Andrea Corallo via Gcc-patches <gcc-patches@gcc.gnu.org> writes:
> Hi all,
>
> this patch enables address return signature and verification based on
> Armv8.1-M Pointer Authentication [1].
>
> To sign the return address, we use the PAC R12, LR, SP instruction
> upon function entry. This is signing LR using SP and storing the
> result in R12. R12 will be pushed into the stack.
>
> During function epilogue R12 will be popped and AUT R12, LR, SP will
> be used to verify that the content of LR is still valid before return.
>
> Here an example of PAC instrumented function prologue and epilogue:
>
> pac r12, lr, sp
> push {r3, r7, lr}
> push {r12}
> sub sp, sp, #4
> [...] function body
> add sp, sp, #4
> pop {r12}
> pop {r3, r7, lr}
> aut r12, lr, sp
> bx lr
>
> The patch also takes care of generating a PACBTI instruction in place
> of the sequence BTI+PAC when Branch Target Identification is enabled
> contextually.
>
> These two patches apply on top of Tejas series posted here [2].
>
> Regressioned and arm-linux-gnu aarch64-linux-gnu bootstraped.
>
> Best Regards
>
> Andrea
>
> [1]
> <https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/armv8-1-m-pointer-authentication-and-branch-target-identification-extension>
> [2] <https://gcc.gnu.org/pipermail/gcc-patches/2021-October/581176.html>
Ping
Best Regards
Andrea
