public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed
* [gcc(refs/vendors/ARM/heads/gcs)] aarch64: Add -mbranch-protection=gcs option
@ 2024-02-14 15:26 Szabolcs Nagy
0 siblings, 0 replies; 2+ messages in thread
From: Szabolcs Nagy @ 2024-02-14 15:26 UTC (permalink / raw)
To: gcc-cvs
https://gcc.gnu.org/g:d6f5213ca301360cddcdf69845d336e9b34b9d59
commit d6f5213ca301360cddcdf69845d336e9b34b9d59
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Mon Jun 19 12:57:56 2023 +0100
aarch64: Add -mbranch-protection=gcs option
This enables Guarded Control Stack (GCS) compatible code generation.
The "standard" branch-protection type enables it, and the default
depends on the compiler default.
TODO: gcs compatibility marking is missing.
gcc/ChangeLog:
* config/aarch64/aarch64-protos.h (aarch_gcs_enabled): Declare.
* config/aarch64/aarch64.cc (aarch_gcs_enabled): Define.
(aarch_handle_no_branch_protection): Handle gcs.
(aarch_handle_standard_branch_protection): Handle gcs.
(aarch_handle_gcs_protection): New.
* config/aarch64/aarch64.opt: Add aarch_enable_gcs.
* configure: Regenerate.
* configure.ac: Handle gcs in --enable-standard-branch-protection.
* doc/invoke.texi: Document -mbranch-protection=gcs.
Diff:
---
gcc/config/aarch64/aarch64-protos.h | 2 ++
gcc/config/aarch64/aarch64.cc | 24 ++++++++++++++++++++++++
gcc/config/aarch64/aarch64.opt | 3 +++
gcc/configure | 2 +-
gcc/configure.ac | 2 +-
gcc/doc/invoke.texi | 5 +++--
6 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
index a0b142e0b94f..d82130fde801 100644
--- a/gcc/config/aarch64/aarch64-protos.h
+++ b/gcc/config/aarch64/aarch64-protos.h
@@ -1112,4 +1112,6 @@ extern void aarch64_adjust_reg_alloc_order ();
bool aarch64_optimize_mode_switching (aarch64_mode_entity);
void aarch64_restore_za (rtx);
+extern bool aarch64_gcs_enabled ();
+
#endif /* GCC_AARCH64_PROTOS_H */
diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
index 05c436c17ba0..88847d710e0a 100644
--- a/gcc/config/aarch64/aarch64.cc
+++ b/gcc/config/aarch64/aarch64.cc
@@ -8349,6 +8349,13 @@ aarch_bti_j_insn_p (rtx_insn *insn)
return GET_CODE (pat) == UNSPEC_VOLATILE && XINT (pat, 1) == UNSPECV_BTI_J;
}
+/* Return TRUE if Guarded Control Stack is enabled. */
+bool
+aarch64_gcs_enabled (void)
+{
+ return (aarch64_enable_gcs == 1);
+}
+
/* Check if X (or any sub-rtx of X) is a PACIASP/PACIBSP instruction. */
bool
aarch_pac_insn_p (rtx x)
@@ -18663,6 +18670,7 @@ aarch64_handle_no_branch_protection (void)
{
aarch_ra_sign_scope = AARCH_FUNCTION_NONE;
aarch_enable_bti = 0;
+ aarch64_enable_gcs = 0;
}
static void
@@ -18671,6 +18679,7 @@ aarch64_handle_standard_branch_protection (void)
aarch_ra_sign_scope = AARCH_FUNCTION_NON_LEAF;
aarch64_ra_sign_key = AARCH64_KEY_A;
aarch_enable_bti = 1;
+ aarch64_enable_gcs = 1;
}
static void
@@ -18697,6 +18706,11 @@ aarch64_handle_bti_protection (void)
{
aarch_enable_bti = 1;
}
+static void
+aarch64_handle_gcs_protection (void)
+{
+ aarch64_enable_gcs = 1;
+}
static const struct aarch_branch_protect_type aarch64_pac_ret_subtypes[] = {
{ "leaf", false, aarch64_handle_pac_ret_leaf, NULL, 0 },
@@ -18711,6 +18725,7 @@ static const struct aarch_branch_protect_type aarch64_branch_protect_types[] =
{ "pac-ret", false, aarch64_handle_pac_ret_protection,
aarch64_pac_ret_subtypes, ARRAY_SIZE (aarch64_pac_ret_subtypes) },
{ "bti", false, aarch64_handle_bti_protection, NULL, 0 },
+ { "gcs", false, aarch64_handle_gcs_protection, NULL, 0 },
{ NULL, false, NULL, NULL, 0 }
};
@@ -18811,6 +18826,15 @@ aarch64_override_options (void)
#endif
}
+ if (aarch64_enable_gcs == 2)
+ {
+#ifdef TARGET_ENABLE_GCS
+ aarch64_enable_gcs = 1;
+#else
+ aarch64_enable_gcs = 0;
+#endif
+ }
+
/* Return address signing is currently not supported for ILP32 targets. For
LP64 targets use the configured option in the absence of a command-line
option for -mbranch-protection. */
diff --git a/gcc/config/aarch64/aarch64.opt b/gcc/config/aarch64/aarch64.opt
index 6356c419399b..aeb710449fb4 100644
--- a/gcc/config/aarch64/aarch64.opt
+++ b/gcc/config/aarch64/aarch64.opt
@@ -39,6 +39,9 @@ aarch64_feature_flags aarch64_isa_flags = 0
TargetVariable
unsigned aarch_enable_bti = 2
+TargetVariable
+unsigned aarch64_enable_gcs = 2
+
TargetVariable
enum aarch64_key_type aarch64_ra_sign_key = AARCH64_KEY_A
diff --git a/gcc/configure b/gcc/configure
index 41b978b0380b..69d583b8c8a5 100755
--- a/gcc/configure
+++ b/gcc/configure
@@ -28221,7 +28221,7 @@ if test "${enable_standard_branch_protection+set}" = set; then :
enableval=$enable_standard_branch_protection;
case $enableval in
yes)
- tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1"
+ tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1 TARGET_ENABLE_GCS=1"
;;
no)
;;
diff --git a/gcc/configure.ac b/gcc/configure.ac
index 72012d61e671..c14aa55ee9ea 100644
--- a/gcc/configure.ac
+++ b/gcc/configure.ac
@@ -4440,7 +4440,7 @@ AS_HELP_STRING([--disable-standard-branch-protection],
[
case $enableval in
yes)
- tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1"
+ tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1 TARGET_ENABLE_GCS=1"
;;
no)
;;
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 0de184f6241a..c1d57281dd84 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -800,7 +800,7 @@ Objective-C and Objective-C++ Dialects}.
-mpc-relative-literal-loads
-msign-return-address=@var{scope}
-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}
-+@var{b-key}]|@var{bti}
++@var{b-key}]|@var{bti}|@var{gcs}
-mharden-sls=@var{opts}
-march=@var{name} -mcpu=@var{name} -mtune=@var{name}
-moverride=@var{string} -mverbose-cost-dump
@@ -21360,7 +21360,7 @@ default value is @samp{none}. This option has been deprecated by
-mbranch-protection.
@opindex mbranch-protection
-@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}+@var{b-key}]|@var{bti}
+@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}+@var{b-key}]|@var{bti}|@var{gcs}
Select the branch protection features to use.
@samp{none} is the default and turns off all types of branch protection.
@samp{standard} turns on all types of branch protection features. If a feature
@@ -21373,6 +21373,7 @@ argument @samp{leaf} can be used to extend the signing to include leaf
functions. The optional argument @samp{b-key} can be used to sign the functions
with the B-key instead of the A-key.
@samp{bti} turns on branch target identification mechanism.
+@samp{gcs} turns on guarded control stack compatible code generation.
@opindex mharden-sls
@item -mharden-sls=@var{opts}
^ permalink raw reply [flat|nested] 2+ messages in thread
* [gcc(refs/vendors/ARM/heads/gcs)] aarch64: Add -mbranch-protection=gcs option
@ 2024-04-10 10:47 Szabolcs Nagy
0 siblings, 0 replies; 2+ messages in thread
From: Szabolcs Nagy @ 2024-04-10 10:47 UTC (permalink / raw)
To: gcc-cvs
https://gcc.gnu.org/g:50dc77071139c477a10c78d3d73ff2db4dcd6ef7
commit 50dc77071139c477a10c78d3d73ff2db4dcd6ef7
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Mon Jun 19 12:57:56 2023 +0100
aarch64: Add -mbranch-protection=gcs option
This enables Guarded Control Stack (GCS) compatible code generation.
The "standard" branch-protection type enables it, and the default
depends on the compiler default.
TODO: gcs compatibility marking is missing.
gcc/ChangeLog:
* config/aarch64/aarch64-protos.h (aarch_gcs_enabled): Declare.
* config/aarch64/aarch64.cc (aarch_gcs_enabled): Define.
(aarch_handle_no_branch_protection): Handle gcs.
(aarch_handle_standard_branch_protection): Handle gcs.
(aarch_handle_gcs_protection): New.
* config/aarch64/aarch64.opt: Add aarch_enable_gcs.
* configure: Regenerate.
* configure.ac: Handle gcs in --enable-standard-branch-protection.
* doc/invoke.texi: Document -mbranch-protection=gcs.
Diff:
---
gcc/config/aarch64/aarch64-protos.h | 2 ++
gcc/config/aarch64/aarch64.cc | 24 ++++++++++++++++++++++++
gcc/config/aarch64/aarch64.opt | 3 +++
gcc/configure | 2 +-
gcc/configure.ac | 2 +-
gcc/doc/invoke.texi | 5 +++--
6 files changed, 34 insertions(+), 4 deletions(-)
diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
index 42639e9efcf..ed5f9622658 100644
--- a/gcc/config/aarch64/aarch64-protos.h
+++ b/gcc/config/aarch64/aarch64-protos.h
@@ -1113,4 +1113,6 @@ extern void aarch64_adjust_reg_alloc_order ();
bool aarch64_optimize_mode_switching (aarch64_mode_entity);
void aarch64_restore_za (rtx);
+extern bool aarch64_gcs_enabled ();
+
#endif /* GCC_AARCH64_PROTOS_H */
diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
index 1ea84c8bd73..73969721906 100644
--- a/gcc/config/aarch64/aarch64.cc
+++ b/gcc/config/aarch64/aarch64.cc
@@ -8375,6 +8375,13 @@ aarch_bti_j_insn_p (rtx_insn *insn)
return GET_CODE (pat) == UNSPEC_VOLATILE && XINT (pat, 1) == UNSPECV_BTI_J;
}
+/* Return TRUE if Guarded Control Stack is enabled. */
+bool
+aarch64_gcs_enabled (void)
+{
+ return (aarch64_enable_gcs == 1);
+}
+
/* Check if X (or any sub-rtx of X) is a PACIASP/PACIBSP instruction. */
bool
aarch_pac_insn_p (rtx x)
@@ -18694,6 +18701,7 @@ aarch64_handle_no_branch_protection (void)
{
aarch_ra_sign_scope = AARCH_FUNCTION_NONE;
aarch_enable_bti = 0;
+ aarch64_enable_gcs = 0;
}
static void
@@ -18702,6 +18710,7 @@ aarch64_handle_standard_branch_protection (void)
aarch_ra_sign_scope = AARCH_FUNCTION_NON_LEAF;
aarch64_ra_sign_key = AARCH64_KEY_A;
aarch_enable_bti = 1;
+ aarch64_enable_gcs = 1;
}
static void
@@ -18728,6 +18737,11 @@ aarch64_handle_bti_protection (void)
{
aarch_enable_bti = 1;
}
+static void
+aarch64_handle_gcs_protection (void)
+{
+ aarch64_enable_gcs = 1;
+}
static const struct aarch_branch_protect_type aarch64_pac_ret_subtypes[] = {
{ "leaf", false, aarch64_handle_pac_ret_leaf, NULL, 0 },
@@ -18742,6 +18756,7 @@ static const struct aarch_branch_protect_type aarch64_branch_protect_types[] =
{ "pac-ret", false, aarch64_handle_pac_ret_protection,
aarch64_pac_ret_subtypes, ARRAY_SIZE (aarch64_pac_ret_subtypes) },
{ "bti", false, aarch64_handle_bti_protection, NULL, 0 },
+ { "gcs", false, aarch64_handle_gcs_protection, NULL, 0 },
{ NULL, false, NULL, NULL, 0 }
};
@@ -18842,6 +18857,15 @@ aarch64_override_options (void)
#endif
}
+ if (aarch64_enable_gcs == 2)
+ {
+#ifdef TARGET_ENABLE_GCS
+ aarch64_enable_gcs = 1;
+#else
+ aarch64_enable_gcs = 0;
+#endif
+ }
+
/* Return address signing is currently not supported for ILP32 targets. For
LP64 targets use the configured option in the absence of a command-line
option for -mbranch-protection. */
diff --git a/gcc/config/aarch64/aarch64.opt b/gcc/config/aarch64/aarch64.opt
index 6356c419399..aeb710449fb 100644
--- a/gcc/config/aarch64/aarch64.opt
+++ b/gcc/config/aarch64/aarch64.opt
@@ -39,6 +39,9 @@ aarch64_feature_flags aarch64_isa_flags = 0
TargetVariable
unsigned aarch_enable_bti = 2
+TargetVariable
+unsigned aarch64_enable_gcs = 2
+
TargetVariable
enum aarch64_key_type aarch64_ra_sign_key = AARCH64_KEY_A
diff --git a/gcc/configure b/gcc/configure
index 266ab8f84b2..45725639fd2 100755
--- a/gcc/configure
+++ b/gcc/configure
@@ -28221,7 +28221,7 @@ if test "${enable_standard_branch_protection+set}" = set; then :
enableval=$enable_standard_branch_protection;
case $enableval in
yes)
- tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1"
+ tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1 TARGET_ENABLE_GCS=1"
;;
no)
;;
diff --git a/gcc/configure.ac b/gcc/configure.ac
index a5aec1bc967..30d59ce7949 100644
--- a/gcc/configure.ac
+++ b/gcc/configure.ac
@@ -4440,7 +4440,7 @@ AS_HELP_STRING([--disable-standard-branch-protection],
[
case $enableval in
yes)
- tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1"
+ tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1 TARGET_ENABLE_GCS=1"
;;
no)
;;
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 5d5e70c3033..ada1d565ad0 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -801,7 +801,7 @@ Objective-C and Objective-C++ Dialects}.
-mpc-relative-literal-loads
-msign-return-address=@var{scope}
-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}
-+@var{b-key}]|@var{bti}
++@var{b-key}]|@var{bti}|@var{gcs}
-mharden-sls=@var{opts}
-march=@var{name} -mcpu=@var{name} -mtune=@var{name}
-moverride=@var{string} -mverbose-cost-dump
@@ -21417,7 +21417,7 @@ default value is @samp{none}. This option has been deprecated by
-mbranch-protection.
@opindex mbranch-protection
-@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}+@var{b-key}]|@var{bti}
+@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}+@var{b-key}]|@var{bti}|@var{gcs}
Select the branch protection features to use.
@samp{none} is the default and turns off all types of branch protection.
@samp{standard} turns on all types of branch protection features. If a feature
@@ -21430,6 +21430,7 @@ argument @samp{leaf} can be used to extend the signing to include leaf
functions. The optional argument @samp{b-key} can be used to sign the functions
with the B-key instead of the A-key.
@samp{bti} turns on branch target identification mechanism.
+@samp{gcs} turns on guarded control stack compatible code generation.
@opindex mharden-sls
@item -mharden-sls=@var{opts}
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-04-10 10:47 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-14 15:26 [gcc(refs/vendors/ARM/heads/gcs)] aarch64: Add -mbranch-protection=gcs option Szabolcs Nagy
2024-04-10 10:47 Szabolcs Nagy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).