[PATCH v2] AArch64 pauth: Indicate unmasked address in backtrace for kernel

[PATCH v2] AArch64 pauth: Indicate unmasked address in backtrace for kernel

[Kuan-Ying Lee]

Armv8.3-a Pointer Authentication causes the function return address to
be changed. GDB needs to use address bit[55] to know which mode is active
and unmask the link register in order to get backtrace.
---
v2:
 - Rewrite the commit message
 - Add a new function aarch64_unmask_address() for PAC
   suggested by Luis in [1]
 - Define VA range select bit
 [1] https://sourceware.org/pipermail/gdb-patches/2021-October/182835.html

 gdb/aarch64-tdep.c | 16 +++++++++++++++-
 gdb/aarch64-tdep.h |  4 ++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/gdb/aarch64-tdep.c b/gdb/aarch64-tdep.c
index 42b8494980..a96aed7567 100644
--- a/gdb/aarch64-tdep.c
+++ b/gdb/aarch64-tdep.c
@@ -243,6 +243,20 @@ class instruction_reader : public abstract_instruction_reader
 
 } // namespace
 
+/* Return unmasked address by using different unmask method
+   depending on AARCH64_PAC_VA_RANGE_BIT  */
+
+static CORE_ADDR
+aarch64_unmask_address(CORE_ADDR address, CORE_ADDR mask)
+{
+    /* Unmask kernel mode and user mode addresses appropriately based on
+       the VA range bit  */
+    if (address & AARCH64_PAC_VA_RANGE_MASK)
+        return address | mask;
+    else
+        return address & ~mask;
+}
+
 /* If address signing is enabled, mask off the signature bits from the link
    register, which is passed by value in ADDR, using the register values in
    THIS_FRAME.  */
@@ -257,7 +271,7 @@ aarch64_frame_unmask_lr (struct gdbarch_tdep *tdep,
     {
       int cmask_num = AARCH64_PAUTH_CMASK_REGNUM (tdep->pauth_reg_base);
       CORE_ADDR cmask = frame_unwind_register_unsigned (this_frame, cmask_num);
-      addr = addr & ~cmask;
+      addr = aarch64_unmask_address(addr, cmask);
 
       /* Record in the frame that the link register required unmasking.  */
       set_frame_previous_pc_masked (this_frame);
diff --git a/gdb/aarch64-tdep.h b/gdb/aarch64-tdep.h
index 7bf612b012..9c50988d6e 100644
--- a/gdb/aarch64-tdep.h
+++ b/gdb/aarch64-tdep.h
@@ -59,6 +59,10 @@ struct regset;
    single-stepped instruction.  */
 #define AARCH64_DISPLACED_MODIFIED_INSNS 1
 
+/* VA range select bit for Pointer Authentication Code (PAC) feature  */
+#define AARCH64_PAC_VA_RANGE_BIT 55
+#define AARCH64_PAC_VA_RANGE_MASK (1ULL << AARCH64_PAC_VA_RANGE_BIT)
+
 /* Target-dependent structure in gdbarch.  */
 struct gdbarch_tdep
 {
-- 
2.25.1

Re: [PATCH v2] AArch64 pauth: Indicate unmasked address in backtrace for kernel

[Luis Machado]

Thanks. That looks much better.

One thing I forgot to ask. Do you have the copyright assignment papers 
in place so you can contribute code on behalf of MediaTek?

I couldn't find those, but they may be pending.

Regards,
Luis

On 10/27/21 12:32 AM, Kuan-Ying Lee wrote:
> Armv8.3-a Pointer Authentication causes the function return address to
> be changed. GDB needs to use address bit[55] to know which mode is active
> and unmask the link register in order to get backtrace.
> ---
> v2:
>   - Rewrite the commit message
>   - Add a new function aarch64_unmask_address() for PAC
>     suggested by Luis in [1]
>   - Define VA range select bit
>   [1] https://sourceware.org/pipermail/gdb-patches/2021-October/182835.html
> 
>   gdb/aarch64-tdep.c | 16 +++++++++++++++-
>   gdb/aarch64-tdep.h |  4 ++++
>   2 files changed, 19 insertions(+), 1 deletion(-)
> 
> diff --git a/gdb/aarch64-tdep.c b/gdb/aarch64-tdep.c
> index 42b8494980..a96aed7567 100644
> --- a/gdb/aarch64-tdep.c
> +++ b/gdb/aarch64-tdep.c
> @@ -243,6 +243,20 @@ class instruction_reader : public abstract_instruction_reader
>   
>   } // namespace
>   
> +/* Return unmasked address by using different unmask method
> +   depending on AARCH64_PAC_VA_RANGE_BIT  */
> +
> +static CORE_ADDR
> +aarch64_unmask_address(CORE_ADDR address, CORE_ADDR mask)
> +{
> +    /* Unmask kernel mode and user mode addresses appropriately based on
> +       the VA range bit  */
> +    if (address & AARCH64_PAC_VA_RANGE_MASK)
> +        return address | mask;
> +    else
> +        return address & ~mask;
> +}
> +
>   /* If address signing is enabled, mask off the signature bits from the link
>      register, which is passed by value in ADDR, using the register values in
>      THIS_FRAME.  */
> @@ -257,7 +271,7 @@ aarch64_frame_unmask_lr (struct gdbarch_tdep *tdep,
>       {
>         int cmask_num = AARCH64_PAUTH_CMASK_REGNUM (tdep->pauth_reg_base);
>         CORE_ADDR cmask = frame_unwind_register_unsigned (this_frame, cmask_num);
> -      addr = addr & ~cmask;
> +      addr = aarch64_unmask_address(addr, cmask);
>   
>         /* Record in the frame that the link register required unmasking.  */
>         set_frame_previous_pc_masked (this_frame);
> diff --git a/gdb/aarch64-tdep.h b/gdb/aarch64-tdep.h
> index 7bf612b012..9c50988d6e 100644
> --- a/gdb/aarch64-tdep.h
> +++ b/gdb/aarch64-tdep.h
> @@ -59,6 +59,10 @@ struct regset;
>      single-stepped instruction.  */
>   #define AARCH64_DISPLACED_MODIFIED_INSNS 1
>   
> +/* VA range select bit for Pointer Authentication Code (PAC) feature  */
> +#define AARCH64_PAC_VA_RANGE_BIT 55
> +#define AARCH64_PAC_VA_RANGE_MASK (1ULL << AARCH64_PAC_VA_RANGE_BIT)
> +
>   /* Target-dependent structure in gdbarch.  */
>   struct gdbarch_tdep
>   {
>