On Wed, 7 Aug 2024 17:27:00 GMT, Andrew Haley <a...@openjdk.org> wrote:
> Can you explain why we want to support PAC without BTI? Would anyone use such > a config? Thanks for reviewing @theRealAph . Sorry, I don't quite understand your question. Do you mean why we currently only support PAC? PAC is mandatory from Armv8.3 for ROP attacks, while BTI is mandatory from Armv8.5 for JOP attacks. JDK currently has PAC enabled, but not BTI. Or do you mean if we need the option to just support one of them? Now we enable BTI and PAC at the same time by configuring `--enable-branch-protection` and disable them without the flag, i.e. both or nothing. GCC supports all options to give maximum flexibility, just in case anyone wants it. What do you think? Thanks. ------------- PR Comment: https://git.openjdk.org/jdk/pull/20491#issuecomment-2278041901
