Re: [PATCH 3/3][GCC][AARCH64] Add support for pointer authentication B key

[Sam Tebbs <Sam.Tebbs@arm.com>]

[-- Attachment #1: Type: text/plain, Size: 8485 bytes --]

On 11/9/18 11:04 AM, Sam Tebbs wrote:
> On 11/02/2018 06:01 PM, Sam Tebbs wrote:
>
>> On 11/02/2018 05:35 PM, Sam Tebbs wrote:
>>
>>> Hi all,
>>>
>>> This patch adds support for the Armv8.3-A pointer authentication instructions
>>> that use the B-key (pacib*, autib* and retab). This required adding builtins for
>>> pacib1716 and autib1716, adding the "b-key" feature to the -mbranch-protection
>>> option, and required emitting a new CFI directive ".cfi_b_key_frame" which
>>> causes GAS to add 'B' to the CIE augmentation string. I also had to add a new
>>> hook called ASM_POST_CFI_STARTPROC which is triggered when the .cfi_startproc
>>> directive is emitted.
>>>
>>> The libgcc stack unwinder has been amended to authenticate return addresses
>>> with the B key when the function has been signed with the B key.
>>>
>>> The previous patch in this series is here:
>>> https://gcc.gnu.org/ml/gcc-patches/2018-11/msg00104.html
>>>
>>> Bootstrapped successfully and regression tested on aarch64-none-elf.
>>>
>>> OK for trunk?
>>>
>>> gcc/
>>> 2018-11-02  Sam Tebbs  <sam.tebbs@arm.com>
>>>
>>> 	* config/aarch64/aarch64-builtins.c (aarch64_builtins): Add
>>> 	AARCH64_PAUTH_BUILTIN_AUTIB1716 and AARCH64_PAUTH_BUILTIN_PACIB1716.
>>> 	* config/aarch64/aarch64-builtins.c (aarch64_init_pauth_hint_builtins):
>>> 	Add autib1716 and pacib1716 initialisation.
>>> 	* config/aarch64/aarch64-builtins.c (aarch64_expand_builtin): Add checks
>>> 	for autib1716 and pacib1716.
>>> 	* config/aarch64/aarch64-protos.h (aarch64_key_type,
>>> 	aarch64_post_cfi_startproc): Define.
>>> 	* config/aarch64/aarch64-protos.h (aarch64_ra_sign_key): Define extern.
>>> 	* config/aarch64/aarch64.c (aarch64_return_address_signing_enabled): Add
>>> 	check for b-key, remove frame.laid_out assertion.
>>> 	* config/aarch64/aarch64.c (aarch64_ra_sign_key,
>>> 	aarch64_post_cfi_startproc, aarch64_handle_pac_ret_b_key): Define.
>>> 	* config/aarch64/aarch64.h (TARGET_ASM_POST_CFI_STARTPROC): Define.
>>> 	* config/aarch64/aarch64.c (aarch64_pac_ret_subtypes): Add "b-key".
>>> 	* config/aarch64/aarch64.md (unspec): Add UNSPEC_AUTIA1716,
>>> 	UNSPEC_AUTIB1716, UNSPEC_AUTIASP, UNSPEC_AUTIBSP, UNSPEC_PACIA1716,
>>> 	UNSPEC_PACIB1716, UNSPEC_PACIASP, UNSPEC_PACIBSP.
>>> 	* config/aarch64/aarch64.md (do_return): Add check for b-key.
>>> 	* config/aarch64/aarch64.md (<pauth_mnem_prefix>sp): Add check for
>>> 	signing key and scope selected.
>>> 	* config/aarch64/aarch64.md (<pauth_mnem_prefix>1716): Add check for
>>> 	signing key and scope selected.
>>> 	* config/aarch64/aarch64.opt (msign-return-address=): Deprecate.
>>> 	* config/aarch64/iterators.md (PAUTH_LR_SP): Add UNSPEC_AUTIASP,
>>> 	UNSPEC_AUTIBSP, UNSPEC_PACIASP, UNSPEC_PACIBSP.
>>> 	* config/aarch64/iterators.md (PAUTH_17_16): Add UNSPEC_AUTIA1716,
>>> 	UNSPEC_AUTIB1716, UNSPEC_PACIA1716, UNSPEC_PACIB1716.
>>> 	* config/aarch64/iterators.md (pauth_mnem_prefix): Add UNSPEC_AUTIA1716,
>>> 	UNSPEC_AUTIB1716, UNSPEC_PACIA1716, UNSPEC_PACIB1716, UNSPEC_AUTIASP,
>>> 	UNSPEC_AUTIBSP, UNSPEC_PACIASP, UNSPEC_PACIBSP.
>>> 	* config/aarch64/iterators.md (pauth_hint_num_a): Replace
>>> 	UNSPEC_PACI1716 and UNSPEC_AUTI1716 with UNSPEC_PACIA1716 and
>>> 	UNSPEC_AUTIA1716 respectively.
>>> 	* config/aarch64/iterators.md (pauth_hint_num_b): New int attribute.
>>>
>>> gcc/testsuite
>>> 2018-11-02  Sam Tebbs  <sam.tebbs@arm.com>
>>>
>>> 	* gcc.target/aarch64/return_address_sign_1.c (dg-final): Replace
>>> 	"autiasp" and "paciasp" with "hint\t29 // autisp" and
>>> 	"hint\t25 // pacisp" respectively.
>>> 	* gcc.target/aarch64/return_address_sign_2.c (dg-final): Replace
>>> 	"paciasp" with "hint\t25 // pacisp".
>>> 	* gcc.target/aarch64/return_address_sign_3.c (dg-final): Replace
>>> 	"paciasp" and "autiasp" with "pacisp" and "autisp" respectively.
>>> 	* gcc.target/aarch64/return_address_sign_b_1.c: New file.
>>> 	* gcc.target/aarch64/return_address_sign_b_2.c: New file.
>>> 	* gcc.target/aarch64/return_address_sign_b_3.c: New file.
>>> 	* gcc.target/aarch64/return_address_sign_b_exception.c: New file.
>>> 	* gcc.target/aarch64/return_address_sign_builtin.c: New file
>>>
>>> libgcc/
>>> 2018-11-02  Sam Tebbs  <sam.tebbs@arm.com>
>>>
>>> 	* config/aarch64/aarch64-unwind.h (aarch64_cie_signed_with_b_key): New
>>> 	function.
>>> 	* config/aarch64/aarch64-unwind.h (aarch64_post_extract_frame_addr,
>>> 	aarch64_post_frob_eh_handler_addr): Add	check for b-key.
>>> 	* unwind-dw2-fde.c (get_cie_encoding): Add check for 'B' in augmentation
>>> 	string.
>>> 	* unwind-dw2.c (extract_cie_info): Add check for 'B' in augmentation
>>> 	string.
>> Attached is an updated patch rebased on an improvement to the
>> -mbranch-protection option documentation.
> ping

Attached is an improved patch with "hint" removed from the test scans, 
pauth_hint_num_a and pauth_hint_num_b merged into pauth_hint_num and the 
"gcc_assert (cfun->machine->frame.laid_out)" removal reverted since was 
an unnecessary change.

OK for trunk?

gcc/
2018-12-21  Sam Tebbs<sam.tebbs@arm.com>

	* config/aarch64/aarch64-builtins.c (aarch64_builtins): Add
	AARCH64_PAUTH_BUILTIN_AUTIB1716 and AARCH64_PAUTH_BUILTIN_PACIB1716.
	* config/aarch64/aarch64-builtins.c (aarch64_init_pauth_hint_builtins):
	Add autib1716 and pacib1716 initialisation.
	* config/aarch64/aarch64-builtins.c (aarch64_expand_builtin): Add checks
	for autib1716 and pacib1716.
	* config/aarch64/aarch64-protos.h (aarch64_key_type,
	aarch64_post_cfi_startproc): Define.
	* config/aarch64/aarch64-protos.h (aarch64_ra_sign_key): Define extern.
	* config/aarch64/aarch64.c (aarch64_return_address_signing_enabled): Add
	check for b-key.
	* config/aarch64/aarch64.c (aarch64_ra_sign_key,
	aarch64_post_cfi_startproc, aarch64_handle_pac_ret_b_key): Define.
	* config/aarch64/aarch64.h (TARGET_ASM_POST_CFI_STARTPROC): Define.
	* config/aarch64/aarch64.c (aarch64_pac_ret_subtypes): Add "b-key".
	* config/aarch64/aarch64.md (unspec): Add UNSPEC_AUTIA1716,
	UNSPEC_AUTIB1716, UNSPEC_AUTIASP, UNSPEC_AUTIBSP, UNSPEC_PACIA1716,
	UNSPEC_PACIB1716, UNSPEC_PACIASP, UNSPEC_PACIBSP.
	* config/aarch64/aarch64.md (do_return): Add check for b-key.
	* config/aarch64/aarch64.md (<pauth_mnem_prefix>sp): Replace
	pauth_hint_num_a with pauth_hint_num.
	* config/aarch64/aarch64.md (<pauth_mnem_prefix>1716): Replace
	pauth_hint_num_a with pauth_hint_num.
	* config/aarch64/aarch64.opt (msign-return-address=): Deprecate.
	* config/aarch64/iterators.md (PAUTH_LR_SP): Add UNSPEC_AUTIASP,
	UNSPEC_AUTIBSP, UNSPEC_PACIASP, UNSPEC_PACIBSP.
	* config/aarch64/iterators.md (PAUTH_17_16): Add UNSPEC_AUTIA1716,
	UNSPEC_AUTIB1716, UNSPEC_PACIA1716, UNSPEC_PACIB1716.
	* config/aarch64/iterators.md (pauth_mnem_prefix): Add UNSPEC_AUTIA1716,
	UNSPEC_AUTIB1716, UNSPEC_PACIA1716, UNSPEC_PACIB1716, UNSPEC_AUTIASP,
	UNSPEC_AUTIBSP, UNSPEC_PACIASP, UNSPEC_PACIBSP.
	* config/aarch64/iterators.md (pauth_hint_num_a): Replace
	UNSPEC_PACI1716 and UNSPEC_AUTI1716 with UNSPEC_PACIA1716 and
	UNSPEC_AUTIA1716 respectively.
	* config/aarch64/iterators.md (pauth_hint_num_a): Rename to pauth_hint_num
	and add UNSPEC_PACIBSP, UNSPEC_AUTIBSP, UNSPEC_PACIB1716, UNSPEC_AUTIB1716.

gcc/testsuite
2018-12-21  Sam Tebbs<sam.tebbs@arm.com>

	* gcc.target/aarch64/return_address_sign_1.c (dg-final): Replace
	"autiasp" and "paciasp" with "hint\t29 // autisp" and
	"hint\t25 // pacisp" respectively.
	* gcc.target/aarch64/return_address_sign_2.c (dg-final): Replace
	"paciasp" with "hint\t25 // pacisp".
	* gcc.target/aarch64/return_address_sign_3.c (dg-final): Replace
	"paciasp" and "autiasp" with "pacisp" and "autisp" respectively.
	* gcc.target/aarch64/return_address_sign_b_1.c: New file.
	* gcc.target/aarch64/return_address_sign_b_2.c: New file.
	* gcc.target/aarch64/return_address_sign_b_3.c: New file.
	* gcc.target/aarch64/return_address_sign_b_exception.c: New file.
	* gcc.target/aarch64/return_address_sign_builtin.c: New file

libgcc/
2018-12-21  Sam Tebbs<sam.tebbs@arm.com>

	* config/aarch64/aarch64-unwind.h (aarch64_cie_signed_with_b_key): New
	function.
	* config/aarch64/aarch64-unwind.h (aarch64_post_extract_frame_addr,
	aarch64_post_frob_eh_handler_addr): Add	check for b-key.
	* unwind-dw2-fde.c (get_cie_encoding): Add check for 'B' in augmentation
	string.
	* unwind-dw2.c (extract_cie_info): Add check for 'B' in augmentation
	string.


[-- Attachment #2: diff --]
[-- Type: text/plain, Size: 24431 bytes --]

diff --git a/gcc/config/aarch64/aarch64-builtins.c b/gcc/config/aarch64/aarch64-builtins.c
index 8cced94567008e28b1761ec8771589a3925f2904..d676f36c157c486cc9cbe6bffe0a7389ba0ccdd8 100644
--- a/gcc/config/aarch64/aarch64-builtins.c
+++ b/gcc/config/aarch64/aarch64-builtins.c
@@ -398,6 +398,8 @@ enum aarch64_builtins
   /* ARMv8.3-A Pointer Authentication Builtins.  */
   AARCH64_PAUTH_BUILTIN_AUTIA1716,
   AARCH64_PAUTH_BUILTIN_PACIA1716,
+  AARCH64_PAUTH_BUILTIN_AUTIB1716,
+  AARCH64_PAUTH_BUILTIN_PACIB1716,
   AARCH64_PAUTH_BUILTIN_XPACLRI,
   AARCH64_BUILTIN_MAX
 };
@@ -971,6 +973,14 @@ aarch64_init_pauth_hint_builtins (void)
     = add_builtin_function ("__builtin_aarch64_pacia1716", ftype_pointer_auth,
 			    AARCH64_PAUTH_BUILTIN_PACIA1716, BUILT_IN_MD, NULL,
 			    NULL_TREE);
+  aarch64_builtin_decls[AARCH64_PAUTH_BUILTIN_AUTIB1716]
+    = add_builtin_function ("__builtin_aarch64_autib1716", ftype_pointer_auth,
+			    AARCH64_PAUTH_BUILTIN_AUTIB1716, BUILT_IN_MD, NULL,
+			    NULL_TREE);
+  aarch64_builtin_decls[AARCH64_PAUTH_BUILTIN_PACIB1716]
+    = add_builtin_function ("__builtin_aarch64_pacib1716", ftype_pointer_auth,
+			    AARCH64_PAUTH_BUILTIN_PACIB1716, BUILT_IN_MD, NULL,
+			    NULL_TREE);
   aarch64_builtin_decls[AARCH64_PAUTH_BUILTIN_XPACLRI]
     = add_builtin_function ("__builtin_aarch64_xpaclri", ftype_pointer_strip,
 			    AARCH64_PAUTH_BUILTIN_XPACLRI, BUILT_IN_MD, NULL,
@@ -1360,6 +1370,8 @@ aarch64_expand_builtin (tree exp,
 
     case AARCH64_PAUTH_BUILTIN_AUTIA1716:
     case AARCH64_PAUTH_BUILTIN_PACIA1716:
+    case AARCH64_PAUTH_BUILTIN_AUTIB1716:
+    case AARCH64_PAUTH_BUILTIN_PACIB1716:
     case AARCH64_PAUTH_BUILTIN_XPACLRI:
       arg0 = CALL_EXPR_ARG (exp, 0);
       op0 = force_reg (Pmode, expand_normal (arg0));
@@ -1383,8 +1395,24 @@ aarch64_expand_builtin (tree exp,
 	{
 	  tree arg1 = CALL_EXPR_ARG (exp, 1);
 	  rtx op1 = force_reg (Pmode, expand_normal (arg1));
-	  icode = (fcode == AARCH64_PAUTH_BUILTIN_PACIA1716
-		   ? CODE_FOR_paci1716 : CODE_FOR_auti1716);
+	  switch (fcode)
+	    {
+	    case AARCH64_PAUTH_BUILTIN_AUTIA1716:
+	      icode = CODE_FOR_autia1716;
+	      break;
+	    case AARCH64_PAUTH_BUILTIN_AUTIB1716:
+	      icode = CODE_FOR_autib1716;
+	      break;
+	    case AARCH64_PAUTH_BUILTIN_PACIA1716:
+	      icode = CODE_FOR_pacia1716;
+	      break;
+	    case AARCH64_PAUTH_BUILTIN_PACIB1716:
+	      icode = CODE_FOR_pacib1716;
+	      break;
+	    default:
+	      icode = 0;
+	      gcc_unreachable ();
+	    }
 
 	  rtx x16_reg = gen_rtx_REG (Pmode, R16_REGNUM);
 	  rtx x17_reg = gen_rtx_REG (Pmode, R17_REGNUM);
diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
index e64768aadead2901c1168b3c2ec82c17052ff807..7eec71e15accead4f14b66e674535af52840c2ab 100644
--- a/gcc/config/aarch64/aarch64-protos.h
+++ b/gcc/config/aarch64/aarch64-protos.h
@@ -396,8 +396,17 @@ enum simd_immediate_check {
   AARCH64_CHECK_MOV  = AARCH64_CHECK_ORR | AARCH64_CHECK_BIC
 };
 
+/* The key type that -msign-return-address should use.  */
+enum aarch64_key_type {
+  AARCH64_KEY_A,
+  AARCH64_KEY_B
+};
+
+extern enum aarch64_key_type aarch64_ra_sign_key;
+
 extern struct tune_params aarch64_tune_params;
 
+void aarch64_post_cfi_startproc (void);
 poly_int64 aarch64_initial_elimination_offset (unsigned, unsigned);
 int aarch64_get_condition_code (rtx);
 bool aarch64_address_valid_for_prefetch_p (rtx, bool);
diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
index 8b5b2ab0bdb0e37d8a3fc2278715d3c8f5adbddb..575a40d836f99f54ffc3725208cef6af1639089a 100644
--- a/gcc/config/aarch64/aarch64.h
+++ b/gcc/config/aarch64/aarch64.h
@@ -483,6 +483,9 @@ extern unsigned aarch64_architecture_version;
 #define ASM_DECLARE_FUNCTION_NAME(STR, NAME, DECL)	\
   aarch64_declare_function_name (STR, NAME, DECL)
 
+/* Output assembly strings after .cfi_startproc is emitted.  */
+#define ASM_POST_CFI_STARTPROC  aarch64_post_cfi_startproc
+
 /* For EH returns X4 contains the stack adjustment.  */
 #define EH_RETURN_STACKADJ_RTX	gen_rtx_REG (Pmode, R4_REGNUM)
 #define EH_RETURN_HANDLER_RTX  aarch64_eh_return_handler_rtx ()
diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
index 784c93a8e9701a671004e3dfda463d726611c340..4a8a9e5a30e57c0b4c9728f59aab695b48aa7279 100644
--- a/gcc/config/aarch64/aarch64.c
+++ b/gcc/config/aarch64/aarch64.c
@@ -1144,6 +1144,8 @@ static const struct processor *selected_arch;
 static const struct processor *selected_cpu;
 static const struct processor *selected_tune;
 
+enum aarch64_key_type aarch64_ra_sign_key = AARCH64_KEY_A;
+
 /* The current tuning set.  */
 struct tune_params aarch64_tune_params = generic_tunings;
 
@@ -1212,6 +1214,7 @@ static enum aarch64_parse_opt_result
 aarch64_handle_standard_branch_protection (char* str, char* rest)
 {
   aarch64_ra_sign_scope = AARCH64_FUNCTION_NON_LEAF;
+  aarch64_ra_sign_key = AARCH64_KEY_A;
   if (rest)
     {
       error ("unexpected %<%s%> after %<%s%>", rest, str);
@@ -1225,6 +1228,7 @@ aarch64_handle_pac_ret_protection (char* str ATTRIBUTE_UNUSED,
 				    char* rest ATTRIBUTE_UNUSED)
 {
   aarch64_ra_sign_scope = AARCH64_FUNCTION_NON_LEAF;
+  aarch64_ra_sign_key = AARCH64_KEY_A;
   return AARCH64_PARSE_OK;
 }
 
@@ -1236,8 +1240,17 @@ aarch64_handle_pac_ret_leaf (char* str ATTRIBUTE_UNUSED,
   return AARCH64_PARSE_OK;
 }
 
-static const struct aarch64_branch_protect_type aarch64_pac_ret_subtypes[] = {
+static enum aarch64_parse_opt_result
+aarch64_handle_pac_ret_b_key (char* str ATTRIBUTE_UNUSED,
+			      char* rest ATTRIBUTE_UNUSED)
+{
+  aarch64_ra_sign_key = AARCH64_KEY_B;
+  return AARCH64_PARSE_OK;
+}
+
+static const struct aarch64_branch_protec_type aarch64_pac_ret_subtypes[] = {
   { "leaf", aarch64_handle_pac_ret_leaf, NULL, 0 },
+  { "b-key", aarch64_handle_pac_ret_b_key, NULL, 0 },
   { NULL, NULL, NULL, 0 }
 };
 
@@ -4719,7 +4732,7 @@ aarch64_return_address_signing_enabled (void)
   gcc_assert (cfun->machine->frame.laid_out);
 
   /* If signing scope is AARCH64_FUNCTION_NON_LEAF, we only sign a leaf function
-     if it's LR is pushed onto stack.  */
+     if its LR is pushed onto stack.  */
   return (aarch64_ra_sign_scope == AARCH64_FUNCTION_ALL
 	  || (aarch64_ra_sign_scope == AARCH64_FUNCTION_NON_LEAF
 	      && cfun->machine->frame.reg_offset[LR_REGNUM] >= 0));
@@ -5499,7 +5512,17 @@ aarch64_expand_prologue (void)
   /* Sign return address for functions.  */
   if (aarch64_return_address_signing_enabled ())
     {
-      insn = emit_insn (gen_pacisp ());
+      switch (aarch64_ra_sign_key)
+	{
+	  case AARCH64_KEY_A:
+	    insn = emit_insn (gen_paciasp ());
+	    break;
+	  case AARCH64_KEY_B:
+	    insn = emit_insn (gen_pacibsp ());
+	    break;
+	  default:
+	    gcc_unreachable ();
+	}
       add_reg_note (insn, REG_CFA_TOGGLE_RA_MANGLE, const0_rtx);
       RTX_FRAME_RELATED_P (insn) = 1;
     }
@@ -5752,7 +5775,17 @@ aarch64_expand_epilogue (bool for_sibcall)
   if (aarch64_return_address_signing_enabled ()
       && (for_sibcall || !TARGET_ARMV8_3 || crtl->calls_eh_return))
     {
-      insn = emit_insn (gen_autisp ());
+      switch (aarch64_ra_sign_key)
+	{
+	  case AARCH64_KEY_A:
+	    insn = emit_insn (gen_autiasp ());
+	    break;
+	  case AARCH64_KEY_B:
+	    insn = emit_insn (gen_autibsp ());
+	    break;
+	  default:
+	    gcc_unreachable ();
+	}
       add_reg_note (insn, REG_CFA_TOGGLE_RA_MANGLE, const0_rtx);
       RTX_FRAME_RELATED_P (insn) = 1;
     }
@@ -15040,6 +15073,18 @@ aarch64_declare_function_name (FILE *stream, const char* name,
   ASM_OUTPUT_LABEL (stream, name);
 }
 
+/* Triggered after a .cfi_startproc directive is emitted into the assembly file.
+   Used to output the .cfi_b_key_frame directive when signing the current
+   function with the B key.  */
+
+void
+aarch64_post_cfi_startproc (FILE *f, tree ignored ATTRIBUTE_UNUSED)
+{
+  if (aarch64_return_address_signing_enabled ()
+      && aarch64_ra_sign_key == AARCH64_KEY_B)
+	asm_fprintf (f, "\t.cfi_b_key_frame\n");
+}
+
 /* Implements TARGET_ASM_FILE_START.  Output the assembly header.  */
 
 static void
@@ -18788,6 +18833,9 @@ aarch64_libgcc_floating_mode_supported_p
 #define TARGET_RUN_TARGET_SELFTESTS selftest::aarch64_run_selftests
 #endif /* #if CHECKING_P */
 
+#undef TARGET_ASM_POST_CFI_STARTPROC
+#define TARGET_ASM_POST_CFI_STARTPROC aarch64_post_cfi_startproc
+
 struct gcc_target targetm = TARGET_INITIALIZER;
 
 #include "gt-aarch64.h"
diff --git a/gcc/config/aarch64/aarch64.md b/gcc/config/aarch64/aarch64.md
index cf2732e15e05db0a8825b1b7004fe904cc19ec19..f1d26e45fce13bc00cf018e44b8f3f6e9fdad3d1 100644
--- a/gcc/config/aarch64/aarch64.md
+++ b/gcc/config/aarch64/aarch64.md
@@ -118,8 +118,10 @@
 )
 
 (define_c_enum "unspec" [
-    UNSPEC_AUTI1716
-    UNSPEC_AUTISP
+    UNSPEC_AUTIA1716
+    UNSPEC_AUTIB1716
+    UNSPEC_AUTIASP
+    UNSPEC_AUTIBSP
     UNSPEC_CASESI
     UNSPEC_CRC32B
     UNSPEC_CRC32CB
@@ -162,8 +164,10 @@
     UNSPEC_LD4_LANE
     UNSPEC_MB
     UNSPEC_NOP
-    UNSPEC_PACI1716
-    UNSPEC_PACISP
+    UNSPEC_PACIA1716
+    UNSPEC_PACIB1716
+    UNSPEC_PACIASP
+    UNSPEC_PACIBSP
     UNSPEC_PRLG_STK
     UNSPEC_REV
     UNSPEC_RBIT
@@ -712,8 +716,12 @@
     if (aarch64_return_address_signing_enabled ()
 	&& TARGET_ARMV8_3
 	&& !crtl->calls_eh_return)
-      return "retaa";
-
+      {
+	if (aarch64_ra_sign_key == AARCH64_KEY_B)
+	  return "retab";
+	else
+	  return "retaa";
+      }
     return "ret";
   }
   [(set_attr "type" "branch")]
@@ -6543,7 +6551,7 @@
   [(set (reg:DI R30_REGNUM)
 	(unspec:DI [(reg:DI R30_REGNUM) (reg:DI SP_REGNUM)] PAUTH_LR_SP))]
   ""
-  "hint\t<pauth_hint_num_a> // <pauth_mnem_prefix>asp";
+  "hint\t<pauth_hint_num> // <pauth_mnem_prefix>sp";
 )
 
 ;; Signing/Authenticating X17 using X16 as the salt.
@@ -6552,7 +6560,7 @@
   [(set (reg:DI R17_REGNUM)
 	(unspec:DI [(reg:DI R17_REGNUM) (reg:DI R16_REGNUM)] PAUTH_17_16))]
   ""
-  "hint\t<pauth_hint_num_a> // <pauth_mnem_prefix>a1716";
+  "hint\t<pauth_hint_num> // <pauth_mnem_prefix>1716";
 )
 
 ;; Stripping the signature in R30.
diff --git a/gcc/config/aarch64/iterators.md b/gcc/config/aarch64/iterators.md
index ae75666167dd3c7787a2e2abb4136e85bef89420..1debf77e067e514d01b5ab3cba4199a0d8fa5635 100644
--- a/gcc/config/aarch64/iterators.md
+++ b/gcc/config/aarch64/iterators.md
@@ -1488,9 +1488,11 @@
 (define_int_iterator FMAXMIN_UNS [UNSPEC_FMAX UNSPEC_FMIN
 				  UNSPEC_FMAXNM UNSPEC_FMINNM])
 
-(define_int_iterator PAUTH_LR_SP [UNSPEC_PACISP UNSPEC_AUTISP])
+(define_int_iterator PAUTH_LR_SP [UNSPEC_PACIASP UNSPEC_AUTIASP
+				  UNSPEC_PACIBSP UNSPEC_AUTIBSP])
 
-(define_int_iterator PAUTH_17_16 [UNSPEC_PACI1716 UNSPEC_AUTI1716])
+(define_int_iterator PAUTH_17_16 [UNSPEC_PACIA1716 UNSPEC_AUTIA1716
+				  UNSPEC_PACIB1716 UNSPEC_AUTIB1716])
 
 (define_int_iterator VQDMULH [UNSPEC_SQDMULH UNSPEC_SQRDMULH])
 
@@ -1761,16 +1763,34 @@
 				  (UNSPEC_FCVTZU "fcvtzu")])
 
 ;; Pointer authentication mnemonic prefix.
-(define_int_attr pauth_mnem_prefix [(UNSPEC_PACISP "paci")
-				    (UNSPEC_AUTISP "auti")
-				    (UNSPEC_PACI1716 "paci")
-				    (UNSPEC_AUTI1716 "auti")])
-
-;; Pointer authentication HINT number for NOP space instructions using A Key.
-(define_int_attr pauth_hint_num_a [(UNSPEC_PACISP "25")
-				    (UNSPEC_AUTISP "29")
-				    (UNSPEC_PACI1716 "8")
-				    (UNSPEC_AUTI1716 "12")])
+(define_int_attr pauth_mnem_prefix [(UNSPEC_PACIASP "pacia")
+				    (UNSPEC_PACIBSP "pacib")
+				    (UNSPEC_PACIA1716 "pacia")
+				    (UNSPEC_PACIB1716 "pacib")
+				    (UNSPEC_AUTIASP "autia")
+				    (UNSPEC_AUTIBSP "autib")
+				    (UNSPEC_AUTIA1716 "autia")
+				    (UNSPEC_AUTIB1716 "autib")])
+
+(define_int_attr pauth_key [(UNSPEC_PACIASP "AARCH64_KEY_A")
+			    (UNSPEC_PACIBSP "AARCH64_KEY_B")
+			    (UNSPEC_PACIA1716 "AARCH64_KEY_A")
+			    (UNSPEC_PACIB1716 "AARCH64_KEY_B")
+			    (UNSPEC_AUTIASP "AARCH64_KEY_A")
+			    (UNSPEC_AUTIBSP "AARCH64_KEY_B")
+			    (UNSPEC_AUTIA1716 "AARCH64_KEY_A")
+			    (UNSPEC_AUTIB1716 "AARCH64_KEY_B")])
+
+;; Pointer authentication HINT number for NOP space instructions using A and
+;; B key.
+(define_int_attr pauth_hint_num [(UNSPEC_PACIASP "25")
+				   (UNSPEC_PACIBSP "27")
+				   (UNSPEC_AUTIASP "29")
+				   (UNSPEC_AUTIBSP "31")
+				   (UNSPEC_PACIA1716 "8")
+				   (UNSPEC_PACIB1716 "10")
+				   (UNSPEC_AUTIA1716 "12")
+				   (UNSPEC_AUTIB1716 "14")])
 
 (define_int_attr perm_insn [(UNSPEC_ZIP1 "zip") (UNSPEC_ZIP2 "zip")
 			    (UNSPEC_TRN1 "trn") (UNSPEC_TRN2 "trn")
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 99c67e3896dcf93c90384b08198523e94a754f7e..5171bf2d295f1800c5b41dd8b7d2f571fb542703 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -630,7 +630,8 @@ Objective-C and Objective-C++ Dialects}.
 -mlow-precision-recip-sqrt  -mlow-precision-sqrt  -mlow-precision-div @gol
 -mpc-relative-literal-loads @gol
 -msign-return-address=@var{scope} @gol
--mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}] @gol
+-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}
++@var{b-key}] @gol
 -march=@var{name}  -mcpu=@var{name}  -mtune=@var{name}  @gol
 -moverride=@var{string}  -mverbose-cost-dump  -mtrack-speculation} 
 
@@ -15704,7 +15705,8 @@ functions, and @samp{all}, which enables pointer signing for all functions.  The
 default value is @samp{none}. This option has been deprecated by
 -mbranch-protection.
 
-@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}]
+@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}
++@var{b-key}]
 @opindex mbranch-protection
 Select the branch protection features to use.
 @samp{none} is the default and turns off all types of branch protection.
@@ -15715,7 +15717,8 @@ level.
 level: signing functions that save the return address to memory (non-leaf
 functions will practically always do this) using the a-key.  The optional
 argument @samp{leaf} can be used to extend the signing to include leaf
-functions.
+functions.  The optional argument @samp{b-key} can be used to sign the functions
+with the B-key instead of the A-key.
 
 @item -msve-vector-bits=@var{bits}
 @opindex msve-vector-bits
diff --git a/gcc/testsuite/gcc.target/aarch64/return_address_sign_ab_exception.cpp b/gcc/testsuite/gcc.target/aarch64/return_address_sign_ab_exception.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..e644333f4f569e96cc38a5e523c1008e63c5d642
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/return_address_sign_ab_exception.cpp
@@ -0,0 +1,29 @@
+/* { dg-do run } */
+/* { dg-options "--save-temps" } */
+
+__attribute__((target("branch-protection=pac-ret+leaf")))
+int foo_a () {
+  throw 22;
+}
+
+__attribute__((target("branch-protection=pac-ret+leaf+b-key")))
+int foo_b () {
+  throw 22;
+}
+
+int main (int argc, char** argv) {
+  try {
+    foo_a ()
+  } catch (...) {
+    try {
+      foo_b ();
+    } catch (...) {
+      return 0;
+    }
+  }
+  return 1;
+}
+
+/* { dg-final { scan-assembler-times "paciasp" 1 } } */
+/* { dg-final { scan-assembler-times "pacibsp" 1 } } */
+/* { dg-final { scan-assembler-times "\t\t.cfi_b_key_frame" 1 } } */
diff --git a/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_1.c b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_1.c
new file mode 100644
index 0000000000000000000000000000000000000000..32d788ddf3fb72545d7c4b9869d8e445bdaaab37
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_1.c
@@ -0,0 +1,52 @@
+/* Testing return address signing where no combined instructions used.  */
+/* { dg-do compile } */
+/* { dg-options "-O2 -mbranch-protection=pac-ret+leaf+b-key" } */
+/* { dg-require-effective-target lp64 } */
+
+int foo (int);
+
+/* sibcall only.  */
+int __attribute__ ((target ("arch=armv8.3-a")))
+func1 (int a, int b)
+{
+  /* pacibsp */
+  return foo (a + b);
+  /* autibsp */
+}
+
+/* non-leaf function with sibcall.  */
+int __attribute__ ((target ("arch=armv8.3-a")))
+func2 (int a, int b)
+{
+  /* pacibsp */
+  if (a < b)
+    return b;
+
+  a = foo (b);
+
+  return foo (a);
+  /* autibsp */
+}
+
+/* non-leaf function, legacy arch.  */
+int __attribute__ ((target ("arch=armv8.2-a")))
+func3 (int a, int b, int c)
+{
+  /* pacibsp */
+  return a + foo (b) + c;
+  /* autibsp */
+}
+
+/* eh_return.  */
+void __attribute__ ((target ("arch=armv8.3-a")))
+func4 (long offset, void *handler, int *ptr, int imm1, int imm2)
+{
+  /* pacibsp */
+  *ptr = imm1 + foo (imm1) + imm2;
+  __builtin_eh_return (offset, handler);
+  /* autibsp */
+  return;
+}
+
+/* { dg-final { scan-assembler-times "pacibsp" 4 } } */
+/* { dg-final { scan-assembler-times "autibsp" 4 } } */
diff --git a/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_2.c b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_2.c
new file mode 100644
index 0000000000000000000000000000000000000000..9ed64ce05911475268e9ef95e88e873e21611085
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_2.c
@@ -0,0 +1,18 @@
+/* Testing return address signing where combined instructions used.  */
+/* { dg-do compile } */
+/* { dg-options "-O2 -mbranch-protection=pac-ret+leaf+b-key" } */
+/* { dg-require-effective-target lp64 } */
+
+int foo (int);
+int bar (int, int);
+
+int __attribute__ ((target ("arch=armv8.3-a")))
+func1 (int a, int b, int c)
+{
+  /* pacibsp */
+  return a + foo (b) + c;
+  /* retab */
+}
+
+/* { dg-final { scan-assembler-times "pacibsp" 1 } } */
+/* { dg-final { scan-assembler-times "retab" 1 } } */
diff --git a/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_3.c b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_3.c
new file mode 100644
index 0000000000000000000000000000000000000000..111a30e0bfd246ffa3c2765955cd6d3463a7a715
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_3.c
@@ -0,0 +1,22 @@
+/* Testing the disable of return address signing.  */
+/* { dg-do compile } */
+/* { dg-options "-O2 -mbranch-protection=pac-ret+leaf+b-key" } */
+/* { dg-require-effective-target lp64 } */
+
+int bar (int, int);
+
+int __attribute__ ((target ("arch=armv8.3-a, branch-protection=pac-ret+b-key")))
+func1_leaf (int a, int b, int c, int d)
+{
+  return a + b + c + d;
+}
+
+int __attribute__ ((target ("arch=armv8.3-a, branch-protection=none")))
+func2_none (int a, int b, int c, int d)
+{
+  return c + bar (a, b) + d;
+}
+
+/* { dg-final { scan-assembler-not "pacibsp" } } */
+/* { dg-final { scan-assembler-not "autibsp" } } */
+/* { dg-final { scan-assembler-not "retab" } } */
diff --git a/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_exception.cpp b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_exception.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..44dcfee245e05c832f72cc58cf00ee6e726ed5b0
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_exception.cpp
@@ -0,0 +1,17 @@
+/* { dg-do run } */
+/* { dg-options "-mbranch-protection=pac-ret+leaf+b-key"} */
+
+int foo () {
+  throw 22;
+}
+
+int main (int argc, char** argv) {
+  try {
+    foo()
+  } catch (...) {
+    return 0;
+  }
+  return 1;
+}
+
+/* { dg-final { scan-assembler-times ".cfi_b_key_frame" 2 } } */
diff --git a/gcc/testsuite/gcc.target/aarch64/return_address_sign_builtin.c b/gcc/testsuite/gcc.target/aarch64/return_address_sign_builtin.c
new file mode 100644
index 0000000000000000000000000000000000000000..0a01bfc9da45589740f9939d780805c27379c650
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/return_address_sign_builtin.c
@@ -0,0 +1,16 @@
+/* { dg-do compile } */
+/* { dg-options "-mbranch-protection=pac-ret+leaf+b-key" } */
+
+/* The correct pauth instruction should be generated no matter the return
+  address signing key/scope specified in the options.  */
+
+int foo() {
+  /* { dg-final { scan-assembler-times "pacia1716" 1 } } */
+  __builtin_aarch64_pacia1716(0, 0);
+  /* { dg-final { scan-assembler-times "pacib1716" 1 } } */
+  __builtin_aarch64_pacib1716(0, 0);
+  /* { dg-final { scan-assembler-times "autia1716" 1 } } */
+  __builtin_aarch64_autia1716(0, 0);
+  /* { dg-final { scan-assembler-times "autib1716" 1 } } */
+  __builtin_aarch64_autib1716(0, 0);
+}
diff --git a/libgcc/config/aarch64/aarch64-unwind.h b/libgcc/config/aarch64/aarch64-unwind.h
index ff05226f49cba67cf909c1edac8bd8c25f6f71d8..5e7bf64e4a7983ff38c7456bc918a016a21e5bcd 100644
--- a/libgcc/config/aarch64/aarch64-unwind.h
+++ b/libgcc/config/aarch64/aarch64-unwind.h
@@ -35,6 +35,23 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
 #define MD_FROB_UPDATE_CONTEXT(context, fs) \
   aarch64_frob_update_context (context, fs)
 
+static inline int
+aarch64_cie_signed_with_b_key (struct _Unwind_Context *context)
+{
+  const struct dwarf_fde *fde = _Unwind_Find_FDE (context->bases.func,
+						  &context->bases);
+  if (fde != NULL)
+    {
+      const struct dwarf_cie *cie = get_cie (fde);
+      if (cie != NULL)
+	{
+	  char *aug_str = cie->augmentation;
+	  return strchr (aug_str, 'B') == NULL ? 0 : 1;
+	}
+    }
+  return 0;
+}
+
 /* Do AArch64 private extraction on ADDR based on context info CONTEXT and
    unwind frame info FS.  If ADDR is signed, we do address authentication on it
    using CFA of current frame.  */
@@ -43,9 +60,11 @@ static inline void *
 aarch64_post_extract_frame_addr (struct _Unwind_Context *context,
 				 _Unwind_FrameState *fs, void *addr)
 {
-  if (fs->regs.reg[DWARF_REGNUM_AARCH64_RA_STATE].loc.offset & 0x1)
+  if (context->flags & RA_SIGNED_BIT)
     {
       _Unwind_Word salt = (_Unwind_Word) context->cfa;
+      if (aarch64_cie_signed_with_b_key (context) != 0)
+	return __builtin_aarch64_autib1716 (addr, salt);
       return __builtin_aarch64_autia1716 (addr, salt);
     }
   else
@@ -62,9 +81,14 @@ aarch64_post_frob_eh_handler_addr (struct _Unwind_Context *current,
 				   ATTRIBUTE_UNUSED,
 				   void *handler_addr)
 {
-  if (current->flags & RA_A_SIGNED_BIT)
-    return __builtin_aarch64_pacia1716 (handler_addr,
+  if (current->flags & RA_SIGNED_BIT)
+    {
+      if (aarch64_cie_signed_with_b_key (current))
+	return __builtin_aarch64_pacib1716 (handler_addr,
+					    (_Unwind_Word) current->cfa);
+      return __builtin_aarch64_pacia1716 (handler_addr,
 					(_Unwind_Word) current->cfa);
+    }
   else
     return handler_addr;
 }
@@ -79,7 +103,7 @@ aarch64_frob_update_context (struct _Unwind_Context *context,
 {
   if (fs->regs.reg[DWARF_REGNUM_AARCH64_RA_STATE].loc.offset & 0x1)
     /* The flag is used for re-authenticating EH handler's address.  */
-    context->flags |= RA_A_SIGNED_BIT;
+    context->flags |= RA_SIGNED_BIT;
 
   return;
 }
diff --git a/libgcc/unwind-dw2-fde.c b/libgcc/unwind-dw2-fde.c
index 0d52b7a4cefb35efc744b9a2c374460ce37ab470..9b454270ffd4cf188ab18c6b2261343166e64331 100644
--- a/libgcc/unwind-dw2-fde.c
+++ b/libgcc/unwind-dw2-fde.c
@@ -334,6 +334,9 @@ get_cie_encoding (const struct dwarf_cie *cie)
       /* LSDA encoding.  */
       else if (*aug == 'L')
 	p++;
+      /* aarch64 b-key pointer authentication.  */
+      else if (*aug == 'B')
+	p++;
       /* Otherwise end of string, or unknown augmentation.  */
       else
 	return DW_EH_PE_absptr;
diff --git a/libgcc/unwind-dw2.c b/libgcc/unwind-dw2.c
index de9310f524fc1f5103b6df2e024c50454a53a1c0..f2b1cfd246197977837ee4ee5311781df1bf5a05 100644
--- a/libgcc/unwind-dw2.c
+++ b/libgcc/unwind-dw2.c
@@ -136,8 +136,9 @@ struct _Unwind_Context
 #define SIGNAL_FRAME_BIT ((~(_Unwind_Word) 0 >> 1) + 1)
   /* Context which has version/args_size/by_value fields.  */
 #define EXTENDED_CONTEXT_BIT ((~(_Unwind_Word) 0 >> 2) + 1)
-  /* Bit reserved on AArch64, return address has been signed with A key.  */
-#define RA_A_SIGNED_BIT ((~(_Unwind_Word) 0 >> 3) + 1)
+  /* Bit reserved on AArch64, return address has been signed with A or B
+     key.  */
+#define RA_SIGNED_BIT ((~(_Unwind_Word) 0 >> 3) + 1)
   _Unwind_Word flags;
   /* 0 for now, can be increased when further fields are added to
      struct _Unwind_Context.  */
@@ -502,6 +503,11 @@ extract_cie_info (const struct dwarf_cie *cie, struct _Unwind_Context *context,
 	  fs->signal_frame = 1;
 	  aug += 1;
 	}
+      /* aarch64 B-key pointer authentication.  */
+      else if (aug[0] == 'B')
+	{
+	  aug += 1;
+      }
 
       /* Otherwise we have an unknown augmentation string.
 	 Bail unless we saw a 'z' prefix.  */