diff mbox series

[FYI] www: new AdaCore-contributed hardening features in gcc 13 and 14

Message ID orv88tz3v8.fsf_-_@lxoliva.fsfla.org
State New
Headers
Series [FYI] www: new AdaCore-contributed hardening features in gcc 13 and 14 |

Checks

Context Check Description
linaro-tcwg-bot/tcwg_gcc_build--master-arm fail Patch failed to apply
linaro-tcwg-bot/tcwg_gcc_build--master-aarch64 fail Patch failed to apply

Commit Message

Alexandre Oliva Dec. 20, 2023, 8:15 a.m. UTC 
  On Nov 30, 2023, Richard Biener <richard.guenther@gmail.com> wrote:

>> >> Here are changes.html entries for this and for the other newly-added
>> >> features:
>> 
>> > LGTM.

(sorry, I should be following up two messages upthread, but I don't seem
to have saved that one)

I've finally put in the www changes.


Mention hardening of conditionals (added in gcc 13), control flow
redundancy, hardened booleans, and stack scrubbing.

Also cover forced inlining of string operations while at that.
---
 htdocs/gcc-13/changes.html |    6 ++++++
 htdocs/gcc-14/changes.html |   29 +++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)
diff mbox series

Patch

diff --git a/htdocs/gcc-13/changes.html b/htdocs/gcc-13/changes.html
index ee6383a095706..d3bacc167cd30 100644
--- a/htdocs/gcc-13/changes.html
+++ b/htdocs/gcc-13/changes.html
@@ -168,6 +168,12 @@  You may also want to check out our
     been added, see also
     <a href="https://gcc.gnu.org/onlinedocs/gcc/Freestanding-Environments.html">Profiling and Test Coverage in Freestanding Environments</a>.
   </li>
+  <li>
+    New options <code>-fharden-compares</code>
+    and <code>-fharden-conditional-branches</code> to verify compares
+    and conditional branches, to detect some power-deprivation
+    hardware attacks, using reversed conditions.
+  </li>
 </ul>
 
 
diff --git a/htdocs/gcc-14/changes.html b/htdocs/gcc-14/changes.html
index 11c7ca7e6967f..24e6409a11b68 100644
--- a/htdocs/gcc-14/changes.html
+++ b/htdocs/gcc-14/changes.html
@@ -128,6 +128,35 @@  a work-in-progress.</p>
     of hardening flags.  The options it enables can be displayed using the
     <code>--help=hardened</code> option.
   </li>
+  <li>
+    New option <code>-fharden-control-flow-redundancy</code>, to
+    verify, at the end of functions, that the visited basic blocks
+    correspond to a legitimate execution path, so as to detect and
+    prevent attacks that transfer control into the middle of
+    functions.
+  </li>
+  <li>
+    New type attribute <code>hardbool</code>, for C and Ada.  Hardened
+    booleans take user-specified representations for <code>true</code>
+    and <code>false</code>, presumably with higher hamming distance
+    than standard booleans, and get verified at every use, detecting
+    memory corruption and some malicious attacks.
+  </li>
+  <li>
+    New type attribute <code>strub</code> to control stack scrubbing
+    properties of functions and variables.  The stack frame used by
+    functions marked with the attribute gets zeroed-out upon returning
+    or exception escaping.  Scalar variables marked with the attribute
+    cause functions contaning or accessing them to get stack scrubbing
+    enabled implicitly.
+  </li>
+  <li>
+    New option <code>-finline-stringops</code>, to force inline
+    expansion of <code>memcmp</code>, <code>memcpy</code>,
+    <code>memmove</code> and <code>memset</code>, even when that is
+    not an optimization, to avoid relying on library
+    implementations.
+  </li>
 </ul>
 <!-- .................................................................. -->
 <h2 id="languages">New Languages and Language specific improvements</h2>