From patchwork Mon Jul 4 09:27:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Corallo X-Patchwork-Id: 55691 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 102AE385694C for ; Mon, 4 Jul 2022 09:29:17 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 102AE385694C DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1656926957; bh=RWXCB9nMZGpnMl6dFqpXtwlSwtOdRFwV8b6wrla7XR4=; h=To:Subject:References:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=X5lJVBIufMe5gV6vVNx7TjMK/GQVeKJ3U9GSO4vvq4CAZ/BxWGRurMpyOInsoZP38 oPf//y7g0TEhTvCkP8QOULNug1G0MrSKrwiqgiz+e9DpI7FnDRT6SqFPCoC1hiHb2z qeF/4Za82paih0DWsfOKH/z4s9uTY66+gfTD3C44= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80054.outbound.protection.outlook.com [40.107.8.54]) by sourceware.org (Postfix) with ESMTPS id 52CDD3856DEC for ; Mon, 4 Jul 2022 09:28:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 52CDD3856DEC ARC-Seal: i=2; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=pass; b=a1pWcofAMfbZniXgXFvlJtSAp5poduVReWciYCOHpjaLRbxHz2g6tVoHeFDz2K95Ig7PxgMOP3Ifvaf80Q1SzsNjAe8H4OQqGQu2FfXaGjf780m7mrFnA5L9BuZPnLhFZOablBOKzov58GnBvbohpQiMybZVg6O9DFYwwdTekFA5SsDGjqQc/MFHUdNeo96cCoJbcHQ2BqpopGYI1yg2XbaWb4mRzhPsSpkNDis8pPSLRcARLiqsZnZFQ0rx1jlPa/7LWN9tFsLB8lNBA53JA0dv/RTTg8T4yyOnfvHMV52uBzys2VJ77GXE6bA/XDwCzLCclcdmhXkzpJP6o7GSkg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RWXCB9nMZGpnMl6dFqpXtwlSwtOdRFwV8b6wrla7XR4=; b=GMDZVme1CVmEB0UfWtSlRa+BUUaZMBn5SJrjrB+RwedeeLQq80LLkteo6SKp/gbjOXt801apx/SPim2pSQbr3w5zqrwNoaIOgP2n6zydRkTlbIDBItpcOIXX02+xisRRLMPIbYzzNH2XzgcxY5piAW8ATAxIBiHZMT2FLVUpz0R0Cmf7BQ7f6uT1Pd5rCIqRjWuAOy5QY/bdjwIr0puUoxA9ojJxdGYIMXTTVdkX/qBNv0aBdZK+tFAUhvGkqmwoK8tgdbJUgxzb9B3PsbZKCDZhCmCr4Zw5PuLQEYXa6eA4Q9omH7mhXs8MjwwTF+gR+DZQ4Jj/uJJRaTmNu95gug== ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=pass (sender ip is 63.35.35.123) smtp.rcpttodomain=gcc.gnu.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; arc=pass (0 oda=1 ltdi=1 spf=[1,1,smtp.mailfrom=arm.com] dmarc=[1,1,header.from=arm.com]) Received: from DU2PR04CA0192.eurprd04.prod.outlook.com (2603:10a6:10:28d::17) by GV2PR08MB7931.eurprd08.prod.outlook.com (2603:10a6:150:a8::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.20; Mon, 4 Jul 2022 09:28:40 +0000 Received: from DBAEUR03FT029.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:28d:cafe::9f) by DU2PR04CA0192.outlook.office365.com (2603:10a6:10:28d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.20 via Frontend Transport; Mon, 4 Jul 2022 09:28:40 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DBAEUR03FT029.mail.protection.outlook.com (100.127.142.181) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.14 via Frontend Transport; Mon, 4 Jul 2022 09:28:39 +0000 Received: ("Tessian outbound 4748bc5c2894:v121"); Mon, 04 Jul 2022 09:28:39 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: b4c4fca142cbac3d X-CR-MTA-TID: 64aa7808 Received: from d227fbbbdbfa.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id B55E6A7E-ED10-403B-9CF0-3711D1ECE9BF.1; Mon, 04 Jul 2022 09:27:48 +0000 Received: from EUR03-DBA-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d227fbbbdbfa.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Mon, 04 Jul 2022 09:27:48 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D+wfDmG32+RdkX8yU6LL9uy5YW/CmB4kKbwS74ITZGZg8/IyjiNzBoPsKJSYXQrgI/k5jtu/oVmNEMtnq75CQfEChzFRDJbBnRL9IWBIWPdFbyFrDzTBOoQadl8zA6vfCB4hAogKNWy9Rqf5cj5yYp4kPp2hCJLXDDUvj78Lufcd2jRTTpinxWQiPS38ngASc0riq+MzCJ6opinaJyHgs/n7rd0M4EQwfRrcWw05052FpR6ErB3EtnwJhJpXUDVZrvr6sCGBLyx494hMDBE8OnNtDIc1UWaMqaxdWqDvPQbLWhG6mWMuywN6zkq7lWgGXBBpf/S6kH9gNCysWzHuLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RWXCB9nMZGpnMl6dFqpXtwlSwtOdRFwV8b6wrla7XR4=; b=TFaGnEF5izKWGPGDxrnHQz9yDThG/YdDgiHc4Hsev6ZQVsSwAGmSETI6OhEqUgmyxKrKyeguQvLYUOztsqkphuiDb+UwKONCu7H/DjSGZslTd1seEHf1dcS/9NYvwBpWsCQGohPtrqA6TL/mr5djPHNbkhH0tHlEUQaCwYbLCiHHG6B2lhQ6Awvcn6khsNhAd7kOFWNBgJEhqqV89K0F1y/9jDQgpEBlkk+8b1VH/bO4rS6KcRmfK2PEvx5tu7oLB1+nhDkbzz0efR/QoHItL0V8UURaL5LRgKWkhWwJMOeh8dScFqhoKJ++IAxJDtaFx6/fwgM9o0R9N5eFtpYmoQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 40.67.248.234) smtp.rcpttodomain=gcc.gnu.org smtp.mailfrom=arm.com; dmarc=pass (p=none sp=none pct=100) action=none header.from=arm.com; dkim=none (message not signed); arc=none Received: from DB8PR03CA0025.eurprd03.prod.outlook.com (2603:10a6:10:be::38) by AS4PR08MB8045.eurprd08.prod.outlook.com (2603:10a6:20b:585::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.20; Mon, 4 Jul 2022 09:27:47 +0000 Received: from DBAEUR03FT014.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:be:cafe::a2) by DB8PR03CA0025.outlook.office365.com (2603:10a6:10:be::38) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.20 via Frontend Transport; Mon, 4 Jul 2022 09:27:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 40.67.248.234) smtp.mailfrom=arm.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; pr=C Received: from nebula.arm.com (40.67.248.234) by DBAEUR03FT014.mail.protection.outlook.com (100.127.143.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.5395.14 via Frontend Transport; Mon, 4 Jul 2022 09:27:46 +0000 Received: from AZ-NEU-EX01.Emea.Arm.com (10.251.26.4) by AZ-NEU-EX04.Arm.com (10.251.24.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2507.9; Mon, 4 Jul 2022 09:27:45 +0000 Received: from AZ-NEU-EX04.Arm.com (10.251.24.32) by AZ-NEU-EX01.Emea.Arm.com (10.251.26.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.2507.9; Mon, 4 Jul 2022 09:27:45 +0000 Received: from e124257 (10.34.105.24) by mail.arm.com (10.251.24.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.9 via Frontend Transport; Mon, 4 Jul 2022 09:27:44 +0000 To: Richard Earnshaw Subject: [PATCH 3/12 V2] arm: Add option -mbranch-protection References: <7599346b-1015-7dae-88a6-f7c8a8d82c98@foss.arm.com> Date: Mon, 4 Jul 2022 11:27:43 +0200 In-Reply-To: <7599346b-1015-7dae-88a6-f7c8a8d82c98@foss.arm.com> (Richard Earnshaw's message of "Fri, 1 Jul 2022 11:59:06 +0100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1.50 (gnu/linux) MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-Office365-Filtering-Correlation-Id: 6ebc70ea-7bcd-4d5e-c3ad-08da5d9f948a X-MS-TrafficTypeDiagnostic: AS4PR08MB8045:EE_|DBAEUR03FT029:EE_|GV2PR08MB7931:EE_ x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: lYJGkRLUOFt6EeG6RdS9gr9H3n4vNKOXth758SrjRXQf/5HXqPVfpAWfU4WLiFL5qSbHgSds/ogtdJzDGbvn75doP8VkLKZul2E4lDOugj18cyi5H/CjxSXKun77UvWuEZxvV96MmqIsXGXf8N6OxGo+bBbi1d012wECwN8J1kQnGD3FK63j0a19UVRQ+VNMC1N8EKYe+dRMMhpK2my3Sg93mFegN+T0AxKKEy/rS7T88n9DB/zQwe8f46EnQ8v5F649neMFJLnMi31AdQ0dMCjLHHxcDeCHtKOc9Nj+ZvfgwlgLM2iGYggwhWiHImTJY96bKRGLAItZZKELbPRm9299MDDWSTslPTMZ6kbZolbaatxtdGIAPWZoIx3KRh4g9+NxLDS44D7f6UfPPx2Ne26PpwEaQxWTxvgT670WTm1cSrdSr/VKvO7T5lYJHrnjmv2XAe6vyhodKmSjCXpON+kfctzryX0RFKY0mM64PnwaZgt2mCVm8SL/c/hu4GVaUyLelFoI712yy+28z9zpZGgkuVB74j53aHh+iwpf3PzlIwXpd6Q8os3gACNib5Kl5QrP3zqKJ1CHBk6FszEYmFoexFhCtsniLaOTm4/51qkv+fnBJ/LskisMVRbZ0Dg0ljHVR3IiRdYcKy56aruOc72H9JaMBqP/KAX0BGRIDhR0lh6t3k2pvK6tVAsh23vB1uPt9nDaOY8IGtxoRd0rRBq5jj5hsAKO2pFvJ/kXBARtEMYLxbtB+U4/VgEi4+IhP8L5tq679vuHfwwW6trdM/L+PrZhCGLlb9iQ7tjr3bMS7Ohn7IUc+XWhAi0gY9nj5NWBC2N4YZzCkoXoxqJPv7MkECrFrXHrWssugg3c21I= X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:nebula.arm.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230016)(4636009)(39850400004)(346002)(136003)(396003)(376002)(36840700001)(40470700004)(46966006)(2616005)(186003)(82310400005)(40480700001)(426003)(47076005)(336012)(54906003)(8676002)(4326008)(70206006)(316002)(70586007)(83380400001)(36756003)(6862004)(235185007)(86362001)(40460700003)(5660300002)(33964004)(478600001)(44832011)(82740400003)(36860700001)(8936002)(356005)(81166007)(26005)(2906002)(41300700001)(36900700001); DIR:OUT; SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4PR08MB8045 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DBAEUR03FT029.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: e2a539d4-ecf1-4bfd-b377-08da5d9f74b9 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: UjB1WUsbPVQAh/gBSA2gNO+WfcSydLw75V+PbcOlJ2qE2juGFS4ZONXjYahw9vdylS25sP57enexhnapiQKHpY7KmJKuG0UBNiBUXGj8ngxV02fc/psuoTEXqwfFWE2s4hYKpEmxDi8gZdGXuHwYuv+hy5OGWGgliYTpmPmrvVAyHCgfR5Nd8y1MMMsnQNxSlVon+LY4Dk5Jnzkj0gbFZ6D0k3frX/kbhfSvdiORhsTbxKmWFyOVlAYLumvmvT723y+53AjmEFMN0b/rUerFaVgqfW0vpMNPeRdXQDKUx6/uiII/xTwxFMdj8rgOABsarGvhBJ9RGKEXOjqWgTOeKyglgLxJsbvWv6cthS7Tli1+48xPaNl0EIZr/kLVyHoJC6gh7jO2XWe5PNa+B32fUPmcUoq+Ivv9s/gKjNLCRrZUG7y55idfIR2WeM7FWy9ch2k0rRPlBSZW8Z50nYTbKXSZUAXhi2GSmqZQ20n/GE1BqwaZ0N6ZhB24SRwn47n6gYwEUk6LPbgCf9kHyd+tJLBuElijzLW/BLqHpQ68ZdLBi9aN8cionEinHEGz+MPoNswcezw8zeiVOuEDQTT3SXzGXoMUzJCaZviKK5V9kfP3ToZEEngicvgkFVzYrdtD93GbuFJaJh4DAvJVo4BQA8ZfS64M59NlOFN/VJkYQ1npg+vuXX8jrhn2oo9eiU0lSjqcS7YTbzcdSJjs1SwPefY2PFxP2KIlcUlGB8DNXzn3/mOjtZ05QiyTSeIdRkwNuDRyxbZfO5qJnt10BR2J5WwryzovnpKztB3TFB/uXQQ/sMACZFAixzmjv4JwntcblFq0wtqzlgUY+E/sFnPV0g== X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(13230016)(4636009)(39860400002)(346002)(396003)(136003)(376002)(46966006)(40470700004)(36840700001)(81166007)(86362001)(336012)(235185007)(36756003)(44832011)(36860700001)(2616005)(83380400001)(82310400005)(82740400003)(70206006)(70586007)(186003)(8676002)(4326008)(54906003)(316002)(41300700001)(47076005)(478600001)(40460700003)(40480700001)(26005)(426003)(33964004)(2906002)(5660300002)(6862004)(8936002); DIR:OUT; SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Jul 2022 09:28:39.9495 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6ebc70ea-7bcd-4d5e-c3ad-08da5d9f948a X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: DBAEUR03FT029.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2PR08MB7931 X-Spam-Status: No, score=-12.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, FORGED_SPF_HELO, GIT_PATCH_0, KAM_DMARC_NONE, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_NONE, TXREP, T_SCC_BODY_TEXT_LINE, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Andrea Corallo via Gcc-patches From: Andrea Corallo Reply-To: Andrea Corallo Cc: Richard Earnshaw , nd , Andrea Corallo via Gcc-patches Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org Sender: "Gcc-patches" Richard Earnshaw writes: [...] > +@item > +-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]] > +@opindex mbranch-protection > +Enable branch protection features (armv8.1-m.main only). > +@samp{none} generate code without branch protection or return address > +signing. > +@samp{standard[+@var{leaf}]} generate code with all branch protection > +features enabled at their standard level. > +@samp{pac-ret[+@var{leaf}]} generate code with return address signing > +set to its standard level, which is to sign all functions that save > +the return address to memory. > +@samp{leaf} When return address signing is enabled, also sign leaf > +functions even if they do not write the return address to memory. > ++@samp{bti} Add landing-pad instructions at the permitted targets of > +indirect branch instructions. > + > +If the @samp{+pacbti} architecture extension is not enabled, then all > +branch protection and return address signing operations are > +constrained to use only the instructions defined in the > +architectural-NOP space. The generated code will remain > +backwards-compatible with earlier versions of the architecture, but > +the additional security can be enabled at run time on processors that > +support the @samp{PACBTI} extension. > + > +Branch target enforcement using BTI can only be enabled at runtime if > +all code in the application has been compiled with at least > +@samp{-mbranch-protection=bti}. > + > +The default is to generate code without branch protection or return > +address signing. > > This needs to make it clear that -mbranch-protection != none is only > supported on armv8-m.main or later. > > R. Hi Richard, thanks for reviewing, please find attached the respinned patch. Ok for trunk (when the rest of the series will be approved)? Best Regards Andrea gcc/ChangeLog: * config/arm/arm.c (arm_configure_build_target): Parse and validate -mbranch-protection option and initialize appropriate data structures. * config/arm/arm.opt (-mbranch-protection): New option. * doc/invoke.texi (Arm Options): Document it. Co-Authored-By: Tejas Belagod Co-Authored-By: Richard Earnshaw diff --git a/gcc/config/arm/arm.cc b/gcc/config/arm/arm.cc index 60f3eae82a4..0068817b0f2 100644 --- a/gcc/config/arm/arm.cc +++ b/gcc/config/arm/arm.cc @@ -3263,6 +3263,17 @@ arm_configure_build_target (struct arm_build_target *target, tune_opts = strchr (opts->x_arm_tune_string, '+'); } + if (opts->x_arm_branch_protection_string) + { + aarch_validate_mbranch_protection (opts->x_arm_branch_protection_string); + + if (aarch_ra_sign_key != AARCH_KEY_A) + { + warning (0, "invalid key type for %<-mbranch-protection=%>"); + aarch_ra_sign_key = AARCH_KEY_A; + } + } + if (arm_selected_arch) { arm_initialize_isa (target->isa, arm_selected_arch->common.isa_bits); diff --git a/gcc/config/arm/arm.opt b/gcc/config/arm/arm.opt index f54ec8356c3..d292e23ea11 100644 --- a/gcc/config/arm/arm.opt +++ b/gcc/config/arm/arm.opt @@ -323,6 +323,10 @@ mbranch-cost= Target RejectNegative Joined UInteger Var(arm_branch_cost) Init(-1) Cost to assume for a branch insn. +mbranch-protection= +Target RejectNegative Joined Var(arm_branch_protection_string) Save +Use branch-protection features. + mgeneral-regs-only Target RejectNegative Mask(GENERAL_REGS_ONLY) Save Generate code which uses the core registers only (r0-r14). diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index 079e34ed98c..a2be3446594 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -825,7 +825,9 @@ Objective-C and Objective-C++ Dialects}. -mcmse @gol -mfix-cmse-cve-2021-35465 @gol -mstack-protector-guard=@var{guard} -mstack-protector-guard-offset=@var{offset} @gol --mfdpic} +-mfdpic @gol +-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}] +[+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]]} @emph{AVR Options} @gccoptlist{-mmcu=@var{mcu} -mabsdata -maccumulate-args @gol @@ -21521,6 +21523,40 @@ The opposite @option{-mno-fdpic} option is useful (and required) to build the Linux kernel using the same (@code{arm-*-uclinuxfdpiceabi}) toolchain as the one used to build the userland programs. +@item +-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]] +@opindex mbranch-protection +Enable branch protection features (armv8.1-m.main only). +@samp{none} generate code without branch protection or return address +signing. +@samp{standard[+@var{leaf}]} generate code with all branch protection +features enabled at their standard level. +@samp{pac-ret[+@var{leaf}]} generate code with return address signing +set to its standard level, which is to sign all functions that save +the return address to memory. +@samp{leaf} When return address signing is enabled, also sign leaf +functions even if they do not write the return address to memory. ++@samp{bti} Add landing-pad instructions at the permitted targets of +indirect branch instructions. + +If the @samp{+pacbti} architecture extension is not enabled, then all +branch protection and return address signing operations are +constrained to use only the instructions defined in the +architectural-NOP space. The generated code will remain +backwards-compatible with earlier versions of the architecture, but +the additional security can be enabled at run time on processors that +support the @samp{PACBTI} extension. + +Branch target enforcement using BTI can only be enabled at runtime if +all code in the application has been compiled with at least +@samp{-mbranch-protection=bti}. + +Any setting other than @samp{none} is supported only on armv8-m.main +or later. + +The default is to generate code without branch protection or return +address signing. + @end table @node AVR Options