Exception return, with pointer authentication
This instruction authenticates the address in ELR, using SP as the modifier and the specified key, restores PSTATE from the SPSR for the current Exception level, and branches to the authenticated address.
Key A is used for ERETAA. Key B is used for ERETAB.
If the authentication passes, the PE continues execution at the target of the branch. For information on behavior if the authentication fails, see Faulting on pointer authentication.
The authenticated address is not written back to ELR.
The SPSR is checked for the current Exception level for an illegal return event. See Illegal exception returns from AArch64 state.
ERETAA and ERETAB are UNDEFINED at EL0.
Variants: FEAT_PAuth (ARMv8.3)
| 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
| 1 | 1 | 0 | 1 | 0 | 1 | 1 | 0 | 1 | 0 | 0 | 1 | 1 | 1 | 1 | 1 | 0 | 0 | 0 | 0 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | 1 | |
| opc | op2 | A | M | Rn | op4 | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ERETAA
ERETAB
if !IsFeatureImplemented(FEAT_PAuth) then EndOfDecode(Decode_UNDEF); constant boolean pac = TRUE; constant boolean use_key_a = (M == '0'); constant boolean auth_then_branch = TRUE;
if PSTATE.EL == EL0 then UNDEFINED; AArch64.CheckForERetTrap(pac, use_key_a); bits(64) target = ELR_ELx[]; constant bits(64) modifier = SP[64]; if use_key_a then target = AuthIA(target, modifier, auth_then_branch); else target = AuthIB(target, modifier, auth_then_branch); AArch64.ExceptionReturn(target, SPSR_ELx[]);