From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR03-VI1-obe.outbound.protection.outlook.com (mail-vi1eur03on2063.outbound.protection.outlook.com [40.107.103.63]) by sourceware.org (Postfix) with ESMTPS id 408273858D28 for ; Thu, 5 Jan 2023 13:16:38 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 408273858D28 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=byH7J0e+UxFL+GgJEFxgc2+VcOYodkniNx/8XPkEoeQ=; b=5mZAJTFKHvqrLCofDndvm39GxJOag3R1nv7OlyTOsRiXAOi0CvCRluzu9VgNROvUdsr05LXon2ptjZAFyKUWHI/I0ZDZ95pqH8j22/JqAX4MFg8Rd7TuebidhyAo9uE4ZCXOFRExPQXf97mJTttk4klCrmN365mcUFO99fY1lcc= Received: from AS4PR10CA0021.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:5d8::9) by VI1PR08MB9959.eurprd08.prod.outlook.com (2603:10a6:800:1c1::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5986.14; Thu, 5 Jan 2023 13:16:32 +0000 Received: from VI1EUR03FT034.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:5d8:cafe::9) by AS4PR10CA0021.outlook.office365.com (2603:10a6:20b:5d8::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5966.20 via Frontend Transport; Thu, 5 Jan 2023 13:16:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VI1EUR03FT034.mail.protection.outlook.com (100.127.144.165) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.17 via Frontend Transport; Thu, 5 Jan 2023 13:16:31 +0000 Received: ("Tessian outbound baf1b7a96f25:v132"); Thu, 05 Jan 2023 13:16:31 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: 6462b7aecfcb77c5 X-CR-MTA-TID: 64aa7808 Received: from dafb83ae9395.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 4D96AB83-8FD0-4959-8D75-75C1A02812A8.1; Thu, 05 Jan 2023 13:16:24 +0000 Received: from EUR04-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id dafb83ae9395.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 05 Jan 2023 13:16:24 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gX3P+VJsG0cFD1PrpCKW6DUxarF+Bz57/s6/4TVuyB6lMr/W2oNLP1xHpq0uJihuJUf0FqQBcAt2PVxS/dZrkTiTzwnEysVzmmZUFc5tm1Vl6vq1O3ejw3dFV3eCG9qS2ENpCjDpZdYFa3aCNrQRS1IDNmVIVHKOKONa3XHxKJf2WCW2AiSodXnCpdoYDZqIxmkGSQDvPNFmSROMjivGH45OAsswyTpq9O98AmZ/tr3chIF/WIDy/1785Hm1HymmA8wzh+VGCYZYp8r9VgXjOx9iujSv4DluVJknWXCzouzhtAhDH/Zne8wmYvq5iF2i4DiYZDOnSApLDkYb0s+gvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=byH7J0e+UxFL+GgJEFxgc2+VcOYodkniNx/8XPkEoeQ=; b=JSXKe5rOAvD/ixgF4cBOD3iq61s66RXat31rUAbJgy4PJM5NioyPlcIH2vs7EOhsAVYGcMcyRN10xC8Ecw1TyovlXAaP7npKrXF3dVdWYrsyEDUPnEvetORywNl8Z6Cig3VS4l0xx76O+lWoOKSsoh7ZXavSma50E4aeT11o4azRsmyOhOoBTH8jLST/LtEzbygkAV0Gcu7T71ev9ahac3TK1nGJ3UekhMMUNckvjMKqiq4eIAOpIDwJvTrJxK88MTRsgRQFjPfX4MHoy16uxjSddRAzfngg/Anq57A+wlwAMiyct5vZmm0P8uADoxRr54Gxefsq3TuaQafDLQUllg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=byH7J0e+UxFL+GgJEFxgc2+VcOYodkniNx/8XPkEoeQ=; b=5mZAJTFKHvqrLCofDndvm39GxJOag3R1nv7OlyTOsRiXAOi0CvCRluzu9VgNROvUdsr05LXon2ptjZAFyKUWHI/I0ZDZ95pqH8j22/JqAX4MFg8Rd7TuebidhyAo9uE4ZCXOFRExPQXf97mJTttk4klCrmN365mcUFO99fY1lcc= Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; Received: from VI1PR08MB3919.eurprd08.prod.outlook.com (2603:10a6:803:c4::31) by GV1PR08MB8156.eurprd08.prod.outlook.com (2603:10a6:150:90::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5986.14; Thu, 5 Jan 2023 13:16:20 +0000 Received: from VI1PR08MB3919.eurprd08.prod.outlook.com ([fe80::eed7:25a3:e4ea:187a]) by VI1PR08MB3919.eurprd08.prod.outlook.com ([fe80::eed7:25a3:e4ea:187a%6]) with mapi id 15.20.5986.007; Thu, 5 Jan 2023 13:16:19 +0000 Message-ID: <19302961-c418-a266-567c-d52b87f112f8@arm.com> Date: Thu, 5 Jan 2023 13:16:17 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2 Subject: Re: [PATCH] [AArch64] Enable pointer authentication support for aarch64 bare metal/kernel mode addresses Content-Language: en-US To: gdb-patches@sourceware.org Cc: jhb@FreeBSD.org, thiago.bauermann@linaro.org References: <20221216105722.1413765-1-luis.machado@arm.com> From: Luis Machado In-Reply-To: <20221216105722.1413765-1-luis.machado@arm.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-ClientProxiedBy: LO2P265CA0324.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:a4::24) To VI1PR08MB3919.eurprd08.prod.outlook.com (2603:10a6:803:c4::31) MIME-Version: 1.0 X-MS-TrafficTypeDiagnostic: VI1PR08MB3919:EE_|GV1PR08MB8156:EE_|VI1EUR03FT034:EE_|VI1PR08MB9959:EE_ X-MS-Office365-Filtering-Correlation-Id: c795556d-e91e-4b71-3e2e-08daef1f0ff6 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: AQ0Wr+GoIzrzfSfk/a3UEEpAQGV0MtxiqcVTyRtunpAprAFac5L9Xl6f3awAfqxnR+0BnxCciengAfr1h37m6/Gt9qR2mY/GdrXz590jCWUumXooB8Vrf/wAacwFIhgK/X8bh7lWpqCVZMyqqO1LDS40dr0fYTuZzzz6un1gFUNtSlLVI1121nCi0dU/LmDYxg8G0FD6JL4ZQKY+Sk2ZrKIBgBYWJpQLDIZ2jazyMj41VvByw/khgm2+mcVYyTuJJXhVQytr/9aEHIwvkqG0u/y8cQskqyEQxE5IzDOzzph35CD1mfqMjeckUlc0pRKPO99w9pUJQYfuyPU5oY5Hn1i97apDCN2NWCV8briOXeG1k73PtzO8Hsx4kYa+pfKbUk4CA3lANpSdQ1gF7En2cQ6UXa5p+7tS0oLSKoLKtj52sJ/U0DIfEwdIQsVuL3kaqvUinEv/1zSbnsHB5fj2LVRUl++S+s0xbjA3qoJaNWUir60gvYja2PPPh9/3ftAbXR8eTsvhX0koz84JO1S1tXskOn8wQpz+Q/IVe5UjaDnSC7DOfhNmUwEEtvIAgbBrAUZgat5h3bYQdengLpKRoWLQ4xzibv8IHHCw5ECO9H2sL+joxnrY7pVbCWSd54f2FA2kmC/KJFd0lZnlM1RcL1xKVWzzTa6E+G3lWY1UerD9RTou10OIY3nH70hfU90DVzWA1361gIIrxjulUnDOu8fOxgjx5U7Zm01/zUenB+SB77lenzlFIcnyL69BLkVm X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:VI1PR08MB3919.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(39860400002)(136003)(366004)(346002)(396003)(376002)(451199015)(31686004)(66899015)(44832011)(36756003)(83380400001)(2906002)(38100700002)(66476007)(8936002)(66556008)(41300700001)(5660300002)(26005)(53546011)(186003)(6506007)(86362001)(8676002)(6916009)(66946007)(31696002)(4326008)(478600001)(966005)(30864003)(6512007)(6486002)(2616005)(316002)(45980500001)(43740500002);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1PR08MB8156 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: VI1EUR03FT034.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 9db29033-b3b0-4426-44ab-08daef1f07f5 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: fAprnOuiXhmU0fj6Y1UKOgd2GB46hR1KiSwmvICMhl67ZTJNXYFE5rjnF/ui3RJrGqcoctXrEBbF7kPXMoupMVSMck4tUPuf0/2+0xLJbdbgz17WvfDF+swAHwQLI8yu2QIzIElT3vQxBO1EXAmPWs0bDa4FugL+PL3KcjDOIdZ3cugkntHvNiszFjEhR8WkTayxz3NFcmMLb4kpOiT1PlIXWHF/tbs/78jBlUvM3KE+jNXZ5TplfsiXUmtc4UoarAtC6VTv3QViI9QTbUuNj3HLClbEjksWT86Vmvk+K1zLINgStccoeNubvsrkuAuy7bZ5nWc8EYU7bn7hiV75KR+KB69dx0jD+4fhoXLifFnONjB+GTNCrLUpvD1JX7WKtFfpDqUHKaR33fpvBVrggDH28b26BbipacsS/j2hcSzzoiEroOjpgkoFGRpF47dno5sR2l530sBO6n6dhSl4MAzjHteLYw1gBt/ikplm0iqsW98VLG7+IwKGelX6R7zpJ0EZeCSlMYcDtAOheKqtCcc5Qs1SB97JDY1pQxzNmY+Ohgk0/N1WPdsa8xG34ahFbLRwJ8RuRDILiBGgkOf23HdpnDO0kbXOdNGvL0RElMtlq6cIPYGjzV51kEBx4D7MxuRF0pp0ncc9SZMRatQR5E00GDn73TT6ee5c9F72IIqF41ay8Dpotol7u/8z1Z+sfKDy+//z8TEGKIw/QoLyVJMWLwXM2a2VsIqMq/CIWjLnL0RR+0yjI0y8MYTnQQgLGYMGBW052UElt6IypLUZaw== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230022)(4636009)(39860400002)(136003)(396003)(376002)(346002)(451199015)(40470700004)(46966006)(36840700001)(40480700001)(41300700001)(36756003)(40460700003)(47076005)(82310400005)(8676002)(336012)(4326008)(70586007)(70206006)(5660300002)(44832011)(30864003)(8936002)(26005)(966005)(478600001)(6916009)(6486002)(107886003)(186003)(6506007)(53546011)(316002)(6512007)(2616005)(81166007)(356005)(86362001)(31696002)(83380400001)(2906002)(36860700001)(82740400003)(31686004)(66899015)(43740500002);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2023 13:16:31.5760 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c795556d-e91e-4b71-3e2e-08daef1f0ff6 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: VI1EUR03FT034.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR08MB9959 X-Spam-Status: No, score=-13.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FORGED_SPF_HELO,GIT_PATCH_0,KAM_DMARC_NONE,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,TXREP,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi John, Any thoughts on this patch from BSD's side? On 12/16/22 10:57, Luis Machado via Gdb-patches wrote: > At the moment GDB only handles pointer authentication (pauth) for userspace > addresses and if we're debugging a Linux-hosted program. > > The Linux Kernel can be configured to use pauth instructions for some > additional security hardening, but GDB doesn't handle this well. > > To overcome this limitation, GDB needs a couple things: > > 1 - The target needs to advertise pauth support. > 2 - The hook to remove non-address bits from a pointer needs to be registered > in aarch64-tdep.c as opposed to aarch64-linux-tdep.c. > > There is a patch for QEMU [1] that addresses the first point, and it makes > QEMU's gdbstub expose a couple more pauth mask registers, so overall we will > have up to 4 pauth masks (2 masks or 4 masks): > > pauth_dmask > pauth_cmask > pauth_dmask_high > pauth_cmask_high > > pauth_dmask and pauth_cmask are the masks used to remove pauth signatures > from userspace addresses. pauth_dmask_high and pauth_cmask_high masks are used > to remove pauth signatures from kernel addresses. > > The second point is easily addressed by moving code around. > > When debugging a Linux Kernel built with pauth with an unpatched GDB, we get > the following backtrace: > > #0 __fput (file=0xffff0000c17a6400) at /repos/linux/fs/file_table.c:296 > #1 0xffff8000082bd1f0 in ____fput (work=) at /repos/linux/fs/file_table.c:348 > #2 0x30008000080ade30 [PAC] in ?? () > #3 0x30d48000080ade30 in ?? () > Backtrace stopped: previous frame identical to this frame (corrupt stack?) > > With a patched GDB, we get something a lot more meaningful: > > #0 __fput (file=0xffff0000c1bcfa00) at /repos/linux/fs/file_table.c:296 > #1 0xffff8000082bd1f0 in ____fput (work=) at /repos/linux/fs/file_table.c:348 > #2 0xffff8000080ade30 [PAC] in task_work_run () at /repos/linux/kernel/task_work.c:179 > #3 0xffff80000801db90 [PAC] in resume_user_mode_work (regs=0xffff80000a96beb0) at /repos/linux/include/linux/resume_user_mode.h:49 > #4 do_notify_resume (regs=regs@entry=0xffff80000a96beb0, thread_flags=4) at /repos/linux/arch/arm64/kernel/signal.c:1127 > #5 0xffff800008fb9974 [PAC] in prepare_exit_to_user_mode (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:137 > #6 exit_to_user_mode (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:142 > #7 el0_svc (regs=0xffff80000a96beb0) at /repos/linux/arch/arm64/kernel/entry-common.c:638 > #8 0xffff800008fb9d34 [PAC] in el0t_64_sync_handler (regs=) at /repos/linux/arch/arm64/kernel/entry-common.c:655 > #9 0xffff800008011548 [PAC] in el0t_64_sync () at /repos/linux/arch/arm64/kernel/entry.S:586 > Backtrace stopped: Cannot access memory at address 0xffff80000a96c0c8 > > [1] https://gitlab.com/rth7680/qemu/-/commit/e440ce6de3e14bf19ee70935be9086c05359f07b > --- > gdb/aarch64-linux-tdep.c | 40 --------------- > gdb/aarch64-tdep.c | 103 ++++++++++++++++++++++++++++++++++----- > gdb/aarch64-tdep.h | 2 + > gdb/arch/aarch64.h | 6 +++ > 4 files changed, 100 insertions(+), 51 deletions(-) > > diff --git a/gdb/aarch64-linux-tdep.c b/gdb/aarch64-linux-tdep.c > index 7e04bd9251f..1f091fbc540 100644 > --- a/gdb/aarch64-linux-tdep.c > +++ b/gdb/aarch64-linux-tdep.c > @@ -1980,40 +1980,6 @@ aarch64_linux_decode_memtag_section (struct gdbarch *gdbarch, > return tags; > } > > -/* AArch64 implementation of the remove_non_address_bits gdbarch hook. Remove > - non address bits from a pointer value. */ > - > -static CORE_ADDR > -aarch64_remove_non_address_bits (struct gdbarch *gdbarch, CORE_ADDR pointer) > -{ > - aarch64_gdbarch_tdep *tdep = gdbarch_tdep (gdbarch); > - > - /* By default, we assume TBI and discard the top 8 bits plus the VA range > - select bit (55). */ > - CORE_ADDR mask = AARCH64_TOP_BITS_MASK; > - > - if (tdep->has_pauth ()) > - { > - /* Fetch the PAC masks. These masks are per-process, so we can just > - fetch data from whatever thread we have at the moment. > - > - Also, we have both a code mask and a data mask. For now they are the > - same, but this may change in the future. */ > - struct regcache *regs = get_current_regcache (); > - CORE_ADDR cmask, dmask; > - > - if (regs->cooked_read (tdep->pauth_reg_base, &dmask) != REG_VALID) > - dmask = mask; > - > - if (regs->cooked_read (tdep->pauth_reg_base + 1, &cmask) != REG_VALID) > - cmask = mask; > - > - mask |= aarch64_mask_from_pac_registers (cmask, dmask); > - } > - > - return aarch64_remove_top_bits (pointer, mask); > -} > - > static void > aarch64_linux_init_abi (struct gdbarch_info info, struct gdbarch *gdbarch) > { > @@ -2066,12 +2032,6 @@ aarch64_linux_init_abi (struct gdbarch_info info, struct gdbarch *gdbarch) > /* Syscall record. */ > tdep->aarch64_syscall_record = aarch64_linux_syscall_record; > > - /* The top byte of a user space address known as the "tag", > - is ignored by the kernel and can be regarded as additional > - data associated with the address. */ > - set_gdbarch_remove_non_address_bits (gdbarch, > - aarch64_remove_non_address_bits); > - > /* MTE-specific settings and hooks. */ > if (tdep->has_mte ()) > { > diff --git a/gdb/aarch64-tdep.c b/gdb/aarch64-tdep.c > index 024385a9fd8..d99c2b3e866 100644 > --- a/gdb/aarch64-tdep.c > +++ b/gdb/aarch64-tdep.c > @@ -133,10 +133,14 @@ static const char *const aarch64_sve_register_names[] = > > static const char *const aarch64_pauth_register_names[] = > { > - /* Authentication mask for data pointer. */ > + /* Authentication mask for data pointer, low half/user pointers. */ > "pauth_dmask", > - /* Authentication mask for code pointer. */ > - "pauth_cmask" > + /* Authentication mask for code pointer, low half/user pointers. */ > + "pauth_cmask", > + /* Authentication mask for data pointer, high half / kernel pointers. */ > + "pauth_dmask_high", > + /* Authentication mask for code pointer, high half / kernel pointers. */ > + "pauth_cmask_high" > }; > > static const char *const aarch64_mte_register_names[] = > @@ -222,9 +226,19 @@ aarch64_frame_unmask_lr (aarch64_gdbarch_tdep *tdep, > && frame_unwind_register_unsigned (this_frame, > tdep->ra_sign_state_regnum)) > { > - int cmask_num = AARCH64_PAUTH_CMASK_REGNUM (tdep->pauth_reg_base); > - CORE_ADDR cmask = frame_unwind_register_unsigned (this_frame, cmask_num); > - addr = addr & ~cmask; > + /* VA range select (bit 55) tells us whether to use the low half masks > + or the high half masks. */ > + int cmask_num; > + if (tdep->pauth_reg_count > 2 && addr & VA_RANGE_SELECT_BIT_MASK) > + cmask_num = AARCH64_PAUTH_CMASK_HIGH_REGNUM (tdep->pauth_reg_base); > + else > + cmask_num = AARCH64_PAUTH_CMASK_REGNUM (tdep->pauth_reg_base); > + > + /* By default, we assume TBI and discard the top 8 bits plus the VA range > + select bit (55). */ > + CORE_ADDR mask = AARCH64_TOP_BITS_MASK; > + mask |= frame_unwind_register_unsigned (this_frame, cmask_num); > + addr = aarch64_remove_top_bits (addr, mask); > > /* Record in the frame that the link register required unmasking. */ > set_frame_previous_pc_masked (this_frame); > @@ -1317,8 +1331,8 @@ aarch64_dwarf2_frame_init_reg (struct gdbarch *gdbarch, int regnum, > reg->loc.exp.len = 1; > return; > } > - else if (regnum == AARCH64_PAUTH_DMASK_REGNUM (tdep->pauth_reg_base) > - || regnum == AARCH64_PAUTH_CMASK_REGNUM (tdep->pauth_reg_base)) > + else if (regnum >= tdep->pauth_reg_base > + && regnum < tdep->pauth_reg_base + tdep->pauth_reg_count) > { > reg->how = DWARF2_FRAME_REG_SAME_VALUE; > return; > @@ -3492,8 +3506,8 @@ aarch64_cannot_store_register (struct gdbarch *gdbarch, int regnum) > return 0; > > /* Pointer authentication registers are read-only. */ > - return (regnum == AARCH64_PAUTH_DMASK_REGNUM (tdep->pauth_reg_base) > - || regnum == AARCH64_PAUTH_CMASK_REGNUM (tdep->pauth_reg_base)); > + return (regnum >= tdep->pauth_reg_base > + && regnum < tdep->pauth_reg_base + tdep->pauth_reg_count); > } > > /* Implement the stack_frame_destroyed_p gdbarch method. */ > @@ -3521,6 +3535,51 @@ aarch64_stack_frame_destroyed_p (struct gdbarch *gdbarch, CORE_ADDR pc) > return streq (inst.opcode->name, "ret"); > } > > +/* AArch64 implementation of the remove_non_address_bits gdbarch hook. Remove > + non address bits from a pointer value. */ > + > +static CORE_ADDR > +aarch64_remove_non_address_bits (struct gdbarch *gdbarch, CORE_ADDR pointer) > +{ > + aarch64_gdbarch_tdep *tdep = gdbarch_tdep (gdbarch); > + > + /* By default, we assume TBI and discard the top 8 bits plus the VA range > + select bit (55). */ > + CORE_ADDR mask = AARCH64_TOP_BITS_MASK; > + > + if (tdep->has_pauth ()) > + { > + /* Fetch the PAC masks. These masks are per-process, so we can just > + fetch data from whatever thread we have at the moment. > + > + Also, we have both a code mask and a data mask. For now they are the > + same, but this may change in the future. */ > + struct regcache *regs = get_current_regcache (); > + CORE_ADDR cmask, dmask; > + int dmask_regnum = AARCH64_PAUTH_DMASK_REGNUM (tdep->pauth_reg_base); > + int cmask_regnum = AARCH64_PAUTH_CMASK_REGNUM (tdep->pauth_reg_base); > + > + /* If we have a kernel address and we have kernel-mode address mask > + registers, use those instead. */ > + if (tdep->pauth_reg_count > 2 > + && pointer & VA_RANGE_SELECT_BIT_MASK) > + { > + dmask_regnum = AARCH64_PAUTH_DMASK_HIGH_REGNUM (tdep->pauth_reg_base); > + cmask_regnum = AARCH64_PAUTH_CMASK_HIGH_REGNUM (tdep->pauth_reg_base); > + } > + > + if (regs->cooked_read (dmask_regnum, &dmask) != REG_VALID) > + dmask = mask; > + > + if (regs->cooked_read (cmask_regnum, &cmask) != REG_VALID) > + cmask = mask; > + > + mask |= aarch64_mask_from_pac_registers (cmask, dmask); > + } > + > + return aarch64_remove_top_bits (pointer, mask); > +} > + > /* Initialize the current architecture based on INFO. If possible, > re-use an architecture from ARCHES, which is a list of > architectures already created during this debugging session. > @@ -3659,19 +3718,35 @@ aarch64_gdbarch_init (struct gdbarch_info info, struct gdbarch_list *arches) > } > > /* Add the pauth registers. */ > + int pauth_masks = 0; > if (feature_pauth != NULL) > { > first_pauth_regnum = num_regs; > ra_sign_state_offset = num_pseudo_regs; > + > + /* Size of the expected register set with all 4 masks. */ > + int set_size = ARRAY_SIZE (aarch64_pauth_register_names); > + > + /* QEMU exposes a couple additional masks for the high half of the > + address. We should either have 2 registers or 4 registers. */ > + if (tdesc_unnumbered_register (feature_pauth, > + "pauth_dmask_high") == 0) > + { > + /* We did not find pauth_dmask_high, assume we only have > + 2 masks. We are not dealing with QEMU/Emulators then. */ > + set_size -= 2; > + } > + > /* Validate the descriptor provides the mandatory PAUTH registers and > allocate their numbers. */ > - for (i = 0; i < ARRAY_SIZE (aarch64_pauth_register_names); i++) > + for (i = 0; i < set_size; i++) > valid_p &= tdesc_numbered_register (feature_pauth, tdesc_data.get (), > first_pauth_regnum + i, > aarch64_pauth_register_names[i]); > > num_regs += i; > num_pseudo_regs += 1; /* Count RA_STATE pseudo register. */ > + pauth_masks = set_size; > } > > /* Add the MTE registers. */ > @@ -3706,6 +3781,7 @@ aarch64_gdbarch_init (struct gdbarch_info info, struct gdbarch_list *arches) > tdep->jb_elt_size = 8; > tdep->vq = vq; > tdep->pauth_reg_base = first_pauth_regnum; > + tdep->pauth_reg_count = pauth_masks; > tdep->ra_sign_state_regnum = -1; > tdep->mte_reg_base = first_mte_regnum; > tdep->tls_regnum_base = first_tls_regnum; > @@ -3822,6 +3898,11 @@ aarch64_gdbarch_init (struct gdbarch_info info, struct gdbarch_list *arches) > if (tdep->has_pauth ()) > tdep->ra_sign_state_regnum = ra_sign_state_offset + num_regs; > > + /* Architecture hook to remove bits of a pointer that are not part of the > + address, like memory tags (MTE) and pointer authentication signatures. */ > + set_gdbarch_remove_non_address_bits (gdbarch, > + aarch64_remove_non_address_bits); > + > /* Add standard register aliases. */ > for (i = 0; i < ARRAY_SIZE (aarch64_register_aliases); i++) > user_reg_add (gdbarch, aarch64_register_aliases[i].name, > diff --git a/gdb/aarch64-tdep.h b/gdb/aarch64-tdep.h > index ff94c0a23b0..9fbb2b510aa 100644 > --- a/gdb/aarch64-tdep.h > +++ b/gdb/aarch64-tdep.h > @@ -94,6 +94,8 @@ struct aarch64_gdbarch_tdep : gdbarch_tdep_base > } > > int pauth_reg_base = 0; > + /* Number of pauth masks. */ > + int pauth_reg_count = 0; > int ra_sign_state_regnum = 0; > > /* Returns true if the target supports pauth. */ > diff --git a/gdb/arch/aarch64.h b/gdb/arch/aarch64.h > index 68048198b4d..4eeb9f8aa2c 100644 > --- a/gdb/arch/aarch64.h > +++ b/gdb/arch/aarch64.h > @@ -132,6 +132,12 @@ enum aarch64_regnum > > #define AARCH64_PAUTH_DMASK_REGNUM(pauth_reg_base) (pauth_reg_base) > #define AARCH64_PAUTH_CMASK_REGNUM(pauth_reg_base) (pauth_reg_base + 1) > +/* The high versions of these masks are used for bare metal/kernel-mode pointer > + authentication support. */ > +#define AARCH64_PAUTH_DMASK_HIGH_REGNUM(pauth_reg_base) (pauth_reg_base + 2) > +#define AARCH64_PAUTH_CMASK_HIGH_REGNUM(pauth_reg_base) (pauth_reg_base + 3) > + > +/* This size is only meant for Linux, not bare metal. QEMU exposes 4 masks. */ > #define AARCH64_PAUTH_REGS_SIZE (16) > > #define AARCH64_X_REGS_NUM 31