On 04/07/2022 10:27, Andrea Corallo via Gcc-patches wrote:
Richard Earnshaw <richard.earns...@foss.arm.com> writes: [...]+@item +-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]] +@opindex mbranch-protection +Enable branch protection features (armv8.1-m.main only). +@samp{none} generate code without branch protection or return address +signing. +@samp{standard[+@var{leaf}]} generate code with all branch protection +features enabled at their standard level. +@samp{pac-ret[+@var{leaf}]} generate code with return address signing +set to its standard level, which is to sign all functions that save +the return address to memory. +@samp{leaf} When return address signing is enabled, also sign leaf +functions even if they do not write the return address to memory. ++@samp{bti} Add landing-pad instructions at the permitted targets of +indirect branch instructions. + +If the @samp{+pacbti} architecture extension is not enabled, then all +branch protection and return address signing operations are +constrained to use only the instructions defined in the +architectural-NOP space. The generated code will remain +backwards-compatible with earlier versions of the architecture, but +the additional security can be enabled at run time on processors that +support the @samp{PACBTI} extension. + +Branch target enforcement using BTI can only be enabled at runtime if +all code in the application has been compiled with at least +@samp{-mbranch-protection=bti}. + +The default is to generate code without branch protection or return +address signing. This needs to make it clear that -mbranch-protection != none is only supported on armv8-m.main or later. R.Hi Richard, thanks for reviewing, please find attached the respinned patch. Ok for trunk (when the rest of the series will be approved)? Best Regards Andrea gcc/ChangeLog: * config/arm/arm.c (arm_configure_build_target): Parse and validate -mbranch-protection option and initialize appropriate data structures. * config/arm/arm.opt (-mbranch-protection): New option. * doc/invoke.texi (Arm Options): Document it. Co-Authored-By: Tejas Belagod <tbela...@arm.com> Co-Authored-By: Richard Earnshaw <richard.earns...@arm.com>
OK. R.
