From 7614b17ad1133cc6ab4c3b2ad93ae231752a645a Mon Sep 17 00:00:00 2001 From: Peter Smith Date: Thu, 14 May 2026 14:09:14 +0100 Subject: [PATCH 1/6] [pauthabielf64] Define R_AARCH64_AUTH_TLSDESC_CALL. The TLSDESC sequence for accessing an authenticated pointer is similar to the traditional TLSDESC sequence. As pointer signing must be done at run-time there are much more limited opportunities to relax a TLSDESC AUTH, we introduce a R_AARCH64_AUTH_TLSDESC_CALL relocation that permits a static linker to transform the blraa to a nop, when relaxation is possible. A new relocation code has been introduced rather than reusing R_AARCH64_TLSDESC_CALL so that a static linker can assume that the destination symbol is signed, without having to derive it from other R_AARCH64_TLSDESC_* relocations. TLSDESC sequence adrp x0, :tlsdesc:v //R_AARCH64_TLSDESC_ADR_PAGE21 ldr x1, [x0, #:tlsdesc_lo12:v] //R_AARCH64_TLSDESC_LD64_LO12 add x0, x0, #:tlsdesc_lo12:v //R_AARCH64_TLSDESC_ADD_LO12 .tlsdesccall var //R_AARCH64_TLSDESC_CALL blr x1 TLSDESC AUTH sequence adrp x0, :tlsdesc_auth:v //R_AARCH64_AUTH_TLSDESC_ADR_PAGE21 ldr x16, [x0, #:tlsdesc_auth_lo12:v]//R_AARCH64_AUTH_TLSDESC_LD64_LO12 add x0, x0, #:tlsdesc_auth_lo12:v //R_AARCH64_AUTH_TLSDESC_ADD_LO12 .tlsdescauthcall v //R_AARCH64_AUTH_TLSDESC_CALL blraa x16, x0 fixes #393 --- aaelf64/aaelf64.rst | 2 ++ pauthabielf64/pauthabielf64.rst | 29 +++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/aaelf64/aaelf64.rst b/aaelf64/aaelf64.rst index 7eb8af67..9c53ca32 100644 --- a/aaelf64/aaelf64.rst +++ b/aaelf64/aaelf64.rst @@ -1825,6 +1825,8 @@ The ``PAUTH`` and ``ENCD`` operators are defined in `PAUTHABIELF64`_. +------------+------------+----------------------------------------+--------------------------------------+----------------------+ | 597 | \- | R\_AARCH64\_AUTH\_TLSDESC\_ADD\_LO12 | G(ENCD(GTLSDESC(S))) | See `PAUTHABIELF64`_ | +------------+------------+----------------------------------------+--------------------------------------+----------------------+ + | 598 | \- | R\_AARCH64\_AUTH\_TLSDESC\_CALL | None | See `PAUTHABIELF64`_ | + +------------+------------+----------------------------------------+--------------------------------------+----------------------+ Relocations for Structure Protection Extension ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/pauthabielf64/pauthabielf64.rst b/pauthabielf64/pauthabielf64.rst index 612d7fb3..23d1710a 100644 --- a/pauthabielf64/pauthabielf64.rst +++ b/pauthabielf64/pauthabielf64.rst @@ -251,6 +251,8 @@ changes to the content of the document for that release. +------------+-----------------------------+------------------------------------------------------------------+ | 2026Q2 | 6\ :sup:`th` January 2026 | - Clarify combination of MemtagABI and PAuthABI relocations | +------------+-----------------------------+------------------------------------------------------------------+ + | 2026Q2 | 14\ :sup:`th` May 2026 | - Add R_AARCH64_AUTH_TLSDESC_CALL relocation | + +------------+-----------------------------+------------------------------------------------------------------+ References ---------- @@ -1201,6 +1203,33 @@ The GOT entries must be relocated by AUTH variant dynamic relocations. | | | | field to bits [11:0] of | | | | | X. No overflow check. | +-----------------+----------------------------------------+----------------------------------------+--------------------------+ + | 0x266 (598) | R\_AARCH64\_AUTH\_TLSDESC\_CALL | None | For relaxation only. See | + | | | | notes below. | + +-----------------+----------------------------------------+----------------------------------------+--------------------------+ + +.. note:: + + Relocation code ``R_AARCH64_AUTH_TLSDESC_CALL`` is needed to permit + linker optimization of TLS descriptor code sequences involving + authenticated pointers, when undefined weak non-preemptible symbols + are known to resolve to 0; this can only be done if all relevant uses + of TLS descriptors are marked to permit accurate relaxation. + +.. code-block:: asm + + // Before (AUTH TLSDESC): + adrp x0, :tlsdesc_auth: undefined_weak // R_AARCH64_AUTH_TLSDESC_ADR_PAGE21 + ldr x16, [x0, :tlsdesc_auth_lo12: undefined_weak // R_AARCH64_AUTH_TLSDESC_LD64_LO12 + add x0, x0 :tlsdesc_auth_lo12: undefined_weak // R_AARCH64_AUTH_TLSDESC_ADD_LO12 + .tlddescauthcall undefined_weak // R_AARCH64_AUTH_TLSDESC_CALL + autia x0, x8 + + // After relaxation, assuming undefined_weak is known to be 0 at static-link time. + mov x0, #0x0 + nop + nop + nop + .. raw:: pdf PageBreak From abc03d428f02f2a53fcdaa113f6890e5f6d1ceed Mon Sep 17 00:00:00 2001 From: Peter Smith Date: Wed, 27 May 2026 16:42:53 +0100 Subject: [PATCH 2/6] Review comments * use blraa as in commit message. * mention that a value of 0 when added to the thread pointer is invalid. --- pauthabielf64/pauthabielf64.rst | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/pauthabielf64/pauthabielf64.rst b/pauthabielf64/pauthabielf64.rst index 23d1710a..3c51c678 100644 --- a/pauthabielf64/pauthabielf64.rst +++ b/pauthabielf64/pauthabielf64.rst @@ -1221,8 +1221,8 @@ The GOT entries must be relocated by AUTH variant dynamic relocations. adrp x0, :tlsdesc_auth: undefined_weak // R_AARCH64_AUTH_TLSDESC_ADR_PAGE21 ldr x16, [x0, :tlsdesc_auth_lo12: undefined_weak // R_AARCH64_AUTH_TLSDESC_LD64_LO12 add x0, x0 :tlsdesc_auth_lo12: undefined_weak // R_AARCH64_AUTH_TLSDESC_ADD_LO12 - .tlddescauthcall undefined_weak // R_AARCH64_AUTH_TLSDESC_CALL - autia x0, x8 + .tlsdescauthcall undefined_weak // R_AARCH64_AUTH_TLSDESC_CALL + blraa x0 // After relaxation, assuming undefined_weak is known to be 0 at static-link time. mov x0, #0x0 @@ -1230,6 +1230,10 @@ The GOT entries must be relocated by AUTH variant dynamic relocations. nop nop +Note that this relaxation is equivalent to a 0 returned from the +TLSDESC handler function. If this is added to the thread pointer +(TP) the result would point to the thread control block (TCB). + .. raw:: pdf PageBreak From 9df754d9cee2e599851d65ce4bc493c02fe2ea54 Mon Sep 17 00:00:00 2001 From: Peter Smith Date: Thu, 4 Jun 2026 17:38:38 +0100 Subject: [PATCH 3/6] [pauthabielf64] Split out TLS commentary into a design document * Clarify that TLSDESC refers to the dialect * Clarify that signing the parameter to a resolver function is a contract between the dynamic linker and the resolver function. --- design-documents/pauthabi-tls.rst | 130 ++++++++++++++++++++++++++++++ pauthabielf64/pauthabielf64.rst | 29 ++----- 2 files changed, 137 insertions(+), 22 deletions(-) create mode 100644 design-documents/pauthabi-tls.rst diff --git a/design-documents/pauthabi-tls.rst b/design-documents/pauthabi-tls.rst new file mode 100644 index 00000000..3b8e9af2 --- /dev/null +++ b/design-documents/pauthabi-tls.rst @@ -0,0 +1,130 @@ +.. + Copyright (c) 2026, Arm Limited and its affiliates. All rights reserved. + CC-BY-SA-4.0 AND Apache-Patent-License + See LICENSE file for details + +.. _AAELF64: https://github.com/ARM-software/abi-aa/tree/main/aaelf64/aaelf64.rst +.. _PAUTHABIELF64: https://github.com/ARM-software/abi-aa/tree/main/pauthabielf64/pauthabielf64.rst +.. _SYSVABI64: https://github.com/ARM-software/abi-aa/tree/main/sysvabi64/sysvabi64.rst +.. _TLSDESC: http://www.fsfla.org/~lxoliva/writeups/TLS/RFC-TLSDESC-ARM.txt + +TLS in the PAuthABI +******************* + +Preamble +======== + +Background +---------- + +This document contains additional context for implementing TLS in the +PAuthABI as defined in the ABI extension `PAUTHABIELF64`_. This +document is not normative and `PAUTHABIELF64`_ takes precedence if +there are any discrepancies. + +TLS Dialect +----------- + +The base ABI in `AAELF64`_ defines relocations for two TLS +dialects. The "traditional" dialect and the "descriptor" dialect. In +the traditional dialect global and local dynamic TLS use the +``R__TLSGD`` and ``R__TLSLD`` prefixed relocations. These +create a pair of GOT entries relocated by ``R__TLS_DTPMOD``. In +the "descriptor" dialect, global and local dynamic TLS use the +``R__TLSDESC`` prefixed relocations. These create a pair of GOT +entries relocated by ``R__TLSDESC``. Local Exec and Initial Exec +TLS are handled the same way in both dialects. + +The `PAUTHABIELF64`_ only supports the descriptor based dialect, +primarily because clang only supports the "descriptor" based dialect. + +Auth variant TLS relocations +---------------------------- + +The signing-schema for accessing TLS is platform defined. The +following section is a discussion of the most likely choices. + +If the GOT is unsigned, the TLS code-sequences, relocations and +relaxations, from the base ABI can be used, see `AAELF64`_ and +`SYSVABI64`_ for details. + +If a GOT entry is signed then AUTH variant static TLS relocations are +required for the static linker to be able use an AUTH variant dynamic +relocation that informs the dynamic linker to sign the GOT entries. + +At present there are AUTH variant static and dynamic relocations +defined for TLSDESC, but not for Initial Exec. + +Local dynamic TLS does not use the GOT so it can be handled by the +``R__TLSLE`` prefixed relocations defined in `AAELF64`_. + +The choice of which GOT entries to sign is a property of the +signing-schema for the platform. For example a signing-schema may only +sign GOT entries containing code-pointers, which would permit Initial +Exec TLS using the ``R__TLSIE`` prefixed relocations defined in +`AAELF64`_. Alternatively a signing-schema may sign all GOT entries. + +TLS Relaxation +-------------- + +The static linker may relax a more general TLS model to a more +constrained model when TLS variables meet the requirements for using +the constrained model, and the relaxed sequence is permitted by the +signing-schema of the platform. + +The AUTH variant TLSDESC sequence to access TLS variable ``v`` is as +described below: + + .. code + + adrp x0, :tlsdesc_auth:v // R_AARCH64_AUTH_TLS_ADR_PAGE21 + ldr x16, [x0, #:tlsdesc_auth_lo12:v] // R_AARCH64_AUTH_TLSDESC_LD64_LO12 + add x0, x0, #:tlsdesc_auth_lo12:v // R_AARCH64_AUTH_TLSDESC_ADD_LO12 + .tlsauthdesccall v //R_AARCH64_AUTH_TLSDESC_CALL + blraa x16, x0 + +There are no AUTH variant TLSIE relocations defined so a relaxation is +only possible to an unsigned GOT entry if permitted by the +signing-schema: + + .. code + + adrp x0, :gottprel:v // R_AARCH64_TLSIE_ADR_GOTTPREL_PAGE21 v + ldr x0, [x0, #:gottprel_lo12:v] // R_AARCH64_TLSIE_LD64_GOTTPREL_LO12_NC v + nop + nop + +A theoretical relaxation for a signed GOT is possible when the +architectural feature ``FEAT_FPAC`` is available or a signing-schema +does not require an immediate trap on failure of an AUTH +(``-fno-ptrauth-traps`` in clang). + + .. code + + adrp x0, :gottprel:v // R_AARCH64_AUTH_TLSIE_ADR_GOTTPREL_PAGE21 v + add x1, x0, #:gottprel_lo12:v // R_AARCH64_AUTH_TLSIE_ADD_LO12 v + ldr x0, [x1] + autia x0, x1 + +There are no spare instructions to test whether the TLS offset in +``x0`` authenticated successfully. + +A relaxation to local-exec is always possible as no GOT entry is used. + + .. code + + movz x0, :tprel_g1:v // R_AARCH64_TLSLE_MOVW_TPREL_G1 v + movk x0, :tprel_g0:v // R_AARCH64_TLSLE_MOVW_TPREL_G0_NC v + nop + nop + +A weak reference that is known at static link time to be undefined can +be relaxed by setting the offset so that it cancels to 0 when added to +the thread pointer. + + .. code + + mrs x0, tpidr_el0 + neg x0, x0 + nop + nop diff --git a/pauthabielf64/pauthabielf64.rst b/pauthabielf64/pauthabielf64.rst index 3c51c678..9f28455e 100644 --- a/pauthabielf64/pauthabielf64.rst +++ b/pauthabielf64/pauthabielf64.rst @@ -471,7 +471,9 @@ General Restrictions way to avoid COPY relocations is to access imported signed pointers via the GOT. -- PAUTHELF64 only supports the descriptor based TLS (TLSDESC). +- PAUTHELF64 only supports the descriptor based TLS (TLSDESC) dialect. + The "traditional" dialect as selected by -mtls-dialect=traditional is + not supported. The Rationale behind the requirement to avoid copy relocations is that the static linker creates the storage that the copy is placed; which @@ -1115,9 +1117,11 @@ AUTH variant GOT Generating Relocations ``ENCD(value)`` is the encoding of the signing schema into the GOT slot using the ``IA`` key for symbols of type STT_FUNC and the ``DA`` key for all other symbol types. The address of the GOT slot ``G`` is -used as a modifer. For ``ENCD(GTLSDESC(S)`` the encoding applies to +used as a modifer. For ``ENCD(GTLSDESC(S)`` the encoding must apply to the first entry containing the pointer to the variable's TLS -descriptor resolver function. +descriptor resolver function. Whether the parameter to the resolver +function is signed is platform defined as it is a contract between the +dynamic loader and the resolver function. The GOT entries must be relocated by AUTH variant dynamic relocations. @@ -1215,25 +1219,6 @@ The GOT entries must be relocated by AUTH variant dynamic relocations. are known to resolve to 0; this can only be done if all relevant uses of TLS descriptors are marked to permit accurate relaxation. -.. code-block:: asm - - // Before (AUTH TLSDESC): - adrp x0, :tlsdesc_auth: undefined_weak // R_AARCH64_AUTH_TLSDESC_ADR_PAGE21 - ldr x16, [x0, :tlsdesc_auth_lo12: undefined_weak // R_AARCH64_AUTH_TLSDESC_LD64_LO12 - add x0, x0 :tlsdesc_auth_lo12: undefined_weak // R_AARCH64_AUTH_TLSDESC_ADD_LO12 - .tlsdescauthcall undefined_weak // R_AARCH64_AUTH_TLSDESC_CALL - blraa x0 - - // After relaxation, assuming undefined_weak is known to be 0 at static-link time. - mov x0, #0x0 - nop - nop - nop - -Note that this relaxation is equivalent to a 0 returned from the -TLSDESC handler function. If this is added to the thread pointer -(TP) the result would point to the thread control block (TCB). - .. raw:: pdf PageBreak From 020c48db867396b9e6c99eaab96f7256d6ad1227 Mon Sep 17 00:00:00 2001 From: Peter Smith Date: Tue, 9 Jun 2026 18:35:43 +0100 Subject: [PATCH 4/6] [PAUTHABIELF64] Review comments for TLS design document * Add DTPREL dynamic relocation for traditional dialect. * Emphasised traditional dialect is legacy. * Removed comma making sentence difficult to parse. * Added auth to theoretical initial exec. * Reference design doc from main PAuthABI, further simplifying the section on relaxation. --- design-documents/pauthabi-tls.rst | 29 +++++++++++++++++------------ pauthabielf64/pauthabielf64.rst | 8 +++++--- 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/design-documents/pauthabi-tls.rst b/design-documents/pauthabi-tls.rst index 3b8e9af2..f185d3c6 100644 --- a/design-documents/pauthabi-tls.rst +++ b/design-documents/pauthabi-tls.rst @@ -28,15 +28,17 @@ TLS Dialect The base ABI in `AAELF64`_ defines relocations for two TLS dialects. The "traditional" dialect and the "descriptor" dialect. In the traditional dialect global and local dynamic TLS use the -``R__TLSGD`` and ``R__TLSLD`` prefixed relocations. These -create a pair of GOT entries relocated by ``R__TLS_DTPMOD``. In -the "descriptor" dialect, global and local dynamic TLS use the -``R__TLSDESC`` prefixed relocations. These create a pair of GOT -entries relocated by ``R__TLSDESC``. Local Exec and Initial Exec -TLS are handled the same way in both dialects. +``R__TLSGD``, ``R__TLSLD`` prefixed relocations. These +create a pair of GOT entries relocated by ``R__TLS_DTPMOD`` and +``R__TLS_DTPREL``. In the "descriptor" dialect, global and local +dynamic TLS use the ``R__TLSDESC`` prefixed relocations. These +create a pair of GOT entries relocated by ``R__TLSDESC``. Local +Exec and Initial Exec TLS are handled the same way in both dialects. The `PAUTHABIELF64`_ only supports the descriptor based dialect, -primarily because clang only supports the "descriptor" based dialect. +primarily because the traditional dialect is now legacy. GCC defaults +to the "descriptor" dialect and clang only supports the "descriptor" +based dialect. Auth variant TLS relocations ---------------------------- @@ -56,20 +58,23 @@ At present there are AUTH variant static and dynamic relocations defined for TLSDESC, but not for Initial Exec. Local dynamic TLS does not use the GOT so it can be handled by the -``R__TLSLE`` prefixed relocations defined in `AAELF64`_. +``R__TLSLE`` prefixed relocations from the base ABI defined in +`AAELF64`_. The choice of which GOT entries to sign is a property of the signing-schema for the platform. For example a signing-schema may only sign GOT entries containing code-pointers, which would permit Initial Exec TLS using the ``R__TLSIE`` prefixed relocations defined in -`AAELF64`_. Alternatively a signing-schema may sign all GOT entries. +`AAELF64`_. Alternatively a signing-schema may sign all GOT entries, +which would require AUTH variant static and dynamic relocations to be +defined for Initial Exec. TLS Relaxation -------------- The static linker may relax a more general TLS model to a more constrained model when TLS variables meet the requirements for using -the constrained model, and the relaxed sequence is permitted by the +the constrained model and the relaxed sequence is permitted by the signing-schema of the platform. The AUTH variant TLSDESC sequence to access TLS variable ``v`` is as @@ -101,8 +106,8 @@ does not require an immediate trap on failure of an AUTH .. code - adrp x0, :gottprel:v // R_AARCH64_AUTH_TLSIE_ADR_GOTTPREL_PAGE21 v - add x1, x0, #:gottprel_lo12:v // R_AARCH64_AUTH_TLSIE_ADD_LO12 v + adrp x0, :gottprel_auth:v // R_AARCH64_AUTH_TLSIE_ADR_GOTTPREL_PAGE21 v + add x1, x0, #:gottprel_auth_lo12:v // R_AARCH64_AUTH_TLSIE_ADD_LO12 v ldr x0, [x1] autia x0, x1 diff --git a/pauthabielf64/pauthabielf64.rst b/pauthabielf64/pauthabielf64.rst index 9f28455e..315f4bb7 100644 --- a/pauthabielf64/pauthabielf64.rst +++ b/pauthabielf64/pauthabielf64.rst @@ -13,6 +13,7 @@ .. _CPPABI64: https://github.com/ARM-software/abi-aa/releases .. _LSB: https://refspecs.linuxfoundation.org/LSB_1.2.0/gLSB/noteabitag.html .. _MEMTAGABI: https://github.com/ARM-software/abi-aa/releases +.. _PAUTHABITLS: https://github.com/ARM-software/abi-aa/tree/main/design-documents .. _SCO-ELF: http://www.sco.com/developers/gabi/ .. _SYSVABI64: https://github.com/ARM-software/abi-aa/releases .. _TLSDESC: http://www.fsfla.org/~lxoliva/writeups/TLS/paper-lk2006.pdf @@ -276,6 +277,8 @@ This document refers to, or is referred to by, the following documents. +-----------------------------------------------------------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+ | MEMTAGABI_ | memtagabi64 | Memtag ABI Extension for the Arm 64-bit Architecture | +-----------------------------------------------------------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+ + | PAUTHABITLS_ | | Rationale for and possible relaxations for TLS in a PAuthABI environment | + +-----------------------------------------------------------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+ | SCO-ELF_ | http://www.sco.com/developers/gabi/ | System V Application Binary Interface – DRAFT | +-----------------------------------------------------------------------------------------+-------------------------------------------------------------+--------------------------------------------------------------------------+ | SYSVABI64_ | sysvabi64 | System V Application Binary Interface (ABI) for the Arm 64-bit | @@ -1215,9 +1218,8 @@ The GOT entries must be relocated by AUTH variant dynamic relocations. Relocation code ``R_AARCH64_AUTH_TLSDESC_CALL`` is needed to permit linker optimization of TLS descriptor code sequences involving - authenticated pointers, when undefined weak non-preemptible symbols - are known to resolve to 0; this can only be done if all relevant uses - of TLS descriptors are marked to permit accurate relaxation. + signed GOT entries. Further information, including possible + relaxations is available in the `PAUTHABITLS`_ design document. .. raw:: pdf From ccf63bfb28b928e8fb665e370fa7cbe4920e192b Mon Sep 17 00:00:00 2001 From: Peter Smith Date: Wed, 10 Jun 2026 09:12:11 +0100 Subject: [PATCH 5/6] [PAUTHABIELF64] Review comments, add in comma [NFC] --- pauthabielf64/pauthabielf64.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pauthabielf64/pauthabielf64.rst b/pauthabielf64/pauthabielf64.rst index 315f4bb7..a8df05fe 100644 --- a/pauthabielf64/pauthabielf64.rst +++ b/pauthabielf64/pauthabielf64.rst @@ -1219,7 +1219,7 @@ The GOT entries must be relocated by AUTH variant dynamic relocations. Relocation code ``R_AARCH64_AUTH_TLSDESC_CALL`` is needed to permit linker optimization of TLS descriptor code sequences involving signed GOT entries. Further information, including possible - relaxations is available in the `PAUTHABITLS`_ design document. + relaxations, is available in the `PAUTHABITLS`_ design document. .. raw:: pdf From bc128ae1ad7972c723a9c91b41e70312e58aea6d Mon Sep 17 00:00:00 2001 From: Peter Smith Date: Tue, 23 Jun 2026 10:52:16 +0100 Subject: [PATCH 6/6] [pauthabielf64] Fix code-blocks and typo in option name * use .. code-block asm for code examples * use correct name -fptrauth-auth-traps --- design-documents/pauthabi-tls.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/design-documents/pauthabi-tls.rst b/design-documents/pauthabi-tls.rst index f185d3c6..351e694d 100644 --- a/design-documents/pauthabi-tls.rst +++ b/design-documents/pauthabi-tls.rst @@ -80,7 +80,7 @@ signing-schema of the platform. The AUTH variant TLSDESC sequence to access TLS variable ``v`` is as described below: - .. code +.. code-block:: asm adrp x0, :tlsdesc_auth:v // R_AARCH64_AUTH_TLS_ADR_PAGE21 ldr x16, [x0, #:tlsdesc_auth_lo12:v] // R_AARCH64_AUTH_TLSDESC_LD64_LO12 @@ -92,7 +92,7 @@ There are no AUTH variant TLSIE relocations defined so a relaxation is only possible to an unsigned GOT entry if permitted by the signing-schema: - .. code +.. code-block:: asm adrp x0, :gottprel:v // R_AARCH64_TLSIE_ADR_GOTTPREL_PAGE21 v ldr x0, [x0, #:gottprel_lo12:v] // R_AARCH64_TLSIE_LD64_GOTTPREL_LO12_NC v @@ -102,9 +102,9 @@ signing-schema: A theoretical relaxation for a signed GOT is possible when the architectural feature ``FEAT_FPAC`` is available or a signing-schema does not require an immediate trap on failure of an AUTH -(``-fno-ptrauth-traps`` in clang). +(``-fno-ptrauth-auth-traps`` in clang). - .. code +.. code-block:: asm adrp x0, :gottprel_auth:v // R_AARCH64_AUTH_TLSIE_ADR_GOTTPREL_PAGE21 v add x1, x0, #:gottprel_auth_lo12:v // R_AARCH64_AUTH_TLSIE_ADD_LO12 v @@ -116,7 +116,7 @@ There are no spare instructions to test whether the TLS offset in A relaxation to local-exec is always possible as no GOT entry is used. - .. code +.. code-block:: asm movz x0, :tprel_g1:v // R_AARCH64_TLSLE_MOVW_TPREL_G1 v movk x0, :tprel_g0:v // R_AARCH64_TLSLE_MOVW_TPREL_G0_NC v @@ -127,7 +127,7 @@ A weak reference that is known at static link time to be undefined can be relaxed by setting the offset so that it cancels to 0 when added to the thread pointer. - .. code +.. code-block:: asm mrs x0, tpidr_el0 neg x0, x0