From: Andrea Corallo <andrea.corallo@arm.com>
To: Richard Earnshaw <Richard.Earnshaw@foss.arm.com>
Cc: Andrea Corallo via Gcc-patches <gcc-patches@gcc.gnu.org>,
"Richard Earnshaw" <Richard.Earnshaw@arm.com>, nd <nd@arm.com>
Subject: [PATCH 3/12 V2] arm: Add option -mbranch-protection
Date: Mon, 4 Jul 2022 11:27:43 +0200 [thread overview]
Message-ID: <gkr8rp99qi8.fsf_-_@arm.com> (raw)
In-Reply-To: <7599346b-1015-7dae-88a6-f7c8a8d82c98@foss.arm.com> (Richard Earnshaw's message of "Fri, 1 Jul 2022 11:59:06 +0100")
[-- Attachment #1: Type: text/plain, Size: 2284 bytes --]
Richard Earnshaw <Richard.Earnshaw@foss.arm.com> writes:
[...]
> +@item
> +-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]]
> +@opindex mbranch-protection
> +Enable branch protection features (armv8.1-m.main only).
> +@samp{none} generate code without branch protection or return address
> +signing.
> +@samp{standard[+@var{leaf}]} generate code with all branch protection
> +features enabled at their standard level.
> +@samp{pac-ret[+@var{leaf}]} generate code with return address signing
> +set to its standard level, which is to sign all functions that save
> +the return address to memory.
> +@samp{leaf} When return address signing is enabled, also sign leaf
> +functions even if they do not write the return address to memory.
> ++@samp{bti} Add landing-pad instructions at the permitted targets of
> +indirect branch instructions.
> +
> +If the @samp{+pacbti} architecture extension is not enabled, then all
> +branch protection and return address signing operations are
> +constrained to use only the instructions defined in the
> +architectural-NOP space. The generated code will remain
> +backwards-compatible with earlier versions of the architecture, but
> +the additional security can be enabled at run time on processors that
> +support the @samp{PACBTI} extension.
> +
> +Branch target enforcement using BTI can only be enabled at runtime if
> +all code in the application has been compiled with at least
> +@samp{-mbranch-protection=bti}.
> +
> +The default is to generate code without branch protection or return
> +address signing.
>
> This needs to make it clear that -mbranch-protection != none is only
> supported on armv8-m.main or later.
>
> R.
Hi Richard,
thanks for reviewing, please find attached the respinned patch.
Ok for trunk (when the rest of the series will be approved)?
Best Regards
Andrea
gcc/ChangeLog:
* config/arm/arm.c (arm_configure_build_target): Parse and validate
-mbranch-protection option and initialize appropriate data structures.
* config/arm/arm.opt (-mbranch-protection): New option.
* doc/invoke.texi (Arm Options): Document it.
Co-Authored-By: Tejas Belagod <tbelagod@arm.com>
Co-Authored-By: Richard Earnshaw <Richard.Earnshaw@arm.com>
[-- Attachment #2: 3-12.patch --]
[-- Type: text/plain, Size: 3690 bytes --]
diff --git a/gcc/config/arm/arm.cc b/gcc/config/arm/arm.cc
index 60f3eae82a4..0068817b0f2 100644
--- a/gcc/config/arm/arm.cc
+++ b/gcc/config/arm/arm.cc
@@ -3263,6 +3263,17 @@ arm_configure_build_target (struct arm_build_target *target,
tune_opts = strchr (opts->x_arm_tune_string, '+');
}
+ if (opts->x_arm_branch_protection_string)
+ {
+ aarch_validate_mbranch_protection (opts->x_arm_branch_protection_string);
+
+ if (aarch_ra_sign_key != AARCH_KEY_A)
+ {
+ warning (0, "invalid key type for %<-mbranch-protection=%>");
+ aarch_ra_sign_key = AARCH_KEY_A;
+ }
+ }
+
if (arm_selected_arch)
{
arm_initialize_isa (target->isa, arm_selected_arch->common.isa_bits);
diff --git a/gcc/config/arm/arm.opt b/gcc/config/arm/arm.opt
index f54ec8356c3..d292e23ea11 100644
--- a/gcc/config/arm/arm.opt
+++ b/gcc/config/arm/arm.opt
@@ -323,6 +323,10 @@ mbranch-cost=
Target RejectNegative Joined UInteger Var(arm_branch_cost) Init(-1)
Cost to assume for a branch insn.
+mbranch-protection=
+Target RejectNegative Joined Var(arm_branch_protection_string) Save
+Use branch-protection features.
+
mgeneral-regs-only
Target RejectNegative Mask(GENERAL_REGS_ONLY) Save
Generate code which uses the core registers only (r0-r14).
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 079e34ed98c..a2be3446594 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -825,7 +825,9 @@ Objective-C and Objective-C++ Dialects}.
-mcmse @gol
-mfix-cmse-cve-2021-35465 @gol
-mstack-protector-guard=@var{guard} -mstack-protector-guard-offset=@var{offset} @gol
--mfdpic}
+-mfdpic @gol
+-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}]
+[+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]]}
@emph{AVR Options}
@gccoptlist{-mmcu=@var{mcu} -mabsdata -maccumulate-args @gol
@@ -21521,6 +21523,40 @@ The opposite @option{-mno-fdpic} option is useful (and required) to
build the Linux kernel using the same (@code{arm-*-uclinuxfdpiceabi})
toolchain as the one used to build the userland programs.
+@item
+-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]]
+@opindex mbranch-protection
+Enable branch protection features (armv8.1-m.main only).
+@samp{none} generate code without branch protection or return address
+signing.
+@samp{standard[+@var{leaf}]} generate code with all branch protection
+features enabled at their standard level.
+@samp{pac-ret[+@var{leaf}]} generate code with return address signing
+set to its standard level, which is to sign all functions that save
+the return address to memory.
+@samp{leaf} When return address signing is enabled, also sign leaf
+functions even if they do not write the return address to memory.
++@samp{bti} Add landing-pad instructions at the permitted targets of
+indirect branch instructions.
+
+If the @samp{+pacbti} architecture extension is not enabled, then all
+branch protection and return address signing operations are
+constrained to use only the instructions defined in the
+architectural-NOP space. The generated code will remain
+backwards-compatible with earlier versions of the architecture, but
+the additional security can be enabled at run time on processors that
+support the @samp{PACBTI} extension.
+
+Branch target enforcement using BTI can only be enabled at runtime if
+all code in the application has been compiled with at least
+@samp{-mbranch-protection=bti}.
+
+Any setting other than @samp{none} is supported only on armv8-m.main
+or later.
+
+The default is to generate code without branch protection or return
+address signing.
+
@end table
@node AVR Options
next prev parent reply other threads:[~2022-07-04 9:28 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-28 8:39 [PATCH 0/12] arm: Enables return address verification and branch target identification on Cortex-M Andrea Corallo
2022-04-28 9:08 ` [PATCH 1/12] arm: Make mbranch-protection opts parsing common to AArch32/64 Andrea Corallo
2022-07-01 10:49 ` Richard Earnshaw
2022-04-28 9:37 ` [PATCH 2/12] arm: Add Armv8.1-M Mainline target feature +pacbti Andrea Corallo
2022-07-01 10:51 ` Richard Earnshaw
2022-04-28 9:38 ` [PATCH 3/12] arm: Add option -mbranch-protection Andrea Corallo
2022-07-01 10:59 ` Richard Earnshaw
2022-07-04 9:27 ` Andrea Corallo [this message]
2022-07-04 10:55 ` [PATCH 3/12 V2] " Richard Earnshaw
2022-04-28 9:40 ` [PATCH 4/12] arm: Add testsuite library support for PACBTI target Andrea Corallo
2022-07-01 13:03 ` Richard Earnshaw
2022-07-01 14:17 ` Richard Earnshaw
2022-07-04 14:47 ` Andrea Corallo
2022-07-05 10:05 ` Richard Earnshaw
2022-04-28 9:42 ` [PATCH 5/12] arm: Implement target feature macros for PACBTI Andrea Corallo
2022-07-01 14:26 ` Richard Earnshaw
2022-07-12 15:45 ` [PATCH 5/12 V2] " Andrea Corallo
2022-07-21 11:01 ` Richard Earnshaw
2022-07-22 10:35 ` [PATCH 5/12 V3] " Andrea Corallo
2022-07-22 14:34 ` [PATCH 5/12 V4] " Andrea Corallo
2022-04-28 9:44 ` [PATCH 6/12] arm: Add pointer authentication for stack-unwinding runtime Andrea Corallo
2022-07-01 14:41 ` Richard Earnshaw
2022-11-09 11:17 ` [PATCH 6/12 V2] " Andrea Corallo
2022-04-28 9:45 ` [PATCH 7/12] arm: Emit build attributes for PACBTI target feature Andrea Corallo
2022-07-01 14:49 ` Richard Earnshaw
2022-07-13 8:58 ` [PATCH 7/12 V2] " Andrea Corallo
2022-07-21 11:03 ` Richard Earnshaw
2022-07-22 14:57 ` Andrea Corallo
2022-04-28 9:46 ` [PATCH 8/12] arm: Introduce multilibs " Andrea Corallo
2022-06-01 12:32 ` [PATCH 8/12 V2] " Andrea Corallo
2022-07-01 14:54 ` Richard Earnshaw
2022-07-01 14:57 ` Richard Earnshaw
2022-07-21 9:04 ` [PATCH 8/12 V3] " Andrea Corallo
2022-07-21 11:09 ` Richard Earnshaw
2022-04-28 9:48 ` [PATCH 9/12] arm: Make libgcc bti compatible Andrea Corallo
2022-07-01 15:03 ` Richard Earnshaw
2022-07-21 9:17 ` [PATCH 9/12 V2] " Andrea Corallo
2022-07-21 11:41 ` Richard Earnshaw
2022-07-22 15:09 ` Andrea Corallo
2022-07-25 10:41 ` Richard Earnshaw
2022-12-12 14:54 ` Andrea Corallo
2022-04-28 9:50 ` [PATCH 10/12] arm: Implement cortex-M return signing address codegen Andrea Corallo
2022-06-28 9:17 ` [PATCH 10/12 V2] " Andrea Corallo
2022-07-01 15:43 ` Richard Earnshaw
2022-08-08 9:33 ` Andrea Corallo
2022-10-20 14:53 ` Kyrylo Tkachov
2022-04-28 9:51 ` [PATCH 11/12] aarch64: Make bti pass generic so it can be used by the arm backend Andrea Corallo
2022-05-06 8:23 ` Richard Sandiford
2022-07-01 15:53 ` Richard Earnshaw
2022-04-28 9:53 ` [PATCH 12/12] arm: implement bti injection Andrea Corallo
2022-06-28 9:21 ` [PATCH 12/12 V2] " Andrea Corallo
2022-07-01 16:04 ` Richard Earnshaw
2022-06-01 12:34 ` [PATCH 0/12] arm: Enables return address verification and branch target identification on Cortex-M Andrea Corallo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=gkr8rp99qi8.fsf_-_@arm.com \
--to=andrea.corallo@arm.com \
--cc=Richard.Earnshaw@arm.com \
--cc=Richard.Earnshaw@foss.arm.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=nd@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).