From patchwork Thu Oct 31 13:23:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 2004653 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=8.43.85.97; helo=server2.sourceware.org; envelope-from=gcc-patches-bounces~incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XfPpg3R17z1xwc for ; Fri, 1 Nov 2024 00:24:11 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 13A793857432 for ; Thu, 31 Oct 2024 13:24:09 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id A9D963857835; Thu, 31 Oct 2024 13:23:35 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A9D963857835 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org A9D963857835 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1730381019; cv=none; b=mVDzCfPBqgWhY/HH4xfBqK3HwVg0rYpZboeZlQab2rr81OVLNnUOtXcgPJnMHgFyIOxtHUW31feQL39ysbeA5mHRlrYox5Zvq+ea+4NzFZOtKgobrxV6BfVZ5CRQRjKk6yJHmmjNLobCSbgw31prwkMOqZQkG03gGI/kDG65Qpg= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1730381019; c=relaxed/simple; bh=Mh0ZKIZep7oWc8dE9aAdeaQZ8Ll59VQF9ocNK4CaYNc=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=Xkx63xwAOSN408CWPzZAXRBs84eWAiHs0SD/Fwd2WAc8GV+G28biocTlGlbPPCOSGOvCYDN3jlmJ0AS0g0TlBeKZTMxv1XfIWI8x20amga7GMzBMmgsc2tb7JJOB9GLa8mXfBGwuUgZ6O77tTs3GZq/NBDArPAFUJ0yKmjH3SWQ= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 41EEF1063; Thu, 31 Oct 2024 06:24:05 -0700 (PDT) Received: from udebian.localdomain (unknown [10.1.31.34]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id B0DA53F528; Thu, 31 Oct 2024 06:23:34 -0700 (PDT) From: Yury Khrustalev To: gcc-patches@gcc.gnu.org Cc: nsz@gcc.gnu.org, richard.earnshaw@arm.com, matthieu.longo@arm.com, richard.ball@arm.com, richard.sandiford@arm.com Subject: [PATCH v2 01/21] aarch64: Add -mbranch-protection=gcs option Date: Thu, 31 Oct 2024 13:23:03 +0000 Message-Id: <20241031132323.948159-2-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241031132323.948159-1-yury.khrustalev@arm.com> References: <20241031132323.948159-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gcc-patches-bounces~incoming=patchwork.ozlabs.org@gcc.gnu.org From: Szabolcs Nagy This enables Guarded Control Stack (GCS) compatible code generation. The "standard" branch-protection type enables it, and the default depends on the compiler default. gcc/ChangeLog: * config/aarch64/aarch64-protos.h (aarch_gcs_enabled): Declare. * config/aarch64/aarch64.cc (aarch_gcs_enabled): Define. (aarch_handle_no_branch_protection): Handle gcs. (aarch_handle_standard_branch_protection): Handle gcs. (aarch_handle_gcs_protection): New. * config/aarch64/aarch64.opt: Add aarch_enable_gcs. * configure: Regenerate. * configure.ac: Handle gcs in --enable-standard-branch-protection. * doc/invoke.texi: Document -mbranch-protection=gcs. --- gcc/config/aarch64/aarch64-protos.h | 2 ++ gcc/config/aarch64/aarch64.cc | 24 ++++++++++++++++++++++++ gcc/config/aarch64/aarch64.opt | 3 +++ gcc/configure | 2 +- gcc/configure.ac | 6 +++--- gcc/doc/invoke.texi | 5 +++-- 6 files changed, 36 insertions(+), 6 deletions(-) diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h index 9be64913091..80c4de0ce60 100644 --- a/gcc/config/aarch64/aarch64-protos.h +++ b/gcc/config/aarch64/aarch64-protos.h @@ -1121,4 +1121,6 @@ extern void aarch64_adjust_reg_alloc_order (); bool aarch64_optimize_mode_switching (aarch64_mode_entity); void aarch64_restore_za (rtx); +extern bool aarch64_gcs_enabled (); + #endif /* GCC_AARCH64_PROTOS_H */ diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc index 0fa7927d821..f87ec2e43b5 100644 --- a/gcc/config/aarch64/aarch64.cc +++ b/gcc/config/aarch64/aarch64.cc @@ -8531,6 +8531,13 @@ aarch_bti_j_insn_p (rtx_insn *insn) return GET_CODE (pat) == UNSPEC_VOLATILE && XINT (pat, 1) == UNSPECV_BTI_J; } +/* Return TRUE if Guarded Control Stack is enabled. */ +bool +aarch64_gcs_enabled (void) +{ + return (aarch64_enable_gcs == 1); +} + /* Check if X (or any sub-rtx of X) is a PACIASP/PACIBSP instruction. */ bool aarch_pac_insn_p (rtx x) @@ -18911,6 +18918,7 @@ aarch64_handle_no_branch_protection (void) { aarch_ra_sign_scope = AARCH_FUNCTION_NONE; aarch_enable_bti = 0; + aarch64_enable_gcs = 0; } static void @@ -18919,6 +18927,7 @@ aarch64_handle_standard_branch_protection (void) aarch_ra_sign_scope = AARCH_FUNCTION_NON_LEAF; aarch64_ra_sign_key = AARCH64_KEY_A; aarch_enable_bti = 1; + aarch64_enable_gcs = 1; } static void @@ -18945,6 +18954,11 @@ aarch64_handle_bti_protection (void) { aarch_enable_bti = 1; } +static void +aarch64_handle_gcs_protection (void) +{ + aarch64_enable_gcs = 1; +} static const struct aarch_branch_protect_type aarch64_pac_ret_subtypes[] = { { "leaf", false, aarch64_handle_pac_ret_leaf, NULL, 0 }, @@ -18959,6 +18973,7 @@ static const struct aarch_branch_protect_type aarch64_branch_protect_types[] = { "pac-ret", false, aarch64_handle_pac_ret_protection, aarch64_pac_ret_subtypes, ARRAY_SIZE (aarch64_pac_ret_subtypes) }, { "bti", false, aarch64_handle_bti_protection, NULL, 0 }, + { "gcs", false, aarch64_handle_gcs_protection, NULL, 0 }, { NULL, false, NULL, NULL, 0 } }; @@ -19058,6 +19073,15 @@ aarch64_override_options (void) #endif } + if (aarch64_enable_gcs == 2) + { +#ifdef TARGET_ENABLE_GCS + aarch64_enable_gcs = 1; +#else + aarch64_enable_gcs = 0; +#endif + } + /* Return address signing is currently not supported for ILP32 targets. For LP64 targets use the configured option in the absence of a command-line option for -mbranch-protection. */ diff --git a/gcc/config/aarch64/aarch64.opt b/gcc/config/aarch64/aarch64.opt index c2c9965b062..36bc719b822 100644 --- a/gcc/config/aarch64/aarch64.opt +++ b/gcc/config/aarch64/aarch64.opt @@ -45,6 +45,9 @@ uint64_t aarch64_isa_flags_1 = 0 TargetVariable unsigned aarch_enable_bti = 2 +TargetVariable +unsigned aarch64_enable_gcs = 2 + TargetVariable enum aarch64_key_type aarch64_ra_sign_key = AARCH64_KEY_A diff --git a/gcc/configure b/gcc/configure index 47c58036530..142bfa82694 100755 --- a/gcc/configure +++ b/gcc/configure @@ -28044,7 +28044,7 @@ if test "${enable_standard_branch_protection+set}" = set; then : enableval=$enable_standard_branch_protection; case $enableval in yes) - tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1" + tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1 TARGET_ENABLE_GCS=1" ;; no) ;; diff --git a/gcc/configure.ac b/gcc/configure.ac index dc8346a7b82..8319e8e5e11 100644 --- a/gcc/configure.ac +++ b/gcc/configure.ac @@ -4392,14 +4392,14 @@ case "$target" in AC_ARG_ENABLE(standard-branch-protection, [ AS_HELP_STRING([--enable-standard-branch-protection], - [enable Branch Target Identification Mechanism and Return Address Signing by default for AArch64]) + [enable Branch Target Identification Mechanism, Return Address Signing, and Guarded Control Stack by default for AArch64]) AS_HELP_STRING([--disable-standard-branch-protection], - [disable Branch Target Identification Mechanism and Return Address Signing by default for AArch64]) + [disable Branch Target Identification Mechanism, Return Address Signing, and Guarded Control Stack by default for AArch64]) ], [ case $enableval in yes) - tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1" + tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1 TARGET_ENABLE_GCS=1" ;; no) ;; diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index 19c148a7d6f..43b96bb5e07 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -814,7 +814,7 @@ Objective-C and Objective-C++ Dialects}. -mpc-relative-literal-loads -msign-return-address=@var{scope} -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf} -+@var{b-key}]|@var{bti} ++@var{b-key}]|@var{bti}|@var{gcs} -mharden-sls=@var{opts} -march=@var{name} -mcpu=@var{name} -mtune=@var{name} -moverride=@var{string} -mverbose-cost-dump @@ -21589,7 +21589,7 @@ default value is @samp{none}. This option has been deprecated by -mbranch-protection. @opindex mbranch-protection -@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}+@var{b-key}]|@var{bti} +@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}+@var{b-key}]|@var{bti}|@var{gcs} Select the branch protection features to use. @samp{none} is the default and turns off all types of branch protection. @samp{standard} turns on all types of branch protection features. If a feature @@ -21602,6 +21602,7 @@ argument @samp{leaf} can be used to extend the signing to include leaf functions. The optional argument @samp{b-key} can be used to sign the functions with the B-key instead of the A-key. @samp{bti} turns on branch target identification mechanism. +@samp{gcs} turns on guarded control stack compatible code generation. @opindex mharden-sls @item -mharden-sls=@var{opts}