[PATCH 2/3][GCC][AARCH64] Add new -mbranch-protection option to combine pointer signing and BTI

Fri Nov 2 17:31:00 GMT 2018

Hi all,

The -mbranch-protection option combines the functionality of
-msign-return-address and the BTI features new in Armv8.5 to better reflect
their relationship. This new option therefore supersedes and deprecates the
existing -msign-return-address option.

-mbranch-protection=[none|standard|<types>] - Turns on different types of branch
protection available where:

     * "none": Turn of all types of branch protection
     * "standard" : Turns on all the types of protection to their respective
       standard levels.
     * <types> can be "+" separated protection types:

     	* "bti" : Branch Target Identification Mechanism.
	* "pac-ret{+leaf+b-key}": Return Address Signing. The default return
	  address signing is enabled by signing functions that save the return
	  address to memory (non-leaf functions will practically always do this)
	  using the a-key. The optional tuning arguments allow the user to
	  extend the scope of return address signing to include leaf functions
	  and to change the key to b-key. The tuning arguments must proceed the
	  protection type "pac-ret".

Thus -mbranch-protection=standard -> -mbranch-protection=bti+pac-ret.

Its mapping to -msign-return-address is as follows:

     * -mbranch-protection=none -> -msign-return-address=none
     * -mbranch-protection=standard -> -msign-return-address=leaf
     * -mbranch-protection=pac-ret -> -msign-return-address=non-leaf
     * -mbranch-protection=pac-ret+leaf -> -msign-return-address=all

This patch implements the option's skeleton and the "none", "standard" and
"pac-ret" types (along with its "leaf" subtype).

The previous patch in this series is here:
https://gcc.gnu.org/ml/gcc-patches/2018-11/msg00103.html

Bootstrapped successfully and tested on aarch64-none-elf with no regressions.

OK for trunk?

gcc/ChangeLog:

2018-11-02  Sam Tebbs<sam.tebbs@arm.com>

	* config/aarch64/aarch64.c (BRANCH_PROTEC_STR_MAX,
	aarch64_parse_branch_protection,
	struct aarch64_branch_protec_type,
	aarch64_handle_no_branch_protection,
	aarch64_handle_standard_branch_protection,
	aarch64_validate_mbranch_protection,
	aarch64_handle_pac_ret_protection,
	aarch64_handle_attr_branch_protection,
	accepted_branch_protection_string,
	aarch64_pac_ret_subtypes,
	aarch64_branch_protec_types,
	aarch64_handle_pac_ret_leaf): Define.
	(aarch64_override_options_after_change_1): Add check for
	accepted_branch_protection_string.
	(aarch64_override_options): Add check for
	accepted_branch_protection_string.
	(aarch64_option_save): Save accepted_branch_protection_string.
	(aarch64_option_restore): Save
	accepted_branch_protection_string.
	* config/aarch64/aarch64.c (aarch64_attributes): Add branch-protection.
	* config/aarch64/aarch64.opt: Add mbranch-protection. Deprecate
	msign-return-address.
	* doc/invoke.texi: Add mbranch-protection.

gcc/testsuite/ChangeLog:

2018-11-02  Sam Tebbs<sam.tebbs@arm.com>

	* (gcc.target/aarch64/return_address_sign_1.c,
	gcc.target/aarch64/return_address_sign_2.c,
	gcc.target/aarch64/return_address_sign_3.c (__attribute__)): Change
	option to -mbranch-protection.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: latest.patch
Type: text/x-patch
Size: 16435 bytes
Desc: latest.patch
URL: <http://gcc.gnu.org/pipermail/gcc-patches/attachments/20181102/a66ba208/attachment.bin>