  return aarch64_p;
+}
+
 static void
 dump_sframe_header (sframe_decoder_ctx *sfd_ctx)
 {
@@ -113,6 +128,10 @@ dump_sframe_func_with_fres (sframe_decoder_ctx *sfd_ctx,
 	  func_start_pc_vma,
 	  func_size);
 
+  if (is_sframe_abi_arch_aarch64 (sfd_ctx)
+      && (SFRAME_V1_FUNC_PAUTH_KEY (func_info) == SFRAME_AARCH64_PAUTH_KEY_B))
+    printf (", pauth = B key");
+
   char temp[100];
   memset (temp, 0, 100);
 
-- 
2.37.2

[PATCH 4/5] [4/5] gas: sframe: testsuite: add testcase for .cfi_b_key_frame

[Indu Bhagat]

This is actually a composite test that checks the behaviour of both the
.cfi_negate_ra_state and .cfi_b_key_frame directives on aarch64.

ChangeLog:

	* testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d:
	New test.
	* testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s:
	Likewise.
	* testsuite/gas/cfi-sframe/cfi-sframe.exp: Run new test.
---
 .../cfi-sframe-aarch64-pac-ab-key-1.d         | 25 +++++++++++++
 .../cfi-sframe-aarch64-pac-ab-key-1.s         | 36 +++++++++++++++++++
 gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
 3 files changed, 62 insertions(+)
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s

diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d
new file mode 100644
index 00000000000..46d932f9db7
--- /dev/null
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d
@@ -0,0 +1,25 @@
+#as: --gsframe
+#objdump: --sframe=.sframe
+#name: SFrame cfi_b_key_frame and cfi_negate_ra_state composite test
+#...
+Contents of the SFrame section .sframe:
+
+  Header :
+
+    Version: SFRAME_VERSION_1
+    Flags: NONE
+    Num FDEs: 2
+    Num FREs: 4
+
+  Function Index :
+    func idx \[0\]: pc = 0x0, size = 12 bytes
+    STARTPC + CFA + FP + RA +
+    0+0000 +sp\+0 +u +u +
+    0+0008 +sp\+16 +c-16 +c-8\[s\] +
+
+    func idx \[1\]: pc = 0x0, size = 20 bytes, pauth = B key
+    STARTPC + CFA + FP +  RA +
+    0+0000 +sp\+0 +u +u +
+    0+0008 +sp\+16 +c-16 +c-8\[s\] +
+
+#pass
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
new file mode 100644
index 00000000000..d9a408c668c
--- /dev/null
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
@@ -0,0 +1,36 @@
+## same as aarch64/pac_ab_key.s
+	.arch armv8-a
+	.text
+	.align	2
+	.global	_Z5foo_av
+	.type	_Z5foo_av, %function
+_Z5foo_av:
+.LFB0:
+	.cfi_startproc
+	hint	25 // paciasp
+	.cfi_window_save
+	stp	x29, x30, [sp, -16]!
+	.cfi_def_cfa_offset 16
+	.cfi_offset 29, -16
+	.cfi_offset 30, -8
+        ret
+	.cfi_endproc
+.LFE0:
+	.size	_Z5foo_av, .-_Z5foo_av
+	.align	2
+	.global	_Z5foo_bv
+	.type	_Z5foo_bv, %function
+_Z5foo_bv:
+.LFB1:
+	.cfi_startproc
+	.cfi_b_key_frame
+	hint	27 // pacibsp
+	.cfi_window_save
+	stp	x29, x30, [sp, -16]!
+	.cfi_def_cfa_offset 16
+	.cfi_offset 29, -16
+	.cfi_offset 30, -8
+	nop
+	nop
+        ret
+	.cfi_endproc
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
index f001fad0e8e..fa153fc52b3 100644
--- a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
@@ -97,4 +97,5 @@ if { [istarget "x86_64-*-*"] && [gas_sframe_check] } then {
 if { [istarget "aarch64*-*-*"] && [gas_sframe_check] } then {
     run_dump_test "cfi-sframe-aarch64-1"
     run_dump_test "cfi-sframe-aarch64-2"
+    run_dump_test "cfi-sframe-aarch64-pac-ab-key-1"
 }
-- 
2.37.2

[PATCH 5/5] [5/5] sframe: doc: update documentation for pauth key in SFrame FDE

[Indu Bhagat]

ChangeLog:

	* libsframe/doc/sframe-spec.texi
---
 libsframe/doc/sframe-spec.texi | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libsframe/doc/sframe-spec.texi b/libsframe/doc/sframe-spec.texi
index fa66d801dd3..345b8f93036 100644
--- a/libsframe/doc/sframe-spec.texi
+++ b/libsframe/doc/sframe-spec.texi
@@ -398,10 +398,16 @@ The info word is a bitfield split into three parts.  From MSB to LSB:
 
 @multitable {Bit offset} {@code{isroot}} {Length of variable-length data for this type (some kinds only).}
 @headitem Bit offset @tab Name @tab Description
-@item 7--5
+@item 7--6
 @tab @code{unused}
 @tab Unused bits.
 
+@item 5
+@tab @code{pauth_key}
+@tab Specify which key is used for signing the return addresses in the SFrame
+FDE.  Two possible values: SFRAME_AARCH64_PAUTH_KEY_A (0) or
+SFRAME_AARCH64_PAUTH_KEY_B (1).
+
 @item 4
 @tab @code{fdetype}
 @tab SFRAME_FDE_TYPE_PCMASK (1) or SFRAME_FDE_TYPE_PCINC (0). @xref{The SFrame FDE types}.
-- 
2.37.2

Re: [PATCH 0/5] SFrame: add support for .cfi_b_key_frame

[Nick Clifton]

Hi Indu,

> - Regression tested cross build of several targets on an x86_64 host and an
> aarch64 host using a regression script that checks for failures in gas, ld,
> binutils, libctf and libsframe.

With this patch series applied on top of today's (19 dec) sources I see one
new failure in the gas testsuite for a toolchain configured as aarch64-linux-gnu:

   regexp_diff match failure
   regexp "^    Num FREs: 4$"
   line   "    Num FREs: 6"
   regexp_diff match failure
   regexp "^    0+0008 +sp\+16 +c-16 +c-8\[s\] +$"
   line   "    0000000000000004  sp+0      u         u[s]         "
   regexp_diff match failure
   regexp "^    func idx \[1\]: pc = 0x0, size = 20 bytes, pauth = B key$"
   line   "    0000000000000008  sp+16     c-16      c-8[s]       "
   regexp_diff match failure
   regexp "^    STARTPC + CFA + FP +  RA +$"
   line   "    func idx [1]: pc = 0x0, size = 20 bytes, pauth = B key"
   regexp_diff match failure
   regexp "^    0+0000 +sp\+0 +u +u +$"
   line   "    STARTPC         CFA       FP        RA           "
   regexp_diff match failure
   regexp "^    0+0008 +sp\+16 +c-16 +c-8\[s\] +$"
   line   "    0000000000000000  sp+0      u         u            "
   FAIL: SFrame cfi_b_key_frame and cfi_negate_ra_state composite test

Possibly this is because another patch needs to be applied first ?  Please could
you check and let me know.

Cheers
   Nick

Re: [PATCH 0/5] SFrame: add support for .cfi_b_key_frame

[Indu Bhagat]

On 12/19/22 7:36 AM, Nick Clifton wrote:
> Hi Indu,
> 
>> - Regression tested cross build of several targets on an x86_64 host 
>> and an
>> aarch64 host using a regression script that checks for failures in 
>> gas, ld,
>> binutils, libctf and libsframe.
> 
> With this patch series applied on top of today's (19 dec) sources I see one
> new failure in the gas testsuite for a toolchain configured as 
> aarch64-linux-gnu:
> 
>    regexp_diff match failure
>    regexp "^    Num FREs: 4$"
>    line   "    Num FREs: 6"
>    regexp_diff match failure
>    regexp "^    0+0008 +sp\+16 +c-16 +c-8\[s\] +$"
>    line   "    0000000000000004  sp+0      u         u[s]         "
>    regexp_diff match failure
>    regexp "^    func idx \[1\]: pc = 0x0, size = 20 bytes, pauth = B key$"
>    line   "    0000000000000008  sp+16     c-16      c-8[s]       "
>    regexp_diff match failure
>    regexp "^    STARTPC + CFA + FP +  RA +$"
>    line   "    func idx [1]: pc = 0x0, size = 20 bytes, pauth = B key"
>    regexp_diff match failure
>    regexp "^    0+0000 +sp\+0 +u +u +$"
>    line   "    STARTPC         CFA       FP        RA           "
>    regexp_diff match failure
>    regexp "^    0+0008 +sp\+16 +c-16 +c-8\[s\] +$"
>    line   "    0000000000000000  sp+0      u         u            "
>    FAIL: SFrame cfi_b_key_frame and cfi_negate_ra_state composite test
> 
> Possibly this is because another patch needs to be applied first ?  
> Please could
> you check and let me know.
> 

This series now needs to be rebased with some changes to the testsuite 
necessary.  This is because the V2 version of the series which added 
support for .cfi_negate_ra_state was committed with "[s]" being emitted 
when RA is in register or stack.

Will rebase, post V2 after retesting.

Thanks
Indu

[COMMITTED, V2 0/5] SFrame: add support for .cfi_b_key_frame

[Indu Bhagat]

[Changes from V1]
  - Rebased on latest trunk.
  - Fixed the testcase as we now emit "[s]" marker for both mangled RA in
  register and stack.
[End of changes in V1]

Thanks

----------------------

Hello,

This patchset adds support for handling the .cfi_b_key_frame assembler
directive to the SFrame format: SFrame format representation now allows to
encode which of the pauth A key / B key are used (for signing return
addresses on aarch64), and gas, readelf/objdump now allow for generation
and textual dump of this information.

Testing notes:

- Regression tested cross build of several targets on an x86_64 host and an
aarch64 host using a regression script that checks for failures in gas, ld,
binutils, libctf and libsframe.
- Regression tested native builds on x86_64 and aarch64.
- binutils/gdb try bot showed no new regressions.

Thanks,
Indu Bhagat (5):
  [1/5] sframe.h: add support for .cfi_b_key_frame
  [2/5] gas: sframe: add support for .cfi_b_key_frame
  [3/5] objdump/readelf: sframe: emit marker for SFrame FDE with B key
  [4/5] gas: sframe: testsuite: add testcase for .cfi_b_key_frame
  [5/5] sframe: doc: update documentation for pauth key in SFrame FDE

 gas/gen-sframe.c                              | 26 +++++++++++---
 gas/gen-sframe.h                              |  2 +-
 gas/sframe-opt.c                              |  3 ++
 .../cfi-sframe-aarch64-pac-ab-key-1.d         | 27 ++++++++++++++
 .../cfi-sframe-aarch64-pac-ab-key-1.s         | 36 +++++++++++++++++++
 gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
 include/sframe.h                              | 25 +++++++++----
 libsframe/doc/sframe-spec.texi                |  8 ++++-
 libsframe/sframe-dump.c                       | 19 ++++++++++
 9 files changed, 135 insertions(+), 12 deletions(-)
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s

-- 
2.37.2

[COMMITTED, V2 1/5] [1/5] sframe.h: add support for .cfi_b_key_frame

[Indu Bhagat]

[No changes in V2]

ARM 8.3 provides five separate keys that can be used to authenticate
pointers. There are two keys for executable (instruction) pointers. The
enum pointer_auth_key in gas/config/tc-aarch64.h currently holds two keys:
  enum pointer_auth_key {
    AARCH64_PAUTH_KEY_A,
    AARCH64_PAUTH_KEY_B
  };

Analogous to the above, in SFrame format V1, a bit is reserved in the SFrame
FDE to indicate which key is used for signing the frame's return addresses:
  - SFRAME_AARCH64_PAUTH_KEY_A has a value of 0
  - SFRAME_AARCH64_PAUTH_KEY_B has a value of 1

Note that the information in this bit will always be used along with the
mangled_ra_p bit, the latter indicates whether the return addresses are
mangled/contain PAC auth bits.

include/ChangeLog:

	* sframe.h (SFRAME_AARCH64_PAUTH_KEY_A): New definition.
	(SFRAME_AARCH64_PAUTH_KEY_B): Likewise.
	(SFRAME_V1_FUNC_INFO): Adjust to accommodate pauth_key.
	(SFRAME_V1_FUNC_PAUTH_KEY): New macro.
	(SFRAME_V1_FUNC_INFO_UPDATE_PAUTH_KEY): Likewise.
---
 include/sframe.h | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/include/sframe.h b/include/sframe.h
index b2bd41a724e..1d0c12058ac 100644
--- a/include/sframe.h
+++ b/include/sframe.h
@@ -165,6 +165,10 @@ typedef struct sframe_header
 #define SFRAME_V1_HDR_SIZE(sframe_hdr)	\
   ((sizeof (sframe_header) + (sframe_hdr).sfh_auxhdr_len))
 
+/* Two possible keys for executable (instruction) pointers signing.  */
+#define SFRAME_AARCH64_PAUTH_KEY_A    0 /* Key A.  */
+#define SFRAME_AARCH64_PAUTH_KEY_B    1 /* Key B.  */
+
 typedef struct sframe_func_desc_entry
 {
   /* Function start address.  Encoded as a signed offset, relative to the
@@ -181,21 +185,30 @@ typedef struct sframe_func_desc_entry
      function.
      - 4-bits: Identify the FRE type used for the function.
      - 1-bit: Identify the FDE type of the function - mask or inc.
-     - 3-bits: Unused.
-     --------------------------------------------
-     |     Unused    |  FDE type |   FRE type   |
-     --------------------------------------------
-     8               5           4              0     */
+     - 1-bit: PAC authorization A/B key (aarch64).
+     - 2-bits: Unused.
+     --------------------------------------------------------------------------
+     |     Unused    |  PAC auth A/B key (aarch64) |  FDE type |   FRE type   |
+     |               |        Unused (amd64)       |           |              |
+     --------------------------------------------------------------------------
+     8               6                             5           4              0     */
   uint8_t sfde_func_info;
 } ATTRIBUTE_PACKED sframe_func_desc_entry;
 
 /* Macros to compose and decompose function info in FDE.  */
 
+/* Note: Set PAC auth key to SFRAME_AARCH64_PAUTH_KEY_A by default.  */
 #define SFRAME_V1_FUNC_INFO(fde_type, fre_enc_type) \
-  ((((fde_type) & 0x1) << 4) | ((fre_enc_type) & 0xf))
+  (((SFRAME_AARCH64_PAUTH_KEY_A & 0x1) << 5) | \
+   (((fde_type) & 0x1) << 4) | ((fre_enc_type) & 0xf))
 
 #define SFRAME_V1_FUNC_FRE_TYPE(data)	  ((data) & 0xf)
 #define SFRAME_V1_FUNC_FDE_TYPE(data)	  (((data) >> 4) & 0x1)
+#define SFRAME_V1_FUNC_PAUTH_KEY(data)	  (((data) >> 5) & 0x1)
+
+/* Set the pauth key as indicated.  */
+#define SFRAME_V1_FUNC_INFO_UPDATE_PAUTH_KEY(pauth_key, fde_info) \
+  ((((pauth_key) & 0x1) << 5) | ((fde_info) & 0xdf))
 
 /* Size of stack frame offsets in an SFrame Frame Row Entry.  A single
    SFrame FRE has all offsets of the same size.  Offset size may vary
-- 
2.37.2

[COMMITTED, V2 2/5] [2/5] gas: sframe: add support for .cfi_b_key_frame

[Indu Bhagat]

[No changes in V2]

Gather the information from the DWARF FDE on whether frame's return
addresses are signed using the B key or A key.  Reflect the information in
the SFrame counterpart data structure, the SFrame FDE.

ChangeLog:

	* gas/gen-sframe.c (get_dw_fde_pauth_b_key_p): New definition.
	(sframe_v1_set_func_info): Add new argument for pauth_key.
	(sframe_set_func_info): Likewise.
	(output_sframe_funcdesc): Likewise.
	* gas/gen-sframe.h (struct sframe_version_ops): Add new argument
	to the function pointer declaration.
	* gas/sframe-opt.c (sframe_convert_frag): Handle pauth_key.
---
 gas/gen-sframe.c | 26 ++++++++++++++++++++++----
 gas/gen-sframe.h |  2 +-
 gas/sframe-opt.c |  3 +++
 3 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/gas/gen-sframe.c b/gas/gen-sframe.c
index 9baf20bd873..76f8529d740 100644
--- a/gas/gen-sframe.c
+++ b/gas/gen-sframe.c
@@ -106,6 +106,17 @@ get_dw_fde_end_addrS (const struct fde_entry *dw_fde)
   return dw_fde->end_address;
 }
 
+/* Get whether PAUTH B key is used.  */
+static bool
+get_dw_fde_pauth_b_key_p (const struct fde_entry *dw_fde ATTRIBUTE_UNUSED)
+{
+#ifdef tc_fde_entry_extras
+  return (dw_fde->pauth_key == AARCH64_PAUTH_KEY_B);
+#else
+  return false;
+#endif
+}
+
 /* SFrame Frame Row Entry (FRE) related functions.  */
 
 static void
@@ -253,10 +264,12 @@ sframe_v1_set_fre_info (unsigned int base_reg, unsigned int num_offsets,
 
 /* SFrame (SFRAME_VERSION_1) set function info.  */
 static unsigned char
-sframe_v1_set_func_info (unsigned int fde_type, unsigned int fre_type)
+sframe_v1_set_func_info (unsigned int fde_type, unsigned int fre_type,
+			 unsigned int pauth_key)
 {
   unsigned char func_info;
   func_info = SFRAME_V1_FUNC_INFO (fde_type, fre_type);
+  func_info = SFRAME_V1_FUNC_INFO_UPDATE_PAUTH_KEY (pauth_key, func_info);
   return func_info;
 }
 
@@ -285,9 +298,10 @@ sframe_set_fre_info (unsigned int base_reg, unsigned int num_offsets,
 /* SFrame set func info. */
 
 ATTRIBUTE_UNUSED static unsigned char
-sframe_set_func_info (unsigned int fde_type, unsigned int fre_type)
+sframe_set_func_info (unsigned int fde_type, unsigned int fre_type,
+		      unsigned int pauth_key)
 {
-  return sframe_ver_ops.set_func_info (fde_type, fre_type);
+  return sframe_ver_ops.set_func_info (fde_type, fre_type, pauth_key);
 }
 
 /* Get the number of SFrame FDEs for the current file.  */
@@ -544,6 +558,7 @@ output_sframe_funcdesc (symbolS *start_of_fre_section,
   expressionS exp;
   unsigned int addr_size;
   symbolS *dw_fde_start_addrS, *dw_fde_end_addrS;
+  unsigned int pauth_key;
 
   addr_size = SFRAME_RELOC_SIZE;
   dw_fde_start_addrS = get_dw_fde_start_addrS (sframe_fde->dw_fde);
@@ -575,8 +590,11 @@ output_sframe_funcdesc (symbolS *start_of_fre_section,
 
   /* SFrame FDE function info.  */
   unsigned char func_info;
+  pauth_key = (get_dw_fde_pauth_b_key_p (sframe_fde->dw_fde)
+	       ? SFRAME_AARCH64_PAUTH_KEY_B : SFRAME_AARCH64_PAUTH_KEY_A);
   func_info = sframe_set_func_info (SFRAME_FDE_TYPE_PCINC,
-				    SFRAME_FRE_TYPE_ADDR4);
+				    SFRAME_FRE_TYPE_ADDR4,
+				    pauth_key);
 #if SFRAME_FRE_TYPE_SELECTION_OPT
   expressionS cexp;
   create_func_info_exp (&cexp, dw_fde_end_addrS, dw_fde_start_addrS,
diff --git a/gas/gen-sframe.h b/gas/gen-sframe.h
index 5d5702a57ca..eb43c3a07a5 100644
--- a/gas/gen-sframe.h
+++ b/gas/gen-sframe.h
@@ -146,7 +146,7 @@ struct sframe_version_ops
   unsigned char (*set_fre_info) (unsigned int, unsigned int, unsigned int,
 				 bool);
   /* set SFrame Func info.  */
-  unsigned char (*set_func_info) (unsigned int, unsigned int);
+  unsigned char (*set_func_info) (unsigned int, unsigned int, unsigned int);
 };
 
 /* Generate SFrame unwind info and prepare contents for the output.
diff --git a/gas/sframe-opt.c b/gas/sframe-opt.c
index f08a424fd88..cf7ca5c1893 100644
--- a/gas/sframe-opt.c
+++ b/gas/sframe-opt.c
@@ -95,6 +95,7 @@ sframe_convert_frag (fragS *frag)
 
   offsetT rest_of_data;
   uint8_t fde_type, fre_type;
+  uint8_t pauth_key;
 
   expressionS *exp;
   symbolS *dataS;
@@ -116,6 +117,7 @@ sframe_convert_frag (fragS *frag)
       dataS = exp->X_add_symbol;
       rest_of_data = (symbol_get_value_expression(dataS))->X_add_number;
       fde_type = SFRAME_V1_FUNC_FDE_TYPE (rest_of_data);
+      pauth_key = SFRAME_V1_FUNC_PAUTH_KEY (rest_of_data);
       gas_assert (fde_type == SFRAME_FDE_TYPE_PCINC);
 
       /* Calculate the applicable fre_type.  */
@@ -130,6 +132,7 @@ sframe_convert_frag (fragS *frag)
 
       /* Create the new function info.  */
       value = SFRAME_V1_FUNC_INFO (fde_type, fre_type);
+      value = SFRAME_V1_FUNC_INFO_UPDATE_PAUTH_KEY (pauth_key, value);
 
       frag->fr_literal[frag->fr_fix] = value;
     }
-- 
2.37.2

[COMMITTED, V2 3/5] [3/5] objdump/readelf: sframe: emit marker for SFrame FDE with B key

[Indu Bhagat]

[No changes in V2]

ChangeLog:

	* libsframe/sframe-dump.c (is_sframe_abi_arch_aarch64): New
	definition.
	(dump_sframe_func_with_fres): emit a string if B key is used.
---
 libsframe/sframe-dump.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/libsframe/sframe-dump.c b/libsframe/sframe-dump.c
index 5f778bee338..c00ff401685 100644
--- a/libsframe/sframe-dump.c
+++ b/libsframe/sframe-dump.c
@@ -25,6 +25,21 @@
 
 #define SFRAME_HEADER_FLAGS_STR_MAX_LEN 50
 
+/* Return TRUE if the SFrame section is associated with the aarch64 ABIs.  */
+
+static bool
+is_sframe_abi_arch_aarch64 (sframe_decoder_ctx *sfd_ctx)
+{
+  bool aarch64_p = false;
+
+  unsigned char abi_arch = sframe_decoder_get_abi_arch (sfd_ctx);
+  if ((abi_arch == SFRAME_ABI_AARCH64_ENDIAN_BIG)
+      || (abi_arch == SFRAME_ABI_AARCH64_ENDIAN_LITTLE))
+    aarch64_p = true;
+
+  return aarch64_p;
+}
+
 static void
 dump_sframe_header (sframe_decoder_ctx *sfd_ctx)
 {
@@ -113,6 +128,10 @@ dump_sframe_func_with_fres (sframe_decoder_ctx *sfd_ctx,
 	  func_start_pc_vma,
 	  func_size);
 
+  if (is_sframe_abi_arch_aarch64 (sfd_ctx)
+      && (SFRAME_V1_FUNC_PAUTH_KEY (func_info) == SFRAME_AARCH64_PAUTH_KEY_B))
+    printf (", pauth = B key");
+
   char temp[100];
   memset (temp, 0, 100);
 
-- 
2.37.2

[COMMITTED, V2 4/5] [4/5] gas: sframe: testsuite: add testcase for .cfi_b_key_frame

[Indu Bhagat]

[Changes in V2]
  - Adjust the testcase as we now emit "[s]" marker when the return
  address in either reg / stack is mangled.
[End of changes in V2]

This is actually a composite test that checks the behaviour of both the
.cfi_negate_ra_state and .cfi_b_key_frame directives on aarch64.

ChangeLog:

	* testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d:
	New test.
	* testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s:
	Likewise.
	* testsuite/gas/cfi-sframe/cfi-sframe.exp: Run new test.
---
 .../cfi-sframe-aarch64-pac-ab-key-1.d         | 27 ++++++++++++++
 .../cfi-sframe-aarch64-pac-ab-key-1.s         | 36 +++++++++++++++++++
 gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
 3 files changed, 64 insertions(+)
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s

diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d
new file mode 100644
index 00000000000..666a94101ab
--- /dev/null
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d
@@ -0,0 +1,27 @@
+#as: --gsframe
+#objdump: --sframe=.sframe
+#name: SFrame cfi_b_key_frame and cfi_negate_ra_state composite test
+#...
+Contents of the SFrame section .sframe:
+
+  Header :
+
+    Version: SFRAME_VERSION_1
+    Flags: NONE
+    Num FDEs: 2
+    Num FREs: 6
+
+  Function Index :
+    func idx \[0\]: pc = 0x0, size = 12 bytes
+    STARTPC + CFA + FP + RA +
+    0+0000 +sp\+0 +u +u +
+    0+0004 +sp\+0 +u +u\[s\] +
+    0+0008 +sp\+16 +c-16 +c-8\[s\] +
+
+    func idx \[1\]: pc = 0x0, size = 20 bytes, pauth = B key
+    STARTPC + CFA + FP +  RA +
+    0+0000 +sp\+0 +u +u +
+    0+0004 +sp\+0 +u +u\[s\] +
+    0+0008 +sp\+16 +c-16 +c-8\[s\] +
+
+#pass
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
new file mode 100644
index 00000000000..d9a408c668c
--- /dev/null
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
@@ -0,0 +1,36 @@
+## same as aarch64/pac_ab_key.s
+	.arch armv8-a
+	.text
+	.align	2
+	.global	_Z5foo_av
+	.type	_Z5foo_av, %function
+_Z5foo_av:
+.LFB0:
+	.cfi_startproc
+	hint	25 // paciasp
+	.cfi_window_save
+	stp	x29, x30, [sp, -16]!
+	.cfi_def_cfa_offset 16
+	.cfi_offset 29, -16
+	.cfi_offset 30, -8
+        ret
+	.cfi_endproc
+.LFE0:
+	.size	_Z5foo_av, .-_Z5foo_av
+	.align	2
+	.global	_Z5foo_bv
+	.type	_Z5foo_bv, %function
+_Z5foo_bv:
+.LFB1:
+	.cfi_startproc
+	.cfi_b_key_frame
+	hint	27 // pacibsp
+	.cfi_window_save
+	stp	x29, x30, [sp, -16]!
+	.cfi_def_cfa_offset 16
+	.cfi_offset 29, -16
+	.cfi_offset 30, -8
+	nop
+	nop
+        ret
+	.cfi_endproc
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
index f001fad0e8e..fa153fc52b3 100644
--- a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
@@ -97,4 +97,5 @@ if { [istarget "x86_64-*-*"] && [gas_sframe_check] } then {
 if { [istarget "aarch64*-*-*"] && [gas_sframe_check] } then {
     run_dump_test "cfi-sframe-aarch64-1"
     run_dump_test "cfi-sframe-aarch64-2"
+    run_dump_test "cfi-sframe-aarch64-pac-ab-key-1"
 }
-- 
2.37.2

[COMMITTED, V2 5/5] [5/5] sframe: doc: update documentation for pauth key in SFrame FDE

[Indu Bhagat]

[No changes in V2]

ChangeLog:

	* libsframe/doc/sframe-spec.texi
---
 libsframe/doc/sframe-spec.texi | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libsframe/doc/sframe-spec.texi b/libsframe/doc/sframe-spec.texi
index fa66d801dd3..345b8f93036 100644
--- a/libsframe/doc/sframe-spec.texi
+++ b/libsframe/doc/sframe-spec.texi
@@ -398,10 +398,16 @@ The info word is a bitfield split into three parts.  From MSB to LSB:
 
 @multitable {Bit offset} {@code{isroot}} {Length of variable-length data for this type (some kinds only).}
 @headitem Bit offset @tab Name @tab Description
-@item 7--5
+@item 7--6
 @tab @code{unused}
 @tab Unused bits.
 
+@item 5
+@tab @code{pauth_key}
+@tab Specify which key is used for signing the return addresses in the SFrame
+FDE.  Two possible values: SFRAME_AARCH64_PAUTH_KEY_A (0) or
+SFRAME_AARCH64_PAUTH_KEY_B (1).
+
 @item 4
 @tab @code{fdetype}
 @tab SFRAME_FDE_TYPE_PCMASK (1) or SFRAME_FDE_TYPE_PCINC (0). @xref{The SFrame FDE types}.
-- 
2.37.2

Re: [COMMITTED, V2 0/5] SFrame: add support for .cfi_b_key_frame

[Indu Bhagat]

Er..no. This series is not committed yet. I meant to send this as 
[PATCH, V2] for approval before commit.

Sending another email with the correct subject.

Sorry about this
Indu

On 12/19/22 12:23 PM, Indu Bhagat wrote:
> [Changes from V1]
>    - Rebased on latest trunk.
>    - Fixed the testcase as we now emit "[s]" marker for both mangled RA in
>    register and stack.
> [End of changes in V1]
> 
> Thanks
> 
> ----------------------
> 
> Hello,
> 
> This patchset adds support for handling the .cfi_b_key_frame assembler
> directive to the SFrame format: SFrame format representation now allows to
> encode which of the pauth A key / B key are used (for signing return
> addresses on aarch64), and gas, readelf/objdump now allow for generation
> and textual dump of this information.
> 
> Testing notes:
> 
> - Regression tested cross build of several targets on an x86_64 host and an
> aarch64 host using a regression script that checks for failures in gas, ld,
> binutils, libctf and libsframe.
> - Regression tested native builds on x86_64 and aarch64.
> - binutils/gdb try bot showed no new regressions.
> 
> Thanks,
> Indu Bhagat (5):
>    [1/5] sframe.h: add support for .cfi_b_key_frame
>    [2/5] gas: sframe: add support for .cfi_b_key_frame
>    [3/5] objdump/readelf: sframe: emit marker for SFrame FDE with B key
>    [4/5] gas: sframe: testsuite: add testcase for .cfi_b_key_frame
>    [5/5] sframe: doc: update documentation for pauth key in SFrame FDE
> 
>   gas/gen-sframe.c                              | 26 +++++++++++---
>   gas/gen-sframe.h                              |  2 +-
>   gas/sframe-opt.c                              |  3 ++
>   .../cfi-sframe-aarch64-pac-ab-key-1.d         | 27 ++++++++++++++
>   .../cfi-sframe-aarch64-pac-ab-key-1.s         | 36 +++++++++++++++++++
>   gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
>   include/sframe.h                              | 25 +++++++++----
>   libsframe/doc/sframe-spec.texi                |  8 ++++-
>   libsframe/sframe-dump.c                       | 19 ++++++++++
>   9 files changed, 135 insertions(+), 12 deletions(-)
>   create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d
>   create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
> 

[PATCH, V2 0/5] SFrame: add support for .cfi_b_key_frame

[Indu Bhagat]

[Changes from V1]
  - Rebased on latest trunk.
  - Fixed the testcase as we now emit "[s]" marker for both mangled RA in
  register and stack.
[End of changes in V1]

Thanks

----------------------

Hello,

This patchset adds support for handling the .cfi_b_key_frame assembler
directive to the SFrame format: SFrame format representation now allows to
encode which of the pauth A key / B key are used (for signing return
addresses on aarch64), and gas, readelf/objdump now allow for generation
and textual dump of this information.

Testing notes:

- Regression tested cross build of several targets on an x86_64 host and an
aarch64 host using a regression script that checks for failures in gas, ld,
binutils, libctf and libsframe.
- Regression tested native builds on x86_64 and aarch64.
- binutils/gdb try bot showed no new regressions.

Thanks,
Indu Bhagat (5):
  [1/5] sframe.h: add support for .cfi_b_key_frame
  [2/5] gas: sframe: add support for .cfi_b_key_frame
  [3/5] objdump/readelf: sframe: emit marker for SFrame FDE with B key
  [4/5] gas: sframe: testsuite: add testcase for .cfi_b_key_frame
  [5/5] sframe: doc: update documentation for pauth key in SFrame FDE

 gas/gen-sframe.c                              | 26 +++++++++++---
 gas/gen-sframe.h                              |  2 +-
 gas/sframe-opt.c                              |  3 ++
 .../cfi-sframe-aarch64-pac-ab-key-1.d         | 27 ++++++++++++++
 .../cfi-sframe-aarch64-pac-ab-key-1.s         | 36 +++++++++++++++++++
 gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
 include/sframe.h                              | 25 +++++++++----
 libsframe/doc/sframe-spec.texi                |  8 ++++-
 libsframe/sframe-dump.c                       | 19 ++++++++++
 9 files changed, 135 insertions(+), 12 deletions(-)
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s

-- 
2.37.2

[PATCH, V2 1/5] [1/5] sframe.h: add support for .cfi_b_key_frame

[Indu Bhagat]

[No changes in V2]

ARM 8.3 provides five separate keys that can be used to authenticate
pointers. There are two key for executable (instruction) pointers. The
enum pointer_auth_key in gas/config/tc-aarch64.h currently holds two keys:
  enum pointer_auth_key {
    AARCH64_PAUTH_KEY_A,
    AARCH64_PAUTH_KEY_B
  };

Analogous to the above, in SFrame format V1, a bit is reserved in the SFrame
FDE to indicate which key is used for signing the frame's return addresses:
  - SFRAME_AARCH64_PAUTH_KEY_A has a value of 0
  - SFRAME_AARCH64_PAUTH_KEY_B has a value of 1

Note that the information in this bit will always be used along with the
mangled_ra_p bit, the latter indicates whether the return addresses are
mangled/contain PAC auth bits.

include/ChangeLog:

	* sframe.h (SFRAME_AARCH64_PAUTH_KEY_A): New definition.
	(SFRAME_AARCH64_PAUTH_KEY_B): Likewise.
	(SFRAME_V1_FUNC_INFO): Adjust to accommodate pauth_key.
	(SFRAME_V1_FUNC_PAUTH_KEY): New macro.
	(SFRAME_V1_FUNC_INFO_UPDATE_PAUTH_KEY): Likewise.
---
 include/sframe.h | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/include/sframe.h b/include/sframe.h
index b2bd41a724e..77071c99d90 100644
--- a/include/sframe.h
+++ b/include/sframe.h
@@ -165,6 +165,10 @@ typedef struct sframe_header
 #define SFRAME_V1_HDR_SIZE(sframe_hdr)	\
   ((sizeof (sframe_header) + (sframe_hdr).sfh_auxhdr_len))
 
+/* Two possible keys for executable (instruction) pointers signing.  */
+#define SFRAME_AARCH64_PAUTH_KEY_A    0 /* Key A.  */
+#define SFRAME_AARCH64_PAUTH_KEY_B    1 /* Key B.  */
+
 typedef struct sframe_func_desc_entry
 {
   /* Function start address.  Encoded as a signed offset, relative to the
@@ -181,21 +185,30 @@ typedef struct sframe_func_desc_entry
      function.
      - 4-bits: Identify the FRE type used for the function.
      - 1-bit: Identify the FDE type of the function - mask or inc.
-     - 3-bits: Unused.
-     --------------------------------------------
-     |     Unused    |  FDE type |   FRE type   |
-     --------------------------------------------
-     8               5           4              0     */
+     - 1-bit: PAC authorization A/B key (aarch64).
+     - 2-bits: Unused.
+     ------------------------------------------------------------------------
+     |     Unused    |  PAC auth A/B key (aarch64) |  FDE type |   FRE type   |
+     |               |        Unused (amd64)       |           |              |
+     ------------------------------------------------------------------------
+     8               6                             5           4              0     */
   uint8_t sfde_func_info;
 } ATTRIBUTE_PACKED sframe_func_desc_entry;
 
 /* Macros to compose and decompose function info in FDE.  */
 
+/* Note: Set PAC auth key to SFRAME_AARCH64_PAUTH_KEY_A by default.  */
 #define SFRAME_V1_FUNC_INFO(fde_type, fre_enc_type) \
-  ((((fde_type) & 0x1) << 4) | ((fre_enc_type) & 0xf))
+  (((SFRAME_AARCH64_PAUTH_KEY_A & 0x1) << 5) | \
+   (((fde_type) & 0x1) << 4) | ((fre_enc_type) & 0xf))
 
 #define SFRAME_V1_FUNC_FRE_TYPE(data)	  ((data) & 0xf)
 #define SFRAME_V1_FUNC_FDE_TYPE(data)	  (((data) >> 4) & 0x1)
+#define SFRAME_V1_FUNC_PAUTH_KEY(data)	  (((data) >> 5) & 0x1)
+
+/* Set the pauth key as indicated.  */
+#define SFRAME_V1_FUNC_INFO_UPDATE_PAUTH_KEY(pauth_key, fde_info) \
+  ((((pauth_key) & 0x1) << 5) | ((fde_info) & 0xdf))
 
 /* Size of stack frame offsets in an SFrame Frame Row Entry.  A single
    SFrame FRE has all offsets of the same size.  Offset size may vary
-- 
2.37.2

[PATCH, V2 2/5] [2/5] gas: sframe: add support for .cfi_b_key_frame

[Indu Bhagat]

[No changes in V2]

Gather the information from the DWARF FDE on whether frame's return
addresses are signed using the B key or A key.  Reflect the information in
the SFrame counterpart data structure, the SFrame FDE.

ChangeLog:

	* gas/gen-sframe.c (get_dw_fde_pauth_b_key_p): New definition.
	(sframe_v1_set_func_info): Add new argument for pauth_key.
	(sframe_set_func_info): Likewise.
	(output_sframe_funcdesc): Likewise.
	* gas/gen-sframe.h (struct sframe_version_ops): Add new argument
	to the function pointer declaration.
	* gas/sframe-opt.c (sframe_convert_frag): Handle pauth_key.
---
 gas/gen-sframe.c | 26 ++++++++++++++++++++++----
 gas/gen-sframe.h |  2 +-
 gas/sframe-opt.c |  3 +++
 3 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/gas/gen-sframe.c b/gas/gen-sframe.c
index 9baf20bd873..76f8529d740 100644
--- a/gas/gen-sframe.c
+++ b/gas/gen-sframe.c
@@ -106,6 +106,17 @@ get_dw_fde_end_addrS (const struct fde_entry *dw_fde)
   return dw_fde->end_address;
 }
 
+/* Get whether PAUTH B key is used.  */
+static bool
+get_dw_fde_pauth_b_key_p (const struct fde_entry *dw_fde ATTRIBUTE_UNUSED)
+{
+#ifdef tc_fde_entry_extras
+  return (dw_fde->pauth_key == AARCH64_PAUTH_KEY_B);
+#else
+  return false;
+#endif
+}
+
 /* SFrame Frame Row Entry (FRE) related functions.  */
 
 static void
@@ -253,10 +264,12 @@ sframe_v1_set_fre_info (unsigned int base_reg, unsigned int num_offsets,
 
 /* SFrame (SFRAME_VERSION_1) set function info.  */
 static unsigned char
-sframe_v1_set_func_info (unsigned int fde_type, unsigned int fre_type)
+sframe_v1_set_func_info (unsigned int fde_type, unsigned int fre_type,
+			 unsigned int pauth_key)
 {
   unsigned char func_info;
   func_info = SFRAME_V1_FUNC_INFO (fde_type, fre_type);
+  func_info = SFRAME_V1_FUNC_INFO_UPDATE_PAUTH_KEY (pauth_key, func_info);
   return func_info;
 }
 
@@ -285,9 +298,10 @@ sframe_set_fre_info (unsigned int base_reg, unsigned int num_offsets,
 /* SFrame set func info. */
 
 ATTRIBUTE_UNUSED static unsigned char
-sframe_set_func_info (unsigned int fde_type, unsigned int fre_type)
+sframe_set_func_info (unsigned int fde_type, unsigned int fre_type,
+		      unsigned int pauth_key)
 {
-  return sframe_ver_ops.set_func_info (fde_type, fre_type);
+  return sframe_ver_ops.set_func_info (fde_type, fre_type, pauth_key);
 }
 
 /* Get the number of SFrame FDEs for the current file.  */
@@ -544,6 +558,7 @@ output_sframe_funcdesc (symbolS *start_of_fre_section,
   expressionS exp;
   unsigned int addr_size;
   symbolS *dw_fde_start_addrS, *dw_fde_end_addrS;
+  unsigned int pauth_key;
 
   addr_size = SFRAME_RELOC_SIZE;
   dw_fde_start_addrS = get_dw_fde_start_addrS (sframe_fde->dw_fde);
@@ -575,8 +590,11 @@ output_sframe_funcdesc (symbolS *start_of_fre_section,
 
   /* SFrame FDE function info.  */
   unsigned char func_info;
+  pauth_key = (get_dw_fde_pauth_b_key_p (sframe_fde->dw_fde)
+	       ? SFRAME_AARCH64_PAUTH_KEY_B : SFRAME_AARCH64_PAUTH_KEY_A);
   func_info = sframe_set_func_info (SFRAME_FDE_TYPE_PCINC,
-				    SFRAME_FRE_TYPE_ADDR4);
+				    SFRAME_FRE_TYPE_ADDR4,
+				    pauth_key);
 #if SFRAME_FRE_TYPE_SELECTION_OPT
   expressionS cexp;
   create_func_info_exp (&cexp, dw_fde_end_addrS, dw_fde_start_addrS,
diff --git a/gas/gen-sframe.h b/gas/gen-sframe.h
index 5d5702a57ca..eb43c3a07a5 100644
--- a/gas/gen-sframe.h
+++ b/gas/gen-sframe.h
@@ -146,7 +146,7 @@ struct sframe_version_ops
   unsigned char (*set_fre_info) (unsigned int, unsigned int, unsigned int,
 				 bool);
   /* set SFrame Func info.  */
-  unsigned char (*set_func_info) (unsigned int, unsigned int);
+  unsigned char (*set_func_info) (unsigned int, unsigned int, unsigned int);
 };
 
 /* Generate SFrame unwind info and prepare contents for the output.
diff --git a/gas/sframe-opt.c b/gas/sframe-opt.c
index f08a424fd88..cf7ca5c1893 100644
--- a/gas/sframe-opt.c
+++ b/gas/sframe-opt.c
@@ -95,6 +95,7 @@ sframe_convert_frag (fragS *frag)
 
   offsetT rest_of_data;
   uint8_t fde_type, fre_type;
+  uint8_t pauth_key;
 
   expressionS *exp;
   symbolS *dataS;
@@ -116,6 +117,7 @@ sframe_convert_frag (fragS *frag)
       dataS = exp->X_add_symbol;
       rest_of_data = (symbol_get_value_expression(dataS))->X_add_number;
       fde_type = SFRAME_V1_FUNC_FDE_TYPE (rest_of_data);
+      pauth_key = SFRAME_V1_FUNC_PAUTH_KEY (rest_of_data);
       gas_assert (fde_type == SFRAME_FDE_TYPE_PCINC);
 
       /* Calculate the applicable fre_type.  */
@@ -130,6 +132,7 @@ sframe_convert_frag (fragS *frag)
 
       /* Create the new function info.  */
       value = SFRAME_V1_FUNC_INFO (fde_type, fre_type);
+      value = SFRAME_V1_FUNC_INFO_UPDATE_PAUTH_KEY (pauth_key, value);
 
       frag->fr_literal[frag->fr_fix] = value;
     }
-- 
2.37.2

[PATCH, V2 3/5] [3/5] objdump/readelf: sframe: emit marker for SFrame FDE with B key

[Indu Bhagat]

[No changes in V2]

ChangeLog:

	* libsframe/sframe-dump.c (is_sframe_abi_arch_aarch64): New
	definition.
	(dump_sframe_func_with_fres): emit a string if B key is used.
---
 libsframe/sframe-dump.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/libsframe/sframe-dump.c b/libsframe/sframe-dump.c
index 5f778bee338..c00ff401685 100644
--- a/libsframe/sframe-dump.c
+++ b/libsframe/sframe-dump.c
@@ -25,6 +25,21 @@
 
 #define SFRAME_HEADER_FLAGS_STR_MAX_LEN 50
 
+/* Return TRUE if the SFrame section is associated with the aarch64 ABIs.  */
+
+static bool
+is_sframe_abi_arch_aarch64 (sframe_decoder_ctx *sfd_ctx)
+{
+  bool aarch64_p = false;
+
+  unsigned char abi_arch = sframe_decoder_get_abi_arch (sfd_ctx);
+  if ((abi_arch == SFRAME_ABI_AARCH64_ENDIAN_BIG)
+      || (abi_arch == SFRAME_ABI_AARCH64_ENDIAN_LITTLE))
+    aarch64_p = true;
+
+  return aarch64_p;
+}
+
 static void
 dump_sframe_header (sframe_decoder_ctx *sfd_ctx)
 {
@@ -113,6 +128,10 @@ dump_sframe_func_with_fres (sframe_decoder_ctx *sfd_ctx,
 	  func_start_pc_vma,
 	  func_size);
 
+  if (is_sframe_abi_arch_aarch64 (sfd_ctx)
+      && (SFRAME_V1_FUNC_PAUTH_KEY (func_info) == SFRAME_AARCH64_PAUTH_KEY_B))
+    printf (", pauth = B key");
+
   char temp[100];
   memset (temp, 0, 100);
 
-- 
2.37.2

[PATCH, V2 4/5] [4/5] gas: sframe: testsuite: add testcase for .cfi_b_key_frame

[Indu Bhagat]

[Changes in V2]
  - Update testcase to expect "[s]" marker when return address in reg or
    stack is mangled.
[End of changes in V2]

This is actually a composite test that checks the behaviour of both the
.cfi_negate_ra_state and .cfi_b_key_frame directives on aarch64.

ChangeLog:

	* testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d:
	New test.
	* testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s:
	Likewise.
	* testsuite/gas/cfi-sframe/cfi-sframe.exp: Run new test.
---
 .../cfi-sframe-aarch64-pac-ab-key-1.d         | 27 ++++++++++++++
 .../cfi-sframe-aarch64-pac-ab-key-1.s         | 36 +++++++++++++++++++
 gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
 3 files changed, 64 insertions(+)
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d
 create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s

diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d
new file mode 100644
index 00000000000..666a94101ab
--- /dev/null
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d
@@ -0,0 +1,27 @@
+#as: --gsframe
+#objdump: --sframe=.sframe
+#name: SFrame cfi_b_key_frame and cfi_negate_ra_state composite test
+#...
+Contents of the SFrame section .sframe:
+
+  Header :
+
+    Version: SFRAME_VERSION_1
+    Flags: NONE
+    Num FDEs: 2
+    Num FREs: 6
+
+  Function Index :
+    func idx \[0\]: pc = 0x0, size = 12 bytes
+    STARTPC + CFA + FP + RA +
+    0+0000 +sp\+0 +u +u +
+    0+0004 +sp\+0 +u +u\[s\] +
+    0+0008 +sp\+16 +c-16 +c-8\[s\] +
+
+    func idx \[1\]: pc = 0x0, size = 20 bytes, pauth = B key
+    STARTPC + CFA + FP +  RA +
+    0+0000 +sp\+0 +u +u +
+    0+0004 +sp\+0 +u +u\[s\] +
+    0+0008 +sp\+16 +c-16 +c-8\[s\] +
+
+#pass
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
new file mode 100644
index 00000000000..d9a408c668c
--- /dev/null
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
@@ -0,0 +1,36 @@
+## same as aarch64/pac_ab_key.s
+	.arch armv8-a
+	.text
+	.align	2
+	.global	_Z5foo_av
+	.type	_Z5foo_av, %function
+_Z5foo_av:
+.LFB0:
+	.cfi_startproc
+	hint	25 // paciasp
+	.cfi_window_save
+	stp	x29, x30, [sp, -16]!
+	.cfi_def_cfa_offset 16
+	.cfi_offset 29, -16
+	.cfi_offset 30, -8
+        ret
+	.cfi_endproc
+.LFE0:
+	.size	_Z5foo_av, .-_Z5foo_av
+	.align	2
+	.global	_Z5foo_bv
+	.type	_Z5foo_bv, %function
+_Z5foo_bv:
+.LFB1:
+	.cfi_startproc
+	.cfi_b_key_frame
+	hint	27 // pacibsp
+	.cfi_window_save
+	stp	x29, x30, [sp, -16]!
+	.cfi_def_cfa_offset 16
+	.cfi_offset 29, -16
+	.cfi_offset 30, -8
+	nop
+	nop
+        ret
+	.cfi_endproc
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
index f001fad0e8e..fa153fc52b3 100644
--- a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
@@ -97,4 +97,5 @@ if { [istarget "x86_64-*-*"] && [gas_sframe_check] } then {
 if { [istarget "aarch64*-*-*"] && [gas_sframe_check] } then {
     run_dump_test "cfi-sframe-aarch64-1"
     run_dump_test "cfi-sframe-aarch64-2"
+    run_dump_test "cfi-sframe-aarch64-pac-ab-key-1"
 }
-- 
2.37.2

[PATCH, V2 5/5] [5/5] sframe: doc: update documentation for pauth key in SFrame FDE

[Indu Bhagat]

[No changes in V2]

ChangeLog:

	* libsframe/doc/sframe-spec.texi
---
 libsframe/doc/sframe-spec.texi | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libsframe/doc/sframe-spec.texi b/libsframe/doc/sframe-spec.texi
index fa66d801dd3..345b8f93036 100644
--- a/libsframe/doc/sframe-spec.texi
+++ b/libsframe/doc/sframe-spec.texi
@@ -398,10 +398,16 @@ The info word is a bitfield split into three parts.  From MSB to LSB:
 
 @multitable {Bit offset} {@code{isroot}} {Length of variable-length data for this type (some kinds only).}
 @headitem Bit offset @tab Name @tab Description
-@item 7--5
+@item 7--6
 @tab @code{unused}
 @tab Unused bits.
 
+@item 5
+@tab @code{pauth_key}
+@tab Specify which key is used for signing the return addresses in the SFrame
+FDE.  Two possible values: SFRAME_AARCH64_PAUTH_KEY_A (0) or
+SFRAME_AARCH64_PAUTH_KEY_B (1).
+
 @item 4
 @tab @code{fdetype}
 @tab SFRAME_FDE_TYPE_PCMASK (1) or SFRAME_FDE_TYPE_PCINC (0). @xref{The SFrame FDE types}.
-- 
2.37.2

Re: [PATCH, V2 0/5] SFrame: add support for .cfi_b_key_frame

[Indu Bhagat]

PING.

This patch series has not been committed.  I earlier sent the series as 
"[COMMITTED, V2]" by mistake; so this needs an OK before I can commit it.

Thanks

On 12/19/22 13:14, Indu Bhagat wrote:
> [Changes from V1]
>    - Rebased on latest trunk.
>    - Fixed the testcase as we now emit "[s]" marker for both mangled RA in
>    register and stack.
> [End of changes in V1]
> 
> Thanks
> 
> ----------------------
> 
> Hello,
> 
> This patchset adds support for handling the .cfi_b_key_frame assembler
> directive to the SFrame format: SFrame format representation now allows to
> encode which of the pauth A key / B key are used (for signing return
> addresses on aarch64), and gas, readelf/objdump now allow for generation
> and textual dump of this information.
> 
> Testing notes:
> 
> - Regression tested cross build of several targets on an x86_64 host and an
> aarch64 host using a regression script that checks for failures in gas, ld,
> binutils, libctf and libsframe.
> - Regression tested native builds on x86_64 and aarch64.
> - binutils/gdb try bot showed no new regressions.
> 
> Thanks,
> Indu Bhagat (5):
>    [1/5] sframe.h: add support for .cfi_b_key_frame
>    [2/5] gas: sframe: add support for .cfi_b_key_frame
>    [3/5] objdump/readelf: sframe: emit marker for SFrame FDE with B key
>    [4/5] gas: sframe: testsuite: add testcase for .cfi_b_key_frame
>    [5/5] sframe: doc: update documentation for pauth key in SFrame FDE
> 
>   gas/gen-sframe.c                              | 26 +++++++++++---
>   gas/gen-sframe.h                              |  2 +-
>   gas/sframe-opt.c                              |  3 ++
>   .../cfi-sframe-aarch64-pac-ab-key-1.d         | 27 ++++++++++++++
>   .../cfi-sframe-aarch64-pac-ab-key-1.s         | 36 +++++++++++++++++++
>   gas/testsuite/gas/cfi-sframe/cfi-sframe.exp   |  1 +
>   include/sframe.h                              | 25 +++++++++----
>   libsframe/doc/sframe-spec.texi                |  8 ++++-
>   libsframe/sframe-dump.c                       | 19 ++++++++++
>   9 files changed, 135 insertions(+), 12 deletions(-)
>   create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.d
>   create mode 100644 gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-pac-ab-key-1.s
> 

Re: [PATCH, V2 0/5] SFrame: add support for .cfi_b_key_frame

[Nick Clifton]

Hi Indu,

> PING.
> 
> This patch series has not been committed.  I earlier sent the series as "[COMMITTED, V2]" by mistake; so this needs an OK before I can commit it.

Oops- sorry - patch series approved - please apply!

Cheers
   Nick