I noticed a bug in Debian bug tracker.
And then, I learned that ffmpeg added a patch:
https://www.mail-archive.com/ffmpeg-devel@ffmpeg.org/msg188206.html
https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22485
I think that something like this:
diff --git a/cipher/asm-common-aarch64.h b/cipher/asm-common-aarch64.h index dde7366c..bbc8ee1e 100644 --- a/cipher/asm-common-aarch64.h +++ b/cipher/asm-common-aarch64.h @@ -61,6 +61,12 @@ # define AARCH64_PAC_PROPERTY_FLAG 0 /* No PAC */ #endif +#if defined(__ARM_FEATURE_GCS_DEFAULT) && __ARM_FEATURE_GCS_DEFAULT == 1 +# define AARCH64_GCS_PROPERTY_FLAG (1 << 2) +#else +# define AARCH64_GCS_PROPERTY_FLAG 0 /* No GCS */ +#endif + #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES /* CFI directives to emit DWARF stack unwinding information. */ # define CFI_STARTPROC() .cfi_startproc; AARCH64_HINT_BTI_C @@ -154,10 +160,13 @@ ldp d8, d9, [sp], #16; \ CFI_ADJUST_CFA_OFFSET(-16); -#if (AARCH64_BTI_PROPERTY_FLAG | AARCH64_PAC_PROPERTY_FLAG) -/* Generate PAC/BTI property for all assembly files including this header. +#if (AARCH64_BTI_PROPERTY_FLAG | AARCH64_PAC_PROPERTY_FLAG | AARCH64_GCS_PROPERTY_FLAG) +/* Generate GCS/PAC/BTI property for all assembly files including this header. * * libgcrypt support these extensions: + * - Armv9.4-A Guarded Control Stack (GCS): + * We mark GCS as supported. FIXME: Returns must match the expected value. + * * - Armv8.3-A Pointer Authentication (PAC): * As currently all AArch64 assembly functions are leaf functions and do * not store/load link register LR, we just mark PAC as supported. @@ -178,7 +187,7 @@ ELF(.balign 8) ELF(.long 0xc0000000) ELF(.long 3f - 2f) ELF(2:) -ELF(.long (AARCH64_BTI_PROPERTY_FLAG | AARCH64_PAC_PROPERTY_FLAG)) +ELF(.long (AARCH64_BTI_PROPERTY_FLAG | AARCH64_PAC_PROPERTY_FLAG | AARCH64_GCS_PROPERTY_FLAG)) ELF(3:) ELF(.balign 8) ELF(4:)
We need to confirm that we don't have optimization (skipping return) in our AARCH64 assembly code.