[PATCH 3/12] arm: Add option -mbranch-protection

Richard Earnshaw Richard.Earnshaw@foss.arm.com
Fri Jul 1 10:59:06 GMT 2022



On 28/04/2022 10:38, Andrea Corallo via Gcc-patches wrote:
> [PATCH 3/12] arm: Add option -mbranch-protection
> 
> Add -mbranch-protection option.  This option enables the
> code-generation of pointer signing and authentication instructions in
> function prologues and epilogues.
> 
> gcc/ChangeLog:
> 
> 	* config/arm/arm.c (arm_configure_build_target): Parse and validate
> 	-mbranch-protection option and initialize appropriate data structures.
> 	* config/arm/arm.opt (-mbranch-protection): New option.
> 	* doc/invoke.texi (Arm Options): Document it.
> 
> Co-Authored-By: Tejas Belagod  <tbelagod@arm.com>
> Co-Authored-By: Richard Earnshaw <Richard.Earnshaw@arm.com>
> 
+@item
+-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]]
+@opindex mbranch-protection
+Enable branch protection features (armv8.1-m.main only).
+@samp{none} generate code without branch protection or return address
+signing.
+@samp{standard[+@var{leaf}]} generate code with all branch protection
+features enabled at their standard level.
+@samp{pac-ret[+@var{leaf}]} generate code with return address signing
+set to its standard level, which is to sign all functions that save
+the return address to memory.
+@samp{leaf} When return address signing is enabled, also sign leaf
+functions even if they do not write the return address to memory.
++@samp{bti} Add landing-pad instructions at the permitted targets of
+indirect branch instructions.
+
+If the @samp{+pacbti} architecture extension is not enabled, then all
+branch protection and return address signing operations are
+constrained to use only the instructions defined in the
+architectural-NOP space. The generated code will remain
+backwards-compatible with earlier versions of the architecture, but
+the additional security can be enabled at run time on processors that
+support the @samp{PACBTI} extension.
+
+Branch target enforcement using BTI can only be enabled at runtime if
+all code in the application has been compiled with at least
+@samp{-mbranch-protection=bti}.
+
+The default is to generate code without branch protection or return
+address signing.

This needs to make it clear that -mbranch-protection != none is only 
supported on armv8-m.main or later.

R.


More information about the Gcc-patches mailing list