[3/8,Arm] Add option -mbranch-protection. [Was RE: [Patch 2/7, Arm, GCC] Add option -mbranch-protection.]
| Message ID | PAXPR08MB7075770D11A8F2AAB4CE9F1EEA869@PAXPR08MB7075.eurprd08.prod.outlook.com |
|---|---|
| State | Superseded |
| Headers |
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
by sourceware.org (Postfix) with ESMTP id 3B6A53857C74
for <patchwork@sourceware.org>; Thu, 28 Oct 2021 11:44:39 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3B6A53857C74
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
s=default; t=1635421479;
bh=mBcCr6dFFnrfgmru26iyvfnAOgQHBFS/avRC24cwGDM=;
h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
List-Help:List-Subscribe:From:Reply-To:From;
b=TCrs9p9F8FksCm7UbFJRPSHJMgk76YYwsu+ir45fDPopIW5njPTC+/zP0VuwhN3MR
6JxHFZ+G4IqKuf1zKqV6bk8KRhXUywi8ucVbpoybTYy+w71LyQGTEVuHf2JUDm8nKy
+PkRscOY/wutUHLsLa0lBSRsu6hk1ZAiWJcBQGow=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from EUR05-DB8-obe.outbound.protection.outlook.com
(mail-db8eur05on2056.outbound.protection.outlook.com [40.107.20.56])
by sourceware.org (Postfix) with ESMTPS id 6DECD3857C7A
for <gcc-patches@gcc.gnu.org>; Thu, 28 Oct 2021 11:42:31 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 6DECD3857C7A
Received: from DB8PR03CA0009.eurprd03.prod.outlook.com (2603:10a6:10:be::22)
by AM7PR08MB5447.eurprd08.prod.outlook.com (2603:10a6:20b:10b::18) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.14; Thu, 28 Oct
2021 11:42:29 +0000
Received: from DB5EUR03FT014.eop-EUR03.prod.protection.outlook.com
(2603:10a6:10:be:cafe::88) by DB8PR03CA0009.outlook.office365.com
(2603:10a6:10:be::22) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.15 via Frontend
Transport; Thu, 28 Oct 2021 11:42:29 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123)
smtp.mailfrom=arm.com; dkim=pass (signature was verified)
header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
63.35.35.123 as permitted sender) receiver=protection.outlook.com;
client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
DB5EUR03FT014.mail.protection.outlook.com (10.152.20.102) with
Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.4649.14 via Frontend Transport; Thu, 28 Oct 2021 11:42:29 +0000
Received: ("Tessian outbound 6ebd41198c5d:v108");
Thu, 28 Oct 2021 11:42:29 +0000
X-CR-MTA-TID: 64aa7808
Received: from fda0f00b0952.1
by 64aa7808-outbound-1.mta.getcheckrecipient.com id
22750B36-D0F5-48E9-87E6-BF4A9D516FD6.1;
Thu, 28 Oct 2021 11:42:19 +0000
Received: from EUR03-DB5-obe.outbound.protection.outlook.com
by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id
fda0f00b0952.1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
Thu, 28 Oct 2021 11:42:19 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=DWxDfQi8qWXLm5XorHqZqPt6+oD3BlQxPNpT9CShB/wSJP2TT07R6PgbyLmXusch1Akd1AZz6t39jqOwCvsdQ8ioGuhoGOFoXDxcOxAdrnTDwy2F4wRCKzWhTIjhexadV0SZTxb8oMs5/H5vWj5mjsAyEndfEiCU9/gOCOQSO6aM38tRXd/Xy2r8lgrU8a6iMQ3pJ8DaRgmmtCTqe56IWG7b3U+W2Qfy7NjbLBeZH5Ejm7bC2JxN9H1cFv5hfJfjvHmFBhi3RJavugnHCn1ov3W+IFQiFNRt0vyZ/iC/wcrYT+C+zMghLGz6jtWHgtxH4q6RJ32GI+Z/h3EIdhYuSQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=mBcCr6dFFnrfgmru26iyvfnAOgQHBFS/avRC24cwGDM=;
b=BW+bBRlRtJ475svArjNuET8VYLDcmPDSG+eIweW5tb9dHxjBfzzo2XRmyxnnfh8t4kag5V0crHHV4B+cwRVf/NWg4z3prtZNH0KZDtv8Ys0yToVzLur6jGMGZH/UpYGDBXCEYPFKxbmqZ3VInzZ7eTj1IPNwwD45YzHROLg9lx2iL63ibgh/ZK0OyHjXlcPA/oKjMDCW7T9LP7X/xoE7hl3mVIJmRv1Zg74jmdC+m5kEDQP5eC6IEc0iMK9aTqSZTTEaZtC99oY/ekSaXeJ0JYb/09cdYEQVbN2ToHd2aCNQVdxbJlYLkT+WOxAyo9FEpB+xa+OOvDsDbHvjU2fBcA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass
header.d=arm.com; arc=none
Received: from PAXPR08MB7075.eurprd08.prod.outlook.com (2603:10a6:102:201::15)
by PAXPR08MB7123.eurprd08.prod.outlook.com (2603:10a6:102:206::24)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4649.14; Thu, 28 Oct
2021 11:42:16 +0000
Received: from PAXPR08MB7075.eurprd08.prod.outlook.com
([fe80::9c7f:ad76:ac66:26f2]) by PAXPR08MB7075.eurprd08.prod.outlook.com
([fe80::9c7f:ad76:ac66:26f2%9]) with mapi id 15.20.4628.020; Thu, 28 Oct 2021
11:42:16 +0000
To: Richard Earnshaw <Richard.Earnshaw@arm.com>, "gcc-patches@gcc.gnu.org"
<gcc-patches@gcc.gnu.org>
Subject: [Patch 3/8, Arm, GCC] Add option -mbranch-protection. [Was RE: [Patch
2/7, Arm, GCC] Add option -mbranch-protection.]
Thread-Topic: [Patch 3/8, Arm, GCC] Add option -mbranch-protection. [Was RE:
[Patch 2/7, Arm, GCC] Add option -mbranch-protection.]
Thread-Index: AdfL7BKI2laQ6UQ8RLSiOvSwvpo37g==
Date: Thu, 28 Oct 2021 11:42:16 +0000
Message-ID:
<PAXPR08MB7075770D11A8F2AAB4CE9F1EEA869@PAXPR08MB7075.eurprd08.prod.outlook.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ts-tracking-id: F2C38273A4E67F49965CCFE3DDF7BFBF.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=arm.com;
x-ms-publictraffictype: Email
X-MS-Office365-Filtering-Correlation-Id: 0eeedcfc-9bf2-495e-0e1d-08d99a0805d7
x-ms-traffictypediagnostic: PAXPR08MB7123:|AM7PR08MB5447:
X-Microsoft-Antispam-PRVS:
<AM7PR08MB54472A6A3AC27FD104C9A734EA869@AM7PR08MB5447.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:8882;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original:
StOG+ZJo0wTZUBQgoqvtnqCZwOMJQWUsy5EEJiLcRjCF0odzMrXyPlxgyEOq5icXxMSfx1i2+Dykt2ShchHEd1haShL362yNf8NXD8O/vDUR9lms2JRjb7pKWz51fGtZIPD0UsFsZ/GOFrhec9vFfjTFchlJZITvs5vwu7fx76+hQsMcKKhO2v38QlO4Z9CfZuzrrilojmc58HeG2tfo9gcnqH3w4jIcDYRr6dTlqr8m542VbPtCDeWEQK2BeoGAlOYdTunUZ6K0raKLhZNneToNIpGm9n3ZjFbaXYxmHNb999lcpCyJlSNc2nFsH63fNbeRmk6js+9/nlxB6mPd4UDhgTARRtdGxhnW0MwxdAMoYeqbOC4nYXMuZ2sGCXj0rZTUNPlD8ilE8U+KPYay6ilGw6A/8Fe0i7fYU0/mYs2RAk8IOMP/IcreSlu0fp2BkyX9QgzBSKUz0rma7trVvp2Hru7smO3CAt6LreieMoF8ifygicxmOJB64Hr5L7yqNpX9sDygrLqwrQ9GT8oCxzd4OG5v15whYZ4RSj1K/NNhq0G2Q/UTKY3vrX+/TY/de1Yfl8BvY1SXIe86MzQvar8hxvZcqPB2JV7JSdwBavdnLhELUTISsA9Bsg7CTTSzAf1tFqZSYPdIky+d2aO1uykpWZWhsk8IuLFOTKEDBkQq2FCI6cWHlSzx62S6GOi1BVU4LfeVbf5ivWMz2o48Jg==
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR08MB7075.eurprd08.prod.outlook.com;
PTR:; CAT:NONE;
SFS:(4636009)(366004)(2906002)(71200400001)(33656002)(7696005)(83380400001)(38070700005)(99936003)(4001150100001)(66946007)(6506007)(9686003)(76116006)(38100700002)(53546011)(26005)(55016002)(52536014)(508600001)(186003)(110136005)(122000001)(316002)(66446008)(66556008)(8936002)(64756008)(66476007)(5660300002)(8676002)(86362001);
DIR:OUT; SFP:1101;
Content-Type: multipart/mixed;
boundary="_002_PAXPR08MB7075770D11A8F2AAB4CE9F1EEA869PAXPR08MB7075eurp_"
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR08MB7123
Original-Authentication-Results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped:
DB5EUR03FT014.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs:
8ed6ae9a-268b-4cae-9415-08d99a07fe2e
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
1G1GTL8fDg1/klMJSHXo6HgD65iCMcGhtpQ13kVvOpuHm24QzO9JpOM1Am/AP9Q577W1/eBsJ8BbAyYveeEKoG4YdPZWv8bBcVT8m++5YB2IOpEOfTQ8f89BXjiHRCdtE4jT84TnHYFiSHwKkWKheB5HtVV53KdP/s7i6eSLhgSV5Krsl3ypxk9GkMbK9yEXqwvBTnlzd/tak1k7U63bLKyCH5Tqj0oVZdBDLmuGmOF5DBUeo0f7JQWLu7Kty2YWxDqaqfD4jbH3BKq1WuEBJ1b0IjwKQX8TmcW8A6DFVEbRaw+wbBdoXYMxqevVQQIUyoQQw2KlfV3YWPI3n7nsB3Z/13gj6n7UVWS8eZKY1XwXVx5VuA1tpQiN0pRbL3dIg+59okIvxMjCLqAyzBZFH9GLLgSN9QtoxNXcKbR78LvDfwnijjBiloz1w5pTygTHhMwH8eUYusuCz+ysCIYZnkg1fs/B3hNquSBMsAgp/eD9qKZiPWn8PPhDI4cAuXIjf9T1cC+AJ8o9xzKwZqFoxQ2l1nL/Qrgbmo2STwY9QzyYpaoZf5rtNYsx4GfKCGA94/2H4aKQ1lOa8G8oGXBE2Vm79th8R03dzCDFfkXP64FV3/Yxy8hB8J1CMH41yqJxrop5AcNLzT7ek5hOPpDWSU3U4Dt4RSd2aHmVE2pJVCfLjjQXuDUt1J46kGBv8Ip7vBr0kx30XD2eaX1CBbOzEw==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:;
IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com;
PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE;
SFS:(4636009)(46966006)(36840700001)(8676002)(99936003)(86362001)(2906002)(235185007)(356005)(5660300002)(186003)(81166007)(21480400003)(47076005)(36860700001)(8936002)(82310400003)(33656002)(70586007)(55016002)(70206006)(33964004)(110136005)(336012)(9686003)(316002)(508600001)(83380400001)(4001150100001)(6506007)(52536014)(26005)(53546011)(7696005);
DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Oct 2021 11:42:29.7951 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id:
0eeedcfc-9bf2-495e-0e1d-08d99a0805d7
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123];
Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource:
DB5EUR03FT014.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR08MB5447
X-Spam-Status: No, score=-13.8 required=5.0 tests=BAYES_00, DKIM_SIGNED,
DKIM_VALID, GIT_PATCH_0, KAM_LOTSOFHASH, RCVD_IN_DNSWL_NONE,
RCVD_IN_MSPIKE_H2,
SPF_HELO_PASS, SPF_PASS, TXREP,
UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
<mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
<mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
From: Tejas Belagod via Gcc-patches <gcc-patches@gcc.gnu.org>
Reply-To: Tejas Belagod <Tejas.Belagod@arm.com>
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
<gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
|
| Series |
[1/8,Arm,AArch64] Refactor mbranch-protection option parsing and make it common to AArch32 and AArch64 backends. [Was RE: [Patch 2/7, Arm, GCC] Add option -mbranch-protection.]
|
|
Commit Message
Tejas Belagod
Oct. 28, 2021, 11:42 a.m. UTC
> -----Original Message----- > From: Richard Earnshaw <Richard.Earnshaw@arm.com> > Sent: Monday, October 11, 2021 1:58 PM > To: Tejas Belagod <Tejas.Belagod@arm.com>; gcc-patches@gcc.gnu.org > Subject: Re: [Patch 2/7, Arm, GCC] Add option -mbranch-protection. > > On 08/10/2021 13:17, Tejas Belagod via Gcc-patches wrote: > > Hi, > > > > Add -mbranch-protection option and its associated parsing routines. > > This option enables the code-generation of pointer signing and > > authentication instructions in function prologues and epilogues. > > > > Tested on arm-none-eabi. OK for trunk? > > > > 2021-10-04 Tejas Belagod <tbelagod@arm.com> > > > > gcc/ChangeLog: > > > > * common/config/arm/arm-common.c > > (arm_print_hit_for_pacbti_option): New. > > (arm_progress_next_token): New. > > (arm_parse_pac_ret_clause): New routine for parsing the > > pac-ret clause for -mbranch-protection. > > (arm_parse_pacbti_option): New routine to parse all the options > > to -mbranch-protection. > > * config/arm/arm-protos.h (arm_parse_pacbti_option): Export. > > * config/arm/arm.c (arm_configure)build_target): Handle option > > to -mbranch-protection. > > * config/arm/arm.opt (mbranch-protection). New. > > (arm_enable_pacbti): New. > > > > You're missing documentation for invoke.texi. > > Also, how does this differ from the exising option in aarch64? Can the code > from that be adapted to be made common to both targets rather than doing > a new implementation? > > Finally, there are far to many manifest constants in this patch, they need > replacing with enums or #defines as appropriate if we cannot share the > aarch64 code. Thanks for the reviews. Add -mbranch-protection option. This option enables the code-generation of pointer signing and authentication instructions in function prologues and epilogues. 2021-10-25 Tejas Belagod <tbelagod@arm.com> gcc/ChangeLog: * config/arm/arm.c (arm_configure_build_target): Parse and validate -mbranch-protection option and initialize appropriate data structures. * config/arm/arm.opt: New option -mbranch-protection. * doc/invoke.texi: Document -mbranch-protection. Tested the following configurations, OK for trunk? -mthumb/-march=armv8.1-m.main+pacbti/-mfloat-abi=soft -marm/-march=armv7-a/-mfpu=vfpv3-d16/-mfloat-abi=softfp mcmodel=small and tiny aarch64-none-linux-gnu native test and bootstrap
Comments
On 28/10/2021 12:42, Tejas Belagod via Gcc-patches wrote: > > >> -----Original Message----- >> From: Richard Earnshaw <Richard.Earnshaw@arm.com> >> Sent: Monday, October 11, 2021 1:58 PM >> To: Tejas Belagod <Tejas.Belagod@arm.com>; gcc-patches@gcc.gnu.org >> Subject: Re: [Patch 2/7, Arm, GCC] Add option -mbranch-protection. >> >> On 08/10/2021 13:17, Tejas Belagod via Gcc-patches wrote: >>> Hi, >>> >>> Add -mbranch-protection option and its associated parsing routines. >>> This option enables the code-generation of pointer signing and >>> authentication instructions in function prologues and epilogues. >>> >>> Tested on arm-none-eabi. OK for trunk? >>> >>> 2021-10-04 Tejas Belagod <tbelagod@arm.com> >>> >>> gcc/ChangeLog: >>> >>> * common/config/arm/arm-common.c >>> (arm_print_hit_for_pacbti_option): New. >>> (arm_progress_next_token): New. >>> (arm_parse_pac_ret_clause): New routine for parsing the >>> pac-ret clause for -mbranch-protection. >>> (arm_parse_pacbti_option): New routine to parse all the options >>> to -mbranch-protection. >>> * config/arm/arm-protos.h (arm_parse_pacbti_option): Export. >>> * config/arm/arm.c (arm_configure)build_target): Handle option >>> to -mbranch-protection. >>> * config/arm/arm.opt (mbranch-protection). New. >>> (arm_enable_pacbti): New. >>> >> >> You're missing documentation for invoke.texi. >> >> Also, how does this differ from the exising option in aarch64? Can the code >> from that be adapted to be made common to both targets rather than doing >> a new implementation? >> >> Finally, there are far to many manifest constants in this patch, they need >> replacing with enums or #defines as appropriate if we cannot share the >> aarch64 code. > > Thanks for the reviews. > > Add -mbranch-protection option. This option enables the code-generation of > pointer signing and authentication instructions in function prologues and > epilogues. > > 2021-10-25 Tejas Belagod <tbelagod@arm.com> > > gcc/ChangeLog: > > * config/arm/arm.c (arm_configure_build_target): Parse and validate > -mbranch-protection option and initialize appropriate data structures. > * config/arm/arm.opt: New option -mbranch-protection. .../arm.opt (-mbranch-protection) : New option. > * doc/invoke.texi: Document -mbranch-protection. .../invoke.texi (Arm Options): Document it. > > Tested the following configurations, OK for trunk? > > -mthumb/-march=armv8.1-m.main+pacbti/-mfloat-abi=soft > -marm/-march=armv7-a/-mfpu=vfpv3-d16/-mfloat-abi=softfp > mcmodel=small and tiny > aarch64-none-linux-gnu native test and bootstrap > +@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]] +@opindex mbranch-protection +Select the branch protection features to use. +@samp{none} is the default and turns off all types of branch protection. +@samp{standard} turns on all types of branch protection features. If a feature +has additional tuning options, then @samp{standard} sets it to its standard +level. +@samp{pac-ret[+@var{leaf}]} turns on return address signing to its standard +level: signing functions that save the return address to memory (non-leaf +functions will practically always do this). The optional argument @samp{leaf} +can be used to extend the signing to include leaf functions. +@samp{bti} turns on branch target identification mechanism. This doesn't really use the right documentation style. Closer would be: =============== @item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]] @opindex mbranch-protection Enable branch protection features (armv8.1-m.main only). @samp{none} generate code without branch protection or return address signing. @samp{standard[+@var{leaf}]} generate code with all branch protection features enabled at their standard level. @samp{pac-ret[+@var{leaf}]} generate code with return address signing set to its standard level, which is to sign all functions that save the return address to memory. @samp{leaf} When return address signing is enabled, also sign leaf functions even if they do not write the return address to memory. +@samp{bti} Add landing-pad instructions at the permitted targets of indirect branch instructions. If the @samp{+pacbti} architecture extension is not enabled, then all branch protection and return address signing operations are constrained to use only the instructions defined in the architectural-NOP space. The generated code will remain backwards-compatible with earlier versions of the architecture, but the additional security can be enabled at run time on processors that support the @samp{PACBTI} extension. Branch target enforcement using BTI can only be enabled at runtime if all code in the application has been compiled with at least @samp{-mbranch-protection=bti}. The default is to generate code without branch protection or return address signing. ================ R.
Richard Earnshaw via Gcc-patches <gcc-patches@gcc.gnu.org> writes: [...] >> Thanks for the reviews. >> Add -mbranch-protection option. This option enables the >> code-generation of >> pointer signing and authentication instructions in function prologues and >> epilogues. >> 2021-10-25 Tejas Belagod <tbelagod@arm.com> >> gcc/ChangeLog: >> * config/arm/arm.c (arm_configure_build_target): Parse and >> validate >> -mbranch-protection option and initialize appropriate data structures. >> * config/arm/arm.opt: New option -mbranch-protection. > > .../arm.opt (-mbranch-protection) : New option. > >> * doc/invoke.texi: Document -mbranch-protection. > > .../invoke.texi (Arm Options): Document it. > >> Tested the following configurations, OK for trunk? >> -mthumb/-march=armv8.1-m.main+pacbti/-mfloat-abi=soft >> -marm/-march=armv7-a/-mfpu=vfpv3-d16/-mfloat-abi=softfp >> mcmodel=small and tiny >> aarch64-none-linux-gnu native test and bootstrap >> > > +@item > -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]] > +@opindex mbranch-protection > +Select the branch protection features to use. > +@samp{none} is the default and turns off all types of branch protection. > +@samp{standard} turns on all types of branch protection features. If > a feature > +has additional tuning options, then @samp{standard} sets it to its standard > +level. > +@samp{pac-ret[+@var{leaf}]} turns on return address signing to its standard > +level: signing functions that save the return address to memory (non-leaf > +functions will practically always do this). The optional argument > @samp{leaf} > +can be used to extend the signing to include leaf functions. > +@samp{bti} turns on branch target identification mechanism. > > This doesn't really use the right documentation style. Closer would be: [...] Hi Richard, thanks for reviewing, here is the updated patch. Best Regards Andrea From 3383a1e265b7b695c5d6ce6115ad66eed2a4cb48 Mon Sep 17 00:00:00 2001 From: Andrea Corallo <andrea.corallo@arm.com> Date: Mon, 6 Dec 2021 11:39:03 +0100 Subject: [PATCH] Add option -mbranch-protection. Add -mbranch-protection option. This option enables the code-generation of pointer signing and authentication instructions in function prologues and epilogues. gcc/ChangeLog: * config/arm/arm.c (arm_configure_build_target): Parse and validate -mbranch-protection option and initialize appropriate data structures. * config/arm/arm.opt (-mbranch-protection): New option. * doc/invoke.texi (Arm Options): Document it. Co-Authored-By: Tejas Belagod <tbelagod@arm.com> Co-Authored-By: Richard Earnshaw <Richard.Earnshaw@arm.com> --- gcc/config/arm/arm.c | 11 +++++++++++ gcc/config/arm/arm.opt | 4 ++++ gcc/doc/invoke.texi | 35 +++++++++++++++++++++++++++++++++-- 3 files changed, 48 insertions(+), 2 deletions(-) diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c index 96186b8ad02..ee22acddee5 100644 --- a/gcc/config/arm/arm.c +++ b/gcc/config/arm/arm.c @@ -3237,6 +3237,17 @@ arm_configure_build_target (struct arm_build_target *target, tune_opts = strchr (opts->x_arm_tune_string, '+'); } + if (opts->x_arm_branch_protection_string) + { + aarch_validate_mbranch_protection (opts->x_arm_branch_protection_string); + + if (aarch_ra_sign_key != AARCH_KEY_A) + { + warning (0, "invalid key type for %<-mbranch-protection=%>"); + aarch_ra_sign_key = AARCH_KEY_A; + } + } + if (arm_selected_arch) { arm_initialize_isa (target->isa, arm_selected_arch->common.isa_bits); diff --git a/gcc/config/arm/arm.opt b/gcc/config/arm/arm.opt index 5c5b4f3ae06..4f2754c3e84 100644 --- a/gcc/config/arm/arm.opt +++ b/gcc/config/arm/arm.opt @@ -313,6 +313,10 @@ mbranch-cost= Target RejectNegative Joined UInteger Var(arm_branch_cost) Init(-1) Cost to assume for a branch insn. +mbranch-protection= +Target RejectNegative Joined Var(arm_branch_protection_string) Save +Use branch-protection features. + mgeneral-regs-only Target RejectNegative Mask(GENERAL_REGS_ONLY) Save Generate code which uses the core registers only (r0-r14). diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index 3257df5596d..a808c6bb599 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -820,7 +820,9 @@ Objective-C and Objective-C++ Dialects}. -mpure-code @gol -mcmse @gol -mfix-cmse-cve-2021-35465 @gol --mfdpic} +-mfdpic @gol +-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}] +[+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]]} @emph{AVR Options} @gccoptlist{-mmcu=@var{mcu} -mabsdata -maccumulate-args @gol @@ -21187,7 +21189,36 @@ The opposite @option{-mno-fdpic} option is useful (and required) to build the Linux kernel using the same (@code{arm-*-uclinuxfdpiceabi}) toolchain as the one used to build the userland programs. -@end table +@item +-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]] +@opindex mbranch-protection +Enable branch protection features (armv8.1-m.main only). +@samp{none} generate code without branch protection or return address +signing. +@samp{standard[+@var{leaf}]} generate code with all branch protection +features enabled at their standard level. +@samp{pac-ret[+@var{leaf}]} generate code with return address signing +set to its standard level, which is to sign all functions that save +the return address to memory. +@samp{leaf} When return address signing is enabled, also sign leaf +functions even if they do not write the return address to memory. ++@samp{bti} Add landing-pad instructions at the permitted targets of +indirect branch instructions. + +If the @samp{+pacbti} architecture extension is not enabled, then all +branch protection and return address signing operations are +constrained to use only the instructions defined in the +architectural-NOP space. The generated code will remain +backwards-compatible with earlier versions of the architecture, but +the additional security can be enabled at run time on processors that +support the @samp{PACBTI} extension. + +Branch target enforcement using BTI can only be enabled at runtime if +all code in the application has been compiled with at least +@samp{-mbranch-protection=bti}. + +The default is to generate code without branch protection or return +address signing. @node AVR Options @subsection AVR Options
diff --git a/gcc/config/arm/arm.c b/gcc/config/arm/arm.c index a952655db80663f28f5a5d12005f2adb4702894f..946841526ee127105396097d143e755bdfc756f5 100644 --- a/gcc/config/arm/arm.c +++ b/gcc/config/arm/arm.c @@ -3216,6 +3216,17 @@ arm_configure_build_target (struct arm_build_target *target, tune_opts = strchr (opts->x_arm_tune_string, '+'); } + if (opts->x_arm_branch_protection_string) + { + aarch_validate_mbranch_protection (opts->x_arm_branch_protection_string); + + if (aarch_ra_sign_key != AARCH_KEY_A) + { + warning (0, "invalid key type for %<-mbranch-protection=%>"); + aarch_ra_sign_key = AARCH_KEY_A; + } + } + if (arm_selected_arch) { arm_initialize_isa (target->isa, arm_selected_arch->common.isa_bits); diff --git a/gcc/config/arm/arm.opt b/gcc/config/arm/arm.opt index 5c5b4f3ae0699a3a9d78df40a5ab65324dcba7b9..4f2754c3e84c436f7058ea0bd1c9f517b3a63ccd 100644 --- a/gcc/config/arm/arm.opt +++ b/gcc/config/arm/arm.opt @@ -313,6 +313,10 @@ mbranch-cost= Target RejectNegative Joined UInteger Var(arm_branch_cost) Init(-1) Cost to assume for a branch insn. +mbranch-protection= +Target RejectNegative Joined Var(arm_branch_protection_string) Save +Use branch-protection features. + mgeneral-regs-only Target RejectNegative Mask(GENERAL_REGS_ONLY) Save Generate code which uses the core registers only (r0-r14). diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index 27df8cf5bee79c2abac8b81c1ac54f1c3e50c628..7f886db008a39c44819616eb2799c01822d0aae9 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -810,7 +810,9 @@ Objective-C and Objective-C++ Dialects}. -mpure-code @gol -mcmse @gol -mfix-cmse-cve-2021-35465 @gol --mfdpic} +-mfdpic @gol +-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}] +[+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]]} @emph{AVR Options} @gccoptlist{-mmcu=@var{mcu} -mabsdata -maccumulate-args @gol @@ -20969,6 +20971,18 @@ The opposite @option{-mno-fdpic} option is useful (and required) to build the Linux kernel using the same (@code{arm-*-uclinuxfdpiceabi}) toolchain as the one used to build the userland programs. +@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]] +@opindex mbranch-protection +Select the branch protection features to use. +@samp{none} is the default and turns off all types of branch protection. +@samp{standard} turns on all types of branch protection features. If a feature +has additional tuning options, then @samp{standard} sets it to its standard +level. +@samp{pac-ret[+@var{leaf}]} turns on return address signing to its standard +level: signing functions that save the return address to memory (non-leaf +functions will practically always do this). The optional argument @samp{leaf} +can be used to extend the signing to include leaf functions. +@samp{bti} turns on branch target identification mechanism. @end table @node AVR Options