From: Matthieu Longo <matthieu.longo@arm.com>
Date: Thu, 21 Nov 2024 18:44:22 +0000 (+0000)
Subject: aarch64 SFrame: skip with warning new CFI directive used with pauth_lr
X-Git-Tag: binutils-2_44~148
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=59449a2b21c94b0e1f6cedc278a1beebafaa5111;p=thirdparty%2Fbinutils-gdb.git

aarch64 SFrame: skip with warning new CFI directive used with pauth_lr

Today, SFrame v2 specification does not describe how to encode the
information corresponding to the PAuth_LR PAC signing method (it only
supports PAuth PAC signing method).
SFrame v3 specification should hopefully specify it.

In the meantime, if the GNU assembler finds .cfi_negate_ra_state_with_pc
and --gsframe is specified, it will output a warning to the user and
will fail to generate the FDE entry.

A new SFrame test for .cfi_negate_ra_state_with_pc is also added to
reflect this issue.

Approved-by: Indu Bhagat <indu.bhagat@oracle.com>
---

diff --git a/gas/gen-sframe.c b/gas/gen-sframe.c
index 960c22e05f5..85d2f03a55c 100644
--- a/gas/gen-sframe.c
+++ b/gas/gen-sframe.c
@@ -1272,6 +1272,19 @@ sframe_xlate_do_aarch64_negate_ra_state (struct sframe_xlate_ctx *xlate_ctx,
   return SFRAME_XLATE_OK;
 }
 
+/* Translate DW_CFA_AARCH64_negate_ra_state_with_pc into SFrame context.
+   Return SFRAME_XLATE_OK if success.  */
+
+static int
+sframe_xlate_do_aarch64_negate_ra_state_with_pc (struct sframe_xlate_ctx *xlate_ctx ATTRIBUTE_UNUSED,
+						 struct cfi_insn_data *cfi_insn ATTRIBUTE_UNUSED)
+{
+  as_warn (_("skipping SFrame FDE; .cfi_negate_ra_state_with_pc"));
+  /* The used signing method should be encoded inside the FDE in SFrame v3.
+     For now, PAuth_LR extension is not supported with SFrame.  */
+  return SFRAME_XLATE_ERR_NOTREPRESENTED;  /* Not represented.  */
+}
+
 /* Translate DW_CFA_GNU_window_save into SFrame context.
    DW_CFA_GNU_window_save is a DWARF Sparc extension, but is multiplexed with a
    directive of DWARF AArch64 extension: DW_CFA_AARCH64_negate_ra_state.
@@ -1387,6 +1400,9 @@ sframe_do_cfi_insn (struct sframe_xlate_ctx *xlate_ctx,
     case DW_CFA_GNU_window_save:
       err = sframe_xlate_do_gnu_window_save (xlate_ctx, cfi_insn);
       break;
+    case DW_CFA_AARCH64_negate_ra_state_with_pc:
+      err = sframe_xlate_do_aarch64_negate_ra_state_with_pc (xlate_ctx, cfi_insn);
+      break;
     case DW_CFA_register:
       err = sframe_xlate_do_register (xlate_ctx, cfi_insn);
       break;
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d
new file mode 100644
index 00000000000..c81888b0021
--- /dev/null
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.d
@@ -0,0 +1,25 @@
+#as: --gsframe
+#objdump: --sframe=.sframe
+#name: SFrame cfi_negate_ra_state_with_pc test
+#warning: Warning: skipping SFrame FDE; \.cfi_negate_ra_state_with_pc
+
+## The support for .cfi_negate_ra_state_with_pc is currently pending on SFrame
+## v3 (currently in development). The unimplemented support is reported to the
+## user as a warning. Then the handler returns an error that will cause no
+## creation of a SFrame FDE later (hence "Num FDEs: 0").
+## Note: this test will be expected to fail when the support of PAuth_LR in
+## SFrame will be added, so will have to be fixed.
+
+#...
+Contents of the SFrame section .sframe:
+
+  Header :
+
+    Version: SFRAME_VERSION_2
+    Flags: NONE
+    Num FDEs: 0
+    Num FREs: 0
+
+  Function Index :
+
+#pass
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s
new file mode 100644
index 00000000000..3c21d5ce887
--- /dev/null
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe-aarch64-4.s
@@ -0,0 +1,23 @@
+## ARMv9.5 enhanced the existing PAuth feature with a new extension called
+## PAuth_LR. It aims at hardening the PAC in a signed return address. When
+## signing the return address in LR, the PC is used as a diversifier, in
+## addition to the SP to generate the PAC code.
+## As for PAuth, when the pointers are mangled with PAuth_LR, the stack trace
+## generator needs to know so it can mask off the PAC from the pointer value to
+## recover the return address, and conversely, skip doing so if the pointers are
+## not mangled.
+##
+## .cfi_negate_ra_state_with_pc CFI directive is used to convey this information.
+##
+## SFrame has currently no support for this. The support is expected in SFrame
+## v3. This testcase ensures that the directive is understood, and outputs
+## a warning to the user before failing to generate the FDE.
+	.cfi_startproc
+	.long 0
+	.cfi_def_cfa_offset 16
+	.cfi_negate_ra_state_with_pc
+	.long 0
+	.cfi_offset 29, -16
+	.cfi_offset 30, -8
+	.long 0
+	.cfi_endproc
diff --git a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
index 1de2c9f8037..b119b9da73d 100644
--- a/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
+++ b/gas/testsuite/gas/cfi-sframe/cfi-sframe.exp
@@ -98,5 +98,6 @@ if { [istarget "aarch64*-*-*"] && [gas_sframe_check] } then {
     run_dump_test "cfi-sframe-aarch64-1"
     run_dump_test "cfi-sframe-aarch64-2"
     run_dump_test "cfi-sframe-aarch64-3"
+    run_dump_test "cfi-sframe-aarch64-4"
     run_dump_test "cfi-sframe-aarch64-pac-ab-key-1"
 }