On 14/03/19 01:56, Richard Henderson wrote: > Hmm. The gcc for aarch64 names the similar feature -mbranch-protection. I'm > rather annoyed that the i386 gcc folk appropriated a generic -f name without > actually making the feature generic at the same time.
Wouldn't -fcf-protection=branch also apply to ARM BTI? Pointer authentication can even be enabled by default on GCC 9 if I remember correctly, so it doesn't need an option at all. > Thankfully the aarch64 version does not include shadow stacks, and so is less > invasive into the normal abi -- ARM uses pointer authentication instead. Branch target authentication should probably should be one or more separate -fcf-protection options, but it is reasonable to make it generic as well. One could even implement a (much) weaker version of pointer authentication without hardware support. You could mangle the return address on entry and return, for example with a XOR/XOR or ADD/SUB of a per-thread datum, and likewise mangle function pointers with a per-process datum or with a hash based on the function's type signature. Both would need debugger support, and the latter would require modifying hand-written assembly. Paolo
