From: Jonathan Wakely <jwakely@redhat.com>
To: Yury Khrustalev <yury.khrustalev@arm.com>
Cc: gcc-patches@gcc.gnu.org, nsz@gcc.gnu.org,
richard.earnshaw@arm.com, matthieu.longo@arm.com,
richard.ball@arm.com, richard.sandiford@arm.com,
ktkachov@nvidia.com, john.brawn@arm.com
Subject: Re: [PATCH v4 01/23] aarch64: Add -mbranch-protection=gcs option
Date: Thu, 14 Nov 2024 20:39:07 +0000 [thread overview]
Message-ID: <ZzZf69gORVPRo6Ct@zen.kayari.org> (raw)
In-Reply-To: <20241114123713.4046367-2-yury.khrustalev@arm.com>
On 14/11/24 12:36 +0000, Yury Khrustalev wrote:
>From: Szabolcs Nagy <szabolcs.nagy@arm.com>
>
>This enables Guarded Control Stack (GCS) compatible code generation.
>
>The "standard" branch-protection type enables it, and the default
>depends on the compiler default.
>
>gcc/ChangeLog:
>
> * config/aarch64/aarch64-protos.h (aarch_gcs_enabled): Declare.
> * config/aarch64/aarch64.cc (aarch_gcs_enabled): Define.
> (aarch_handle_no_branch_protection): Handle gcs.
> (aarch_handle_standard_branch_protection): Handle gcs.
> (aarch_handle_gcs_protection): New.
> * config/aarch64/aarch64.opt: Add aarch_enable_gcs.
> * configure: Regenerate.
> * configure.ac: Handle gcs in --enable-standard-branch-protection.
> * doc/invoke.texi: Document -mbranch-protection=gcs.
>---
> gcc/config/aarch64/aarch64-protos.h | 2 ++
> gcc/config/aarch64/aarch64.cc | 24 ++++++++++++++++++++++++
> gcc/config/aarch64/aarch64.opt | 3 +++
> gcc/configure | 2 +-
> gcc/configure.ac | 6 +++---
> gcc/doc/invoke.texi | 5 +++--
> 6 files changed, 36 insertions(+), 6 deletions(-)
>
>diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
>index 05d3258abf7..481907422e8 100644
>--- a/gcc/config/aarch64/aarch64-protos.h
>+++ b/gcc/config/aarch64/aarch64-protos.h
>@@ -1206,4 +1206,6 @@ extern void aarch64_adjust_reg_alloc_order ();
> bool aarch64_optimize_mode_switching (aarch64_mode_entity);
> void aarch64_restore_za (rtx);
>
>+extern bool aarch64_gcs_enabled ();
>+
> #endif /* GCC_AARCH64_PROTOS_H */
>diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc
>index 00bcf18ae97..68230e1f4c2 100644
>--- a/gcc/config/aarch64/aarch64.cc
>+++ b/gcc/config/aarch64/aarch64.cc
>@@ -8562,6 +8562,13 @@ aarch_bti_j_insn_p (rtx_insn *insn)
> return GET_CODE (pat) == UNSPEC_VOLATILE && XINT (pat, 1) == UNSPECV_BTI_J;
> }
>
>+/* Return TRUE if Guarded Control Stack is enabled. */
>+bool
>+aarch64_gcs_enabled (void)
>+{
>+ return (aarch64_enable_gcs == 1);
>+}
>+
> /* Check if X (or any sub-rtx of X) is a PACIASP/PACIBSP instruction. */
> bool
> aarch_pac_insn_p (rtx x)
>@@ -18981,6 +18988,7 @@ aarch64_handle_no_branch_protection (void)
> {
> aarch_ra_sign_scope = AARCH_FUNCTION_NONE;
> aarch_enable_bti = 0;
>+ aarch64_enable_gcs = 0;
> }
>
> static void
>@@ -18989,6 +18997,7 @@ aarch64_handle_standard_branch_protection (void)
> aarch_ra_sign_scope = AARCH_FUNCTION_NON_LEAF;
> aarch64_ra_sign_key = AARCH64_KEY_A;
> aarch_enable_bti = 1;
>+ aarch64_enable_gcs = 1;
> }
>
> static void
>@@ -19015,6 +19024,11 @@ aarch64_handle_bti_protection (void)
> {
> aarch_enable_bti = 1;
> }
>+static void
>+aarch64_handle_gcs_protection (void)
>+{
>+ aarch64_enable_gcs = 1;
>+}
>
> static const struct aarch_branch_protect_type aarch64_pac_ret_subtypes[] = {
> { "leaf", false, aarch64_handle_pac_ret_leaf, NULL, 0 },
>@@ -19029,6 +19043,7 @@ static const struct aarch_branch_protect_type aarch64_branch_protect_types[] =
> { "pac-ret", false, aarch64_handle_pac_ret_protection,
> aarch64_pac_ret_subtypes, ARRAY_SIZE (aarch64_pac_ret_subtypes) },
> { "bti", false, aarch64_handle_bti_protection, NULL, 0 },
>+ { "gcs", false, aarch64_handle_gcs_protection, NULL, 0 },
> { NULL, false, NULL, NULL, 0 }
> };
>
>@@ -19128,6 +19143,15 @@ aarch64_override_options (void)
> #endif
> }
>
>+ if (aarch64_enable_gcs == 2)
>+ {
>+#ifdef TARGET_ENABLE_GCS
>+ aarch64_enable_gcs = 1;
>+#else
>+ aarch64_enable_gcs = 0;
>+#endif
>+ }
>+
> /* Return address signing is currently not supported for ILP32 targets. For
> LP64 targets use the configured option in the absence of a command-line
> option for -mbranch-protection. */
>diff --git a/gcc/config/aarch64/aarch64.opt b/gcc/config/aarch64/aarch64.opt
>index c2c9965b062..36bc719b822 100644
>--- a/gcc/config/aarch64/aarch64.opt
>+++ b/gcc/config/aarch64/aarch64.opt
>@@ -45,6 +45,9 @@ uint64_t aarch64_isa_flags_1 = 0
> TargetVariable
> unsigned aarch_enable_bti = 2
>
>+TargetVariable
>+unsigned aarch64_enable_gcs = 2
>+
> TargetVariable
> enum aarch64_key_type aarch64_ra_sign_key = AARCH64_KEY_A
>
>diff --git a/gcc/configure b/gcc/configure
>index 150ab616414..df64af3af57 100755
>--- a/gcc/configure
>+++ b/gcc/configure
>@@ -28093,7 +28093,7 @@ if test "${enable_standard_branch_protection+set}" = set; then :
> enableval=$enable_standard_branch_protection;
> case $enableval in
> yes)
>- tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1"
>+ tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1 TARGET_ENABLE_GCS=1"
> ;;
> no)
> ;;
This file was not correctly regenerated.
>diff --git a/gcc/configure.ac b/gcc/configure.ac
>index bdb22d53e2c..bdd8cb0002f 100644
>--- a/gcc/configure.ac
>+++ b/gcc/configure.ac
>@@ -4402,14 +4402,14 @@ case "$target" in
> AC_ARG_ENABLE(standard-branch-protection,
> [
> AS_HELP_STRING([--enable-standard-branch-protection],
>- [enable Branch Target Identification Mechanism and Return Address Signing by default for AArch64])
>+ [enable Branch Target Identification Mechanism, Return Address Signing, and Guarded Control Stack by default for AArch64])
> AS_HELP_STRING([--disable-standard-branch-protection],
>- [disable Branch Target Identification Mechanism and Return Address Signing by default for AArch64])
>+ [disable Branch Target Identification Mechanism, Return Address Signing, and Guarded Control Stack by default for AArch64])
> ],
> [
> case $enableval in
> yes)
>- tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1"
>+ tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1 TARGET_ENABLE_GCS=1"
> ;;
> no)
> ;;
>diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
>index aa979c3c2fd..ccf34dc28ce 100644
>--- a/gcc/doc/invoke.texi
>+++ b/gcc/doc/invoke.texi
>@@ -814,7 +814,7 @@ Objective-C and Objective-C++ Dialects}.
> -mpc-relative-literal-loads
> -msign-return-address=@var{scope}
> -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}
>-+@var{b-key}]|@var{bti}
>++@var{b-key}]|@var{bti}|@var{gcs}
> -mharden-sls=@var{opts}
> -march=@var{name} -mcpu=@var{name} -mtune=@var{name}
> -moverride=@var{string} -mverbose-cost-dump
>@@ -21591,7 +21591,7 @@ default value is @samp{none}. This option has been deprecated by
> -mbranch-protection.
>
> @opindex mbranch-protection
>-@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}+@var{b-key}]|@var{bti}
>+@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}+@var{b-key}]|@var{bti}|@var{gcs}
> Select the branch protection features to use.
> @samp{none} is the default and turns off all types of branch protection.
> @samp{standard} turns on all types of branch protection features. If a feature
>@@ -21604,6 +21604,7 @@ argument @samp{leaf} can be used to extend the signing to include leaf
> functions. The optional argument @samp{b-key} can be used to sign the functions
> with the B-key instead of the A-key.
> @samp{bti} turns on branch target identification mechanism.
>+@samp{gcs} turns on guarded control stack compatible code generation.
>
> @opindex mharden-sls
> @item -mharden-sls=@var{opts}
>--
>2.39.5
>
next prev parent reply other threads:[~2024-11-14 20:39 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-14 12:36 [PATCH v4 00/23] aarch64: Add support for Guarded Control Stack extension Yury Khrustalev
2024-11-14 12:36 ` [PATCH v4 01/23] aarch64: Add -mbranch-protection=gcs option Yury Khrustalev
2024-11-14 20:39 ` Jonathan Wakely [this message]
2024-11-14 20:53 ` [COMMITTED] gcc: regenerate configure Sam James
2024-11-15 10:22 ` Yury Khrustalev
2024-11-15 10:21 ` [PATCH v4 01/23] aarch64: Add -mbranch-protection=gcs option Yury Khrustalev
2024-11-14 12:36 ` [PATCH v4 02/23] aarch64: Add branch-protection target pragma tests Yury Khrustalev
2024-11-14 12:36 ` [PATCH v4 03/23] aarch64: Add support for chkfeat insn Yury Khrustalev
2024-11-14 12:36 ` [PATCH v4 04/23] aarch64: Add __builtin_aarch64_chkfeat Yury Khrustalev
2024-11-14 12:36 ` [PATCH v4 05/23] aarch64: Add ACLE __chkfeat intrinsic Yury Khrustalev
2024-11-14 12:36 ` [PATCH v4 06/23] aarch64: Add __builtin_aarch64_chkfeat and __chkfeat tests Yury Khrustalev
2024-11-14 12:36 ` [PATCH v4 07/23] aarch64: Add GCS instructions Yury Khrustalev
2024-11-14 12:36 ` [PATCH v4 08/23] aarch64: Add GCS builtins Yury Khrustalev
2024-11-14 12:36 ` [PATCH v4 09/23] aarch64: Add ACLE __gcs* intrinsics Yury Khrustalev
2024-11-14 12:37 ` [PATCH v4 10/23] aarch64: Add __builtin_aarch64_gcs* and __gcs* tests Yury Khrustalev
2024-11-14 12:37 ` [PATCH v4 11/23] aarch64: Add GCS support for nonlocal stack save Yury Khrustalev
2024-11-14 12:37 ` [PATCH v4 12/23] aarch64: Add non-local goto and jump tests for GCS Yury Khrustalev
2024-11-14 12:37 ` [PATCH v4 13/23] aarch64: Add ACLE feature macros " Yury Khrustalev
2024-11-14 12:37 ` [PATCH v4 14/23] aarch64: Add test for GCS ACLE defs Yury Khrustalev
2024-11-14 12:37 ` [PATCH v4 15/23] aarch64: Add target pragma tests for gcs Yury Khrustalev
2024-11-14 12:37 ` [PATCH v4 16/23] aarch64: Add GCS support to the unwinder Yury Khrustalev
2024-11-14 12:37 ` [PATCH v4 17/23] aarch64: Emit GNU property NOTE for GCS Yury Khrustalev
2024-11-14 12:37 ` [PATCH v4 18/23] aarch64: libgcc: add GCS marking to asm Yury Khrustalev
2024-11-14 12:37 ` [PATCH v4 19/23] aarch64: libatomic: " Yury Khrustalev
2024-11-14 12:37 ` [PATCH v4 20/23] aarch64: Introduce indirect_return attribute Yury Khrustalev
2024-11-14 12:37 ` [PATCH v4 21/23] aarch64: Add tests and docs for " Yury Khrustalev
2024-11-14 12:37 ` [PATCH v4 22/23] aarch64: Fix tests incompatible with GCS Yury Khrustalev
2024-11-14 12:37 ` [PATCH v4 23/23] aarch64: Fix nonlocal goto " Yury Khrustalev
2024-11-14 16:18 ` [PATCH v4 00/23] aarch64: Add support for Guarded Control Stack extension Richard Sandiford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZzZf69gORVPRo6Ct@zen.kayari.org \
--to=jwakely@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=john.brawn@arm.com \
--cc=ktkachov@nvidia.com \
--cc=matthieu.longo@arm.com \
--cc=nsz@gcc.gnu.org \
--cc=richard.ball@arm.com \
--cc=richard.earnshaw@arm.com \
--cc=richard.sandiford@arm.com \
--cc=yury.khrustalev@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).