Exception Return, with pointer authentication. This instruction authenticates the address in ELR, using SP as the modifier and the specified key, the PE restores PSTATE from the SPSR for the current Exception level, and branches to the authenticated address.
Key A is used for ERETAA. Key B is used for ERETAB.
If the authentication passes, the PE continues execution at the target of the branch. For information on behavior if the authentication fails, see Faulting on pointer authentication.
The authenticated address is not written back to ELR.
The PE checks the SPSR for the current Exception level for an illegal return event. See Illegal return events from AArch64 state.
ERETAA and ERETAB are UNDEFINED at EL0.
31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
1 | 1 | 0 | 1 | 0 | 1 | 1 | 0 | 1 | 0 | 0 | 1 | 1 | 1 | 1 | 1 | 0 | 0 | 0 | 0 | 1 | M | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 |
opc | op2 | A | Rn | op4 |
if !IsFeatureImplemented(FEAT_PAuth) then UNDEFINED; boolean pac = TRUE; boolean use_key_a = (M == '0'); boolean auth_then_branch = TRUE;
if PSTATE.EL == EL0 then UNDEFINED; AArch64.CheckForERetTrap(pac, use_key_a); bits(64) target = ELR_ELx[]; bits(64) modifier = SP[]; if use_key_a then target = AuthIA(target, modifier, auth_then_branch); else target = AuthIB(target, modifier, auth_then_branch); AArch64.ExceptionReturn(target, SPSR_ELx[]);
Internal version only: aarchmrs v2024-03_relA, pseudocode v2024-03_rel, sve v2024-03_rel ; Build timestamp: 2024-03-26T09:45
Copyright © 2010-2024 Arm Limited or its affiliates. All rights reserved. This document is Non-Confidential.