https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106671
Bug ID: 106671
Summary: aarch64: BTI instruction are not inserted for
cross-section direct calls
Product: gcc
Version: 12.1.1
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: scott at os dot amperecomputing.com
Target Milestone: ---
Created attachment 53469
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53469&action=edit
[PATCH] aarch64: Add a BTI test for cross-section calls
Direct calls to functions in other sections do not cause `bti c` instructions
to be added to the callee. During linking, if the sections are farther apart
than a direct branch can reach, a trampoline indirect branch sequence may be
added. Because the callee does not have a `bti c` instruction, the call will
result in a Branch Target exception.
With the attached test case on `cc (GCC) 12.1.1 20220507 (Red Hat 12.1.1-1)`,
the code compiles to (trimmed):
.text
func:
mov w0, 37
ret
.section .main.text,"ax",@progbits
main:
hint 25 // paciasp
stp x29, x30, [sp, -16]!
mov x29, sp
bl func
cmp w0, 37
cset w0, ne
ldp x29, x30, [sp], 16
hint 29 // autiasp
ret
And then linking yields:
0000000000040118 <func>:
40118: 528004a0 mov w0, #0x25 // #37
4011c: d65f03c0 ret
0000000010040000 <main>:
10040000: d503233f paciasp
10040004: a9bf7bfd stp x29, x30, [sp, #-16]!
10040008: 910003fd mov x29, sp
1004000c: 94000009 bl 10040030 <___veneer>
10040010: 7100941f cmp w0, #0x25
10040014: 1a9f07e0 cset w0, ne // ne = any
10040018: a8c17bfd ldp x29, x30, [sp], #16
1004001c: d50323bf autiasp
10040020: d65f03c0 ret
0000000010040030 <___veneer>:
10040030: 90f80010 adrp x16, 40000 <_start>
10040034: 91046210 add x16, x16, #0x118
10040038: d61f0200 br x16
Finally, I've made this little test case, but the real case where I'm running
into this is in the Linux kernel, where the two sections are .init.text and
.text, and the equivalent of a ___veneer thing is in the module plt.
