From: Richard Earnshaw <Richard.Earnshaw@foss.arm.com>
To: Andrea Corallo <andrea.corallo@arm.com>
Cc: Richard Earnshaw <Richard.Earnshaw@arm.com>, nd <nd@arm.com>,
Andrea Corallo via Gcc-patches <gcc-patches@gcc.gnu.org>
Subject: Re: [PATCH 3/12 V2] arm: Add option -mbranch-protection
Date: Mon, 4 Jul 2022 11:55:10 +0100 [thread overview]
Message-ID: <86ba1f52-6b1b-0808-22cd-ff1684692c25@foss.arm.com> (raw)
In-Reply-To: <gkr8rp99qi8.fsf_-_@arm.com>
On 04/07/2022 10:27, Andrea Corallo via Gcc-patches wrote:
> Richard Earnshaw <Richard.Earnshaw@foss.arm.com> writes:
>
> [...]
>
>> +@item
>> +-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]]
>> +@opindex mbranch-protection
>> +Enable branch protection features (armv8.1-m.main only).
>> +@samp{none} generate code without branch protection or return address
>> +signing.
>> +@samp{standard[+@var{leaf}]} generate code with all branch protection
>> +features enabled at their standard level.
>> +@samp{pac-ret[+@var{leaf}]} generate code with return address signing
>> +set to its standard level, which is to sign all functions that save
>> +the return address to memory.
>> +@samp{leaf} When return address signing is enabled, also sign leaf
>> +functions even if they do not write the return address to memory.
>> ++@samp{bti} Add landing-pad instructions at the permitted targets of
>> +indirect branch instructions.
>> +
>> +If the @samp{+pacbti} architecture extension is not enabled, then all
>> +branch protection and return address signing operations are
>> +constrained to use only the instructions defined in the
>> +architectural-NOP space. The generated code will remain
>> +backwards-compatible with earlier versions of the architecture, but
>> +the additional security can be enabled at run time on processors that
>> +support the @samp{PACBTI} extension.
>> +
>> +Branch target enforcement using BTI can only be enabled at runtime if
>> +all code in the application has been compiled with at least
>> +@samp{-mbranch-protection=bti}.
>> +
>> +The default is to generate code without branch protection or return
>> +address signing.
>>
>> This needs to make it clear that -mbranch-protection != none is only
>> supported on armv8-m.main or later.
>>
>> R.
>
> Hi Richard,
>
> thanks for reviewing, please find attached the respinned patch.
>
> Ok for trunk (when the rest of the series will be approved)?
>
> Best Regards
>
> Andrea
>
> gcc/ChangeLog:
>
> * config/arm/arm.c (arm_configure_build_target): Parse and validate
> -mbranch-protection option and initialize appropriate data structures.
> * config/arm/arm.opt (-mbranch-protection): New option.
> * doc/invoke.texi (Arm Options): Document it.
>
> Co-Authored-By: Tejas Belagod <tbelagod@arm.com>
> Co-Authored-By: Richard Earnshaw <Richard.Earnshaw@arm.com>
>
OK.
R.
next prev parent reply other threads:[~2022-07-04 10:55 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-28 8:39 [PATCH 0/12] arm: Enables return address verification and branch target identification on Cortex-M Andrea Corallo
2022-04-28 9:08 ` [PATCH 1/12] arm: Make mbranch-protection opts parsing common to AArch32/64 Andrea Corallo
2022-07-01 10:49 ` Richard Earnshaw
2022-04-28 9:37 ` [PATCH 2/12] arm: Add Armv8.1-M Mainline target feature +pacbti Andrea Corallo
2022-07-01 10:51 ` Richard Earnshaw
2022-04-28 9:38 ` [PATCH 3/12] arm: Add option -mbranch-protection Andrea Corallo
2022-07-01 10:59 ` Richard Earnshaw
2022-07-04 9:27 ` [PATCH 3/12 V2] " Andrea Corallo
2022-07-04 10:55 ` Richard Earnshaw [this message]
2022-04-28 9:40 ` [PATCH 4/12] arm: Add testsuite library support for PACBTI target Andrea Corallo
2022-07-01 13:03 ` Richard Earnshaw
2022-07-01 14:17 ` Richard Earnshaw
2022-07-04 14:47 ` Andrea Corallo
2022-07-05 10:05 ` Richard Earnshaw
2022-04-28 9:42 ` [PATCH 5/12] arm: Implement target feature macros for PACBTI Andrea Corallo
2022-07-01 14:26 ` Richard Earnshaw
2022-07-12 15:45 ` [PATCH 5/12 V2] " Andrea Corallo
2022-07-21 11:01 ` Richard Earnshaw
2022-07-22 10:35 ` [PATCH 5/12 V3] " Andrea Corallo
2022-07-22 14:34 ` [PATCH 5/12 V4] " Andrea Corallo
2022-04-28 9:44 ` [PATCH 6/12] arm: Add pointer authentication for stack-unwinding runtime Andrea Corallo
2022-07-01 14:41 ` Richard Earnshaw
2022-11-09 11:17 ` [PATCH 6/12 V2] " Andrea Corallo
2022-04-28 9:45 ` [PATCH 7/12] arm: Emit build attributes for PACBTI target feature Andrea Corallo
2022-07-01 14:49 ` Richard Earnshaw
2022-07-13 8:58 ` [PATCH 7/12 V2] " Andrea Corallo
2022-07-21 11:03 ` Richard Earnshaw
2022-07-22 14:57 ` Andrea Corallo
2022-04-28 9:46 ` [PATCH 8/12] arm: Introduce multilibs " Andrea Corallo
2022-06-01 12:32 ` [PATCH 8/12 V2] " Andrea Corallo
2022-07-01 14:54 ` Richard Earnshaw
2022-07-01 14:57 ` Richard Earnshaw
2022-07-21 9:04 ` [PATCH 8/12 V3] " Andrea Corallo
2022-07-21 11:09 ` Richard Earnshaw
2022-04-28 9:48 ` [PATCH 9/12] arm: Make libgcc bti compatible Andrea Corallo
2022-07-01 15:03 ` Richard Earnshaw
2022-07-21 9:17 ` [PATCH 9/12 V2] " Andrea Corallo
2022-07-21 11:41 ` Richard Earnshaw
2022-07-22 15:09 ` Andrea Corallo
2022-07-25 10:41 ` Richard Earnshaw
2022-12-12 14:54 ` Andrea Corallo
2022-04-28 9:50 ` [PATCH 10/12] arm: Implement cortex-M return signing address codegen Andrea Corallo
2022-06-28 9:17 ` [PATCH 10/12 V2] " Andrea Corallo
2022-07-01 15:43 ` Richard Earnshaw
2022-08-08 9:33 ` Andrea Corallo
2022-10-20 14:53 ` Kyrylo Tkachov
2022-04-28 9:51 ` [PATCH 11/12] aarch64: Make bti pass generic so it can be used by the arm backend Andrea Corallo
2022-05-06 8:23 ` Richard Sandiford
2022-07-01 15:53 ` Richard Earnshaw
2022-04-28 9:53 ` [PATCH 12/12] arm: implement bti injection Andrea Corallo
2022-06-28 9:21 ` [PATCH 12/12 V2] " Andrea Corallo
2022-07-01 16:04 ` Richard Earnshaw
2022-06-01 12:34 ` [PATCH 0/12] arm: Enables return address verification and branch target identification on Cortex-M Andrea Corallo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86ba1f52-6b1b-0808-22cd-ff1684692c25@foss.arm.com \
--to=richard.earnshaw@foss.arm.com \
--cc=Richard.Earnshaw@arm.com \
--cc=andrea.corallo@arm.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=nd@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).