https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94891
Bug ID: 94891
Summary: aarch64: there is no way to strip PAC from a return
address in c code
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: nsz at gcc dot gnu.org
Target Milestone: ---
Neither __builtin_return_address nor __builtin_extract_return_address
strips the pointer authentication code (PAC) when compiling with
-mbranch-protection=pac-ret.
Currently inline asm is the only way to get the actual return address
in pac-ret code (xpaclri instruction strips PAC without authenticating
the pointer), so users will have to disable pac-ret for code that uses
the builtins or add aarch64 asm.
It seems the only code that requires __builtin_return_address to return
the signed return address is the libgcc unwinder so it seems that would
be easier to fix than all other code. (Note that having PAC in
__builtin_return_address is not compatible with ilp32 and thus currently
pac-ret is disabled with -mabi=ilp32)
__builtin_extract_return_addr is required to be invertible with
__builtin_frob_return_addr which does not work for PAC.
So it seems aarch64 needs new builtins or existing builtins need to
change.
