[gentoo-commits] repo/gentoo:master commit in: sys-devel/gcc/

[Sam James]

commit:     84d8df0d57240632244bcc7487faa18220492af0
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 11 19:11:19 2024 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Mar 11 19:20:17 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84d8df0d

sys-devel/gcc: update USE=cet description for arm64 BTI/PAC (branch-protection)

Also, update the description for CET not being supported on x86 (see 
21a25eb278b04b204b043bc23750eec632e3bef0).

It was originally planned upstream but has been dropped.

Bug: https://bugs.gentoo.org/916381
Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-devel/gcc/metadata.xml | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/sys-devel/gcc/metadata.xml b/sys-devel/gcc/metadata.xml
index 93ff067baadb..853d96579504 100644
--- a/sys-devel/gcc/metadata.xml
+++ b/sys-devel/gcc/metadata.xml
@@ -8,20 +8,31 @@
        <use>
                <flag name="ada">Build the ADA language (GNAT) frontend</flag>
                <flag name="cet" restrict="&gt;=sys-devel/gcc-10">
-                       Enable support for Intel Control Flow Enforcement 
Technology (CET).
+                       Enable support for control flow hijacking protection.
 
-                       Only effective on amd64/x86.
+                       On amd64, this provides Intel Control Flow Enforcement 
Technology (CET).
+
+                       On arm64, this provides Branch Target Identification 
(BTI)
+                       and Pointer Authentication Code (PAC) support.
+
+                       This is only effective on amd64 or arm64.
 
                        Only provides benefits on newer CPUs. For Intel, the CPU
                        must be at least as new as Tiger Lake. For AMD, it must 
be
                        at least as new as Zen 3. This is harmless on older 
CPUs,
                        but provides no benefit either.
 
-                       When combined with USE=hardened, GCC will set 
-fcf-protection
+                       For ARM64, PAC was introduced in armv8.3-a, and BTI was
+                       introduced in armv8.5-a.
+
+                       When combined with USE=hardened on amd64, GCC will set 
-fcf-protection
                        by default when building software. The effect is minimal
                        on systems which do not support it, other than a 
possible
                        small increase in codesize for the NOPs. The generated
                        code is therefore compatible with i686 at the earliest.
+
+                       On arm64, GCC will set -mbranch-protection=standard by 
default
+                       when building software.
                </flag>
                <flag name="d">Enable support for the D programming 
language</flag>
                <flag name="debug">