Re: [Patch 3/8, Arm, GCC] Add option -mbranch-protection. [Was RE: [Patch 2/7, Arm, GCC] Add option -mbranch-protection.]

Fri, 03 Dec 2021 07:55:20 -0800 



On 28/10/2021 12:42, Tejas Belagod via Gcc-patches wrote:




-----Original Message-----
From: Richard Earnshaw <richard.earns...@arm.com>
Sent: Monday, October 11, 2021 1:58 PM
To: Tejas Belagod <tejas.bela...@arm.com>; gcc-patches@gcc.gnu.org
Subject: Re: [Patch 2/7, Arm, GCC] Add option -mbranch-protection.

On 08/10/2021 13:17, Tejas Belagod via Gcc-patches wrote:

Hi,

Add -mbranch-protection option and its associated parsing routines.
This option enables the code-generation of pointer signing and
authentication instructions in function prologues and epilogues.

Tested on arm-none-eabi. OK for trunk?

2021-10-04  Tejas Belagod  <tbela...@arm.com>

gcc/ChangeLog:

        * common/config/arm/arm-common.c
         (arm_print_hit_for_pacbti_option): New.
         (arm_progress_next_token): New.
         (arm_parse_pac_ret_clause): New routine for parsing the
        pac-ret clause for -mbranch-protection.
        (arm_parse_pacbti_option): New routine to parse all the options
        to -mbranch-protection.
        * config/arm/arm-protos.h (arm_parse_pacbti_option): Export.
        * config/arm/arm.c (arm_configure)build_target): Handle option
        to -mbranch-protection.
        * config/arm/arm.opt (mbranch-protection). New.
        (arm_enable_pacbti): New.



You're missing documentation for invoke.texi.

Also, how does this differ from the exising option in aarch64?  Can the code
from that be adapted to be made common to both targets rather than doing
a new implementation?

Finally, there are far to many manifest constants in this patch, they need
replacing with enums or #defines as appropriate if we cannot share the
aarch64 code.


Thanks for the reviews.

Add -mbranch-protection option.  This option enables the code-generation of
pointer signing and authentication instructions in function prologues and
epilogues.

2021-10-25  Tejas Belagod  <tbela...@arm.com>

gcc/ChangeLog:

        * config/arm/arm.c (arm_configure_build_target): Parse and validate
        -mbranch-protection option and initialize appropriate data structures.
        * config/arm/arm.opt: New option -mbranch-protection.


.../arm.opt (-mbranch-protection) : New option.


        * doc/invoke.texi: Document -mbranch-protection.


.../invoke.texi (Arm Options): Document it.



Tested the following configurations, OK for trunk?

-mthumb/-march=armv8.1-m.main+pacbti/-mfloat-abi=soft
-marm/-march=armv7-a/-mfpu=vfpv3-d16/-mfloat-abi=softfp
mcmodel=small and tiny
aarch64-none-linux-gnu native test and bootstrap




+@item 
-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]]

+@opindex mbranch-protection
+Select the branch protection features to use.
+@samp{none} is the default and turns off all types of branch protection.

+@samp{standard} turns on all types of branch protection features.  If a 
feature

+has additional tuning options, then @samp{standard} sets it to its standard
+level.
+@samp{pac-ret[+@var{leaf}]} turns on return address signing to its standard
+level: signing functions that save the return address to memory (non-leaf

+functions will practically always do this).  The optional argument 
@samp{leaf}

+can be used to extend the signing to include leaf functions.
+@samp{bti} turns on branch target identification mechanism.

This doesn't really use the right documentation style.  Closer would be:

===============

@item 
-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]]

@opindex mbranch-protection
Enable branch protection features (armv8.1-m.main only).

@samp{none} generate code without branch protection or return address 
signing.
@samp{standard[+@var{leaf}]} generate code with all branch protection 
features enabled at their standard level.
@samp{pac-ret[+@var{leaf}]} generate code with return address signing 
set to its standard level, which is to sign all functions that save the 
return address to memory.
@samp{leaf} When return address signing is enabled, also sign leaf 
functions even if they do not write the return address to memory.
+@samp{bti} Add landing-pad instructions at the permitted targets of 
indirect branch instructions.



If the @samp{+pacbti} architecture extension is not enabled, then all 
branch protection and return address signing operations are constrained 
to use only the instructions defined in the architectural-NOP space. 
The generated code will remain backwards-compatible with earlier 
versions of the architecture, but the additional security can be enabled 
at run time on processors that support the @samp{PACBTI} extension.



Branch target enforcement using BTI can only be enabled at runtime if 
all code in the application has been compiled with at least 
@samp{-mbranch-protection=bti}.



The default is to generate code without branch protection or return 
address signing.

================

R.






















					Reply via email to