From patchwork Wed Aug 2 15:48:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Feng Xue OS X-Patchwork-Id: 1816067 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256 header.s=default header.b=sarn9Q9t; dkim-atps=neutral Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4RGGcn38mjz1yYC for ; Thu, 3 Aug 2023 01:49:26 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id AD4E43858D1E for ; Wed, 2 Aug 2023 15:49:23 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AD4E43858D1E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1690991363; bh=/g3dmG5IUWCGJFrT0Q1cIDg02+7kqPn7ymiW2v7YpRU=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:From; b=sarn9Q9tkwaMV/fSMszlzwmb3gsQrKf0oi7mpSlUR2sLRJRWAyitwhH6ep86xeO4E G89KI9NmBEw2UjtJeyWwfjU3/Bb9V5HmjTi3GfYpRV6/10ODz7ESvUn6OnZF4rBeAt u5f5SfRoZEVfif+mdDqX2yvUrdh0MYGCATkGjnVA= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2092.outbound.protection.outlook.com [40.107.96.92]) by sourceware.org (Postfix) with ESMTPS id A5A793858D1E for ; Wed, 2 Aug 2023 15:49:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A5A793858D1E ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nMdZl9GFyeNqhL6Eu+zzABJOK0DO03Jjh+FHETAapo1VMIrsnTam4T2k2hb2DTdTXoNCEoXUjqMWw5NGtYwun7DHAKD/pSpVW5KRjPX3KWeOVWpzuFSOZI3jsyYic5HAxB0nnSFaP1gO1AlOrIfhqX+HIug0cVrzCoyS3EMoXmwH5mTSacAzG6lpg9eNgW8Q5KrV2R6ilUoo76liCzGREkyEYZ3IuGe9jRi0eJ+uKawyMOrYKIi+30EMHR4IXzk8n6Yw5zXgx6ZJk1SS149/oeMnLp4jO86VPk8tBCudf+Urhy9b7OoEhdHYUMRcFjr8WxWMnVsDRQyXPICSpjcoeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/g3dmG5IUWCGJFrT0Q1cIDg02+7kqPn7ymiW2v7YpRU=; b=ZG5qmZuHe0vKPmod2mD3OuAGrki4adhP+xnz3w2f3fDKMG8yZNvWvNNDXEbakhRPIwIbcoTOcFeOUJs2w6Qs1JLGVqPSZDLbmwzb7AuorTWI5TL0TUuMYhJutN0M2TCZyxViPCHjLo+szXZ4mJaEIpOwfsqA8QGjEDoo9wgmbbw7yopVflAIalm+GTf2wloSRzagx/+XTtW1ac7ATfvayjCHj0byrgPemKOwlAcc0GHTR6rnYAnnF7ugnMSez+2YgxRPVNdof3B+2rDMA0eM34qFug5gPfVYq7Z8bj2JMQA7yRh9/S/h4rRQmaEnLLfvLnSHdmXAvyXKmvod1Vf4OQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=os.amperecomputing.com; dmarc=pass action=none header.from=os.amperecomputing.com; dkim=pass header.d=os.amperecomputing.com; arc=none Received: from DM4PR01MB7835.prod.exchangelabs.com (2603:10b6:8:6b::22) by BY3PR01MB6580.prod.exchangelabs.com (2603:10b6:a03:360::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.19; Wed, 2 Aug 2023 15:49:00 +0000 Received: from DM4PR01MB7835.prod.exchangelabs.com ([fe80::41db:49ca:9725:215f]) by DM4PR01MB7835.prod.exchangelabs.com ([fe80::41db:49ca:9725:215f%4]) with mapi id 15.20.6631.045; Wed, 2 Aug 2023 15:49:00 +0000 To: "gcc-patches@gcc.gnu.org" Subject: [PATCH] arm/aarch64: Add bti for all functions [PR106671] Thread-Topic: [PATCH] arm/aarch64: Add bti for all functions [PR106671] Thread-Index: AQHZxVa0PkI9pE6TD0KS0SqTLRYHwQ== Date: Wed, 2 Aug 2023 15:48:59 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: MSIP_Label_5b82cb1d-c2e0-4643-920a-bbe7b2d7cc47_Enabled=True; MSIP_Label_5b82cb1d-c2e0-4643-920a-bbe7b2d7cc47_SiteId=3bc2b170-fd94-476d-b0ce-4229bdc904a7; MSIP_Label_5b82cb1d-c2e0-4643-920a-bbe7b2d7cc47_SetDate=2023-08-02T15:48:57.932Z; MSIP_Label_5b82cb1d-c2e0-4643-920a-bbe7b2d7cc47_Name=Confidential; MSIP_Label_5b82cb1d-c2e0-4643-920a-bbe7b2d7cc47_ContentBits=0; MSIP_Label_5b82cb1d-c2e0-4643-920a-bbe7b2d7cc47_Method=Standard; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DM4PR01MB7835:EE_|BY3PR01MB6580:EE_ x-ms-office365-filtering-correlation-id: 8daef0c9-fe53-4c72-ee0c-08db936ffd0c x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: LdgMs2fNTufJ4RsAXUoufJo7PeJE6e4oPoIqA62D5FVVvzXre26JU7TDDwYVRK4zvYBHyFhBoTVl1YeqqITOAQfMoiSvN7opMbtKT8zIEmSYlCG44V5zXZePyNDrjo4Yc4AQaTEybOwynk7Lj1aH44SDKPhNUoE8PekY38kpVRJZTifrm8pud6O9myAuEOv9ZKgef8r/pDbp/6Aa0mNB5CmclTMYyWZ5+h0ySZYA3J659YhrXZL5l962dtnRIec37RnRMMq/2rX37vZZPjfi2q9E+jwc9c1Yv1n7l2NwEBkqbMIgzRCdhQ7d8VJNTIof/NnKTF1nweMstFNjYoQEuZvLBy3ZgSM57Ri3fMBvTm8+LQO3ZxQez7uIlkNwH1BzQ/Rae7YX0TBi39N6N1P0fomDVkg5aChC1xkrPLwuWIjs1uXdUHDm6AIiISNVwinEs7sf/afLTqKcsBtlOgy/ZwZw/tppc466mzNc3CruYvWlMq7mA3Igoy8Dg1FcbHGhJuxVLPrEYNfDF/rVbWFv0fYhLj6x2fJUBuJKlqvaAU+i6hcxG01aZvltI6zSsHpx6AE6stU6zU3dQ7Xoq+3dOEcoka5nA3bgOVTlbvJ2nBq6Bdl50hmAb5eccFfOrlKB x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR01MB7835.prod.exchangelabs.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(346002)(376002)(39850400004)(366004)(136003)(396003)(451199021)(30864003)(33656002)(478600001)(86362001)(9686003)(6512007)(71200400001)(6486002)(316002)(8676002)(8936002)(41300700001)(5660300002)(6916009)(66446008)(66556008)(66476007)(64756008)(52536014)(83380400001)(76116006)(2906002)(38100700002)(91956017)(66946007)(26005)(38070700005)(122000001)(186003)(6506007); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?q?yg+KEn8NQwgjtG+5W8SzHHg?= =?iso-8859-1?q?SA28F89YOsJ3MsbC8aagZvvQasH9pk+UrCenykA5CtwuvmK+2hptLg5XrQVK?= =?iso-8859-1?q?w2r8Cdy2SdVJqySnN4wE9QWjRqN0i6kZvAm4GEfdoBr3F9h5Upt0tCOLvWMO?= =?iso-8859-1?q?b7vxUJCpLV9buRJq3C1dr68mjCWYHSbBIryAa7uTx//mgEW3+pqyVh+/uGmG?= =?iso-8859-1?q?QQVO0sdsDDbWNEsQ0KezuFG8p7FUcWZ+k6S3+LwW2XkedoKXLkePk2ch28Af?= =?iso-8859-1?q?Nmsbps/eH0b0DuUACapkkgFlHzUndn/YijRBdfJC+FVgCehAi4kuUDUU20Yy?= =?iso-8859-1?q?+m134fmEe23K3Fe8d81QyKMlHtYxJ12sIDKy/yRBi/1P2NMGBRFIs8dv6dXp?= =?iso-8859-1?q?ZbbNOzwFPCFYIkvGaO+t3znqgr6U5aNwVwuOvo4tZ57pFzcS9YFcbD61J7Of?= =?iso-8859-1?q?m8gAi96i8v7DN3/gvdagHn3fnv1xIbP4LWPMpa+nfgms1ltp3v0KYlwbi2n0?= =?iso-8859-1?q?MdXhgvRO71vtbMlQBE6+0cD6+3/lrlewf+tBDZcGFayUrn+GiR0292ptKtI2?= =?iso-8859-1?q?D6SAY+ouyhVGyFq7/uK0vakJ4PdUhs8KjVappqT726KfKpZZBcF3im2ycghW?= =?iso-8859-1?q?L1+PJ/I2TZNZcgMLe78fMBi8tf1l6OCcgBWYWAza9v+QvXbZp51tEsFU6tDo?= =?iso-8859-1?q?wRPKyuf44mxTGiSAn19Hrpl5mH/lAlIm/uaj1KOTX/41ZXIT7Q+UxPyHpPIG?= =?iso-8859-1?q?QjSpG8qjhUEPXMfwLRWsiQULU+h8RzCOLTOeXX6RWza3arbJ2ii5NWBmM4cW?= =?iso-8859-1?q?/bq8JGDwXHQ0PaXlwDsFDPoYipvrOJ0CtErc6Mdr5EkG3cZouilrZEwdS1Hf?= =?iso-8859-1?q?c5+4iyDbEZgqBzyGDeEwZxsn22CKM0HJMEy72PWONX8e5ownySKSw0Ld6KR9?= =?iso-8859-1?q?F1WldG+sDqdDb070dKbdkakdoADRjhvBzYK4mG82YDkoKbD9/rzspoNIsBSn?= =?iso-8859-1?q?qfDhDn7W7ulZbag7sNgn5QZ1YwgdUisEyl6STFDDLG9o7yYD8/4HmVf/V2yo?= =?iso-8859-1?q?njoYHGKDAiO6du6kVH6ZTxZPOna6ohNnyZElmKJ4++uSABsdYTBsNVdUVJ6G?= =?iso-8859-1?q?7tFpaMom4pbmMAnTRWYgrdqfIpr8u4BuE6QfMR+TGildNq+0lbpIw7sQUqV4?= =?iso-8859-1?q?+/kFMo7fiS4ySQUKv8usl35bEmX8j9bgTGKzhhjMYsqHQfJbouqaX0ZgEVwi?= =?iso-8859-1?q?TVCl1Sptjamun6tiOHGr1CCxKLGTZGnc0mUqkqNpFfbzIv9XB1sb1KpnRz1v?= =?iso-8859-1?q?lWGymqCNhAuToEjqI5wB48DN0kIuueA4WVBAuFvbPdX+jqSUBuNzhUwzRb5G?= =?iso-8859-1?q?Jr9q5drqe92TOxQ8MsX0X+vPpfTHLvacS2lRxo8Hf7Sip0gOY0uy5HuN0iRG?= =?iso-8859-1?q?/3taJiMxQfCkxHo/dfXkAaV3laSEcQaYjknNRXHPt8IcH4rid1jk1iEGDBNl?= =?iso-8859-1?q?F5wrMWM6DFy82p9Pmkc26Fuag4mYJ7NgFnh1TMBSKaecIRYswqRn2qw5SmuI?= =?iso-8859-1?q?DaJZMdy1ooBbaybtyHvn6lZyFuzdZcOiP586reO889Nz3IKrVrlTN7eHK/IK?= =?iso-8859-1?q?7hJ/fat248ghxObEpmjiDTKEixHUhSWP0ilRnQw=3D=3D?= MIME-Version: 1.0 X-OriginatorOrg: os.amperecomputing.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM4PR01MB7835.prod.exchangelabs.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8daef0c9-fe53-4c72-ee0c-08db936ffd0c X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Aug 2023 15:48:59.9079 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 3bc2b170-fd94-476d-b0ce-4229bdc904a7 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: O3A78zwY2DT2S86BFL+h/1ii139arZf08rRgYax88DamysZUc6dEsaIT+XpuyfWKwpxsf0OHNd6M0vjuapwV6f5uckuWUITqOG5gNRAeDyk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY3PR01MB6580 X-Spam-Status: No, score=-11.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Feng Xue OS via Gcc-patches From: Feng Xue OS Reply-To: Feng Xue OS Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org Sender: "Gcc-patches" This patch extends option -mbranch-protection=bti with an optional argument as bti[+all] to force compiler to unconditionally insert bti for all functions. Because a direct function call at the stage of compiling might be rewritten to an indirect call with some kind of linker-generated thunk stub as invocation relay for some reasons. One instance is if a direct callee is placed far from its caller, direct BL {imm} instruction could not represent the distance, so indirect BLR {reg} should be used. For this case, a bti is required at the beginning of the callee. caller() { bl callee } => caller() { adrp reg, add reg, reg, #constant blr reg } Although the issue could be fixed with a pretty new version of ld, here we provide another means for user who has to rely on the old ld or other non-ld linker. I also checked LLVM, by default, it implements bti just as the proposed -mbranch-protection=bti+all. Feng --- gcc/config/aarch64/aarch64.cc | 12 +++++++----- gcc/config/aarch64/aarch64.opt | 2 +- gcc/config/arm/aarch-bti-insert.cc | 3 ++- gcc/config/arm/aarch-common.cc | 22 ++++++++++++++++++---- gcc/config/arm/aarch-common.h | 18 ++++++++++++++++++ gcc/config/arm/arm.cc | 4 ++-- gcc/config/arm/arm.opt | 2 +- gcc/doc/invoke.texi | 16 ++++++++++------ gcc/testsuite/gcc.target/aarch64/bti-5.c | 17 +++++++++++++++++ 9 files changed, 76 insertions(+), 20 deletions(-) create mode 100644 gcc/testsuite/gcc.target/aarch64/bti-5.c diff --git a/gcc/config/aarch64/aarch64.cc b/gcc/config/aarch64/aarch64.cc index 71215ef9fee..a404447c8d0 100644 --- a/gcc/config/aarch64/aarch64.cc +++ b/gcc/config/aarch64/aarch64.cc @@ -8997,7 +8997,8 @@ void aarch_bti_arch_check (void) bool aarch_bti_enabled (void) { - return (aarch_enable_bti == 1); + gcc_checking_assert (aarch_enable_bti != AARCH_BTI_FUNCTION_UNSET); + return (aarch_enable_bti != AARCH_BTI_FUNCTION_NONE); } /* Check if INSN is a BTI J insn. */ @@ -18454,12 +18455,12 @@ aarch64_override_options (void) selected_tune = tune ? tune->ident : cpu->ident; - if (aarch_enable_bti == 2) + if (aarch_enable_bti == AARCH_BTI_FUNCTION_UNSET) { #ifdef TARGET_ENABLE_BTI - aarch_enable_bti = 1; + aarch_enable_bti = AARCH_BTI_FUNCTION; #else - aarch_enable_bti = 0; + aarch_enable_bti = AARCH_BTI_FUNCTION_NONE; #endif } @@ -22881,7 +22882,8 @@ aarch64_print_patchable_function_entry (FILE *file, basic_block bb = ENTRY_BLOCK_PTR_FOR_FN (cfun)->next_bb; if (!aarch_bti_enabled () - || cgraph_node::get (cfun->decl)->only_called_directly_p ()) + || (aarch_enable_bti != AARCH_BTI_FUNCTION_ALL + && cgraph_node::get (cfun->decl)->only_called_directly_p ())) { /* Emit the patchable_area at the beginning of the function. */ rtx_insn *insn = emit_insn_before (pa, BB_HEAD (bb)); diff --git a/gcc/config/aarch64/aarch64.opt b/gcc/config/aarch64/aarch64.opt index 025e52d40e5..5571f7e916d 100644 --- a/gcc/config/aarch64/aarch64.opt +++ b/gcc/config/aarch64/aarch64.opt @@ -37,7 +37,7 @@ TargetVariable aarch64_feature_flags aarch64_isa_flags = 0 TargetVariable -unsigned aarch_enable_bti = 2 +enum aarch_bti_function_type aarch_enable_bti = AARCH_BTI_FUNCTION_UNSET TargetVariable enum aarch_key_type aarch_ra_sign_key = AARCH_KEY_A diff --git a/gcc/config/arm/aarch-bti-insert.cc b/gcc/config/arm/aarch-bti-insert.cc index 71a77e29406..babd2490c9f 100644 --- a/gcc/config/arm/aarch-bti-insert.cc +++ b/gcc/config/arm/aarch-bti-insert.cc @@ -164,7 +164,8 @@ rest_of_insert_bti (void) functions that are already protected by Return Address Signing (PACIASP/ PACIBSP). For all other cases insert a BTI C at the beginning of the function. */ - if (!cgraph_node::get (cfun->decl)->only_called_directly_p ()) + if (aarch_enable_bti == AARCH_BTI_FUNCTION_ALL + || !cgraph_node::get (cfun->decl)->only_called_directly_p ()) { bb = ENTRY_BLOCK_PTR_FOR_FN (cfun)->next_bb; insn = BB_HEAD (bb); diff --git a/gcc/config/arm/aarch-common.cc b/gcc/config/arm/aarch-common.cc index 5b96ff4c2e8..7751d40f909 100644 --- a/gcc/config/arm/aarch-common.cc +++ b/gcc/config/arm/aarch-common.cc @@ -666,7 +666,7 @@ static enum aarch_parse_opt_result aarch_handle_no_branch_protection (char* str, char* rest) { aarch_ra_sign_scope = AARCH_FUNCTION_NONE; - aarch_enable_bti = 0; + aarch_enable_bti = AARCH_BTI_FUNCTION_NONE; if (rest) { error ("unexpected %<%s%> after %<%s%>", rest, str); @@ -680,7 +680,7 @@ aarch_handle_standard_branch_protection (char* str, char* rest) { aarch_ra_sign_scope = AARCH_FUNCTION_NON_LEAF; aarch_ra_sign_key = AARCH_KEY_A; - aarch_enable_bti = 1; + aarch_enable_bti = AARCH_BTI_FUNCTION; if (rest) { error ("unexpected %<%s%> after %<%s%>", rest, str); @@ -718,7 +718,15 @@ static enum aarch_parse_opt_result aarch_handle_bti_protection (char* str ATTRIBUTE_UNUSED, char* rest ATTRIBUTE_UNUSED) { - aarch_enable_bti = 1; + aarch_enable_bti = AARCH_BTI_FUNCTION; + return AARCH_PARSE_OK; +} + +static enum aarch_parse_opt_result +aarch_handle_bti_all (char* str ATTRIBUTE_UNUSED, + char* rest ATTRIBUTE_UNUSED) +{ + aarch_enable_bti = AARCH_BTI_FUNCTION_ALL; return AARCH_PARSE_OK; } @@ -728,12 +736,18 @@ static const struct aarch_branch_protect_type aarch_pac_ret_subtypes[] = { { NULL, NULL, NULL, 0 } }; +static const struct aarch_branch_protect_type aarch_bti_subtypes[] = { + { "all", aarch_handle_bti_all, NULL, 0 }, + { NULL, NULL, NULL, 0 } +}; + static const struct aarch_branch_protect_type aarch_branch_protect_types[] = { { "none", aarch_handle_no_branch_protection, NULL, 0 }, { "standard", aarch_handle_standard_branch_protection, NULL, 0 }, { "pac-ret", aarch_handle_pac_ret_protection, aarch_pac_ret_subtypes, ARRAY_SIZE (aarch_pac_ret_subtypes) }, - { "bti", aarch_handle_bti_protection, NULL, 0 }, + { "bti", aarch_handle_bti_protection, aarch_bti_subtypes, + ARRAY_SIZE (aarch_bti_subtypes) }, { NULL, NULL, NULL, 0 } }; diff --git a/gcc/config/arm/aarch-common.h b/gcc/config/arm/aarch-common.h index c6a67f0d05c..c90b9120102 100644 --- a/gcc/config/arm/aarch-common.h +++ b/gcc/config/arm/aarch-common.h @@ -50,6 +50,24 @@ enum aarch_key_type { AARCH_KEY_B }; +/* Function types to insert bti. */ +enum aarch_bti_function_type { + AARCH_BTI_FUNCTION_UNSET = -1u, + /* Don't add bti to any function. */ + AARCH_BTI_FUNCTION_NONE = 0, + /* Add bti to function that may be indirect call target. The judgement is + only made based on the information that compiler could get. However, + at linking stage, a direct call might be rewritten to indirect call with + some kind of linker-generated thunk stub as invocation relay for some + reasons. One instance is if a direct callee is placed far from its + caller, direct branch instruction could not represent the distance. + For this case that have to rely on linker decision, bti would not be + added. */ + AARCH_BTI_FUNCTION, + /* Add bti to all functions. */ + AARCH_BTI_FUNCTION_ALL +}; + struct aarch_branch_protect_type { /* The type's name that the user passes to the branch-protection option diff --git a/gcc/config/arm/arm.cc b/gcc/config/arm/arm.cc index c3e731b8982..3b643438195 100644 --- a/gcc/config/arm/arm.cc +++ b/gcc/config/arm/arm.cc @@ -28616,7 +28616,7 @@ arm_file_start (void) { int val; bool pac = (aarch_ra_sign_scope != AARCH_FUNCTION_NONE); - bool bti = (aarch_enable_bti == 1); + bool bti = (aarch_enable_bti != AARCH_BTI_FUNCTION_NONE); arm_print_asm_arch_directives (asm_out_file, TREE_TARGET_OPTION (target_option_default_node)); @@ -33238,7 +33238,7 @@ void aarch_bti_arch_check (void) bool aarch_bti_enabled (void) { - return aarch_enable_bti != 0; + return aarch_enable_bti != AARCH_BTI_FUNCTION_NONE; } /* Check if INSN is a BTI J insn. */ diff --git a/gcc/config/arm/arm.opt b/gcc/config/arm/arm.opt index 3a49b51ece0..11b987e5891 100644 --- a/gcc/config/arm/arm.opt +++ b/gcc/config/arm/arm.opt @@ -28,7 +28,7 @@ TargetVariable enum aarch_function_type aarch_ra_sign_scope = AARCH_FUNCTION_NONE TargetVariable -unsigned aarch_enable_bti = 0 +enum aarch_bti_function_type aarch_enable_bti = AARCH_BTI_FUNCTION_NONE TargetVariable enum aarch_key_type aarch_ra_sign_key = AARCH_KEY_A diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index 875d1d08b16..87afd411c56 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -778,7 +778,7 @@ Objective-C and Objective-C++ Dialects}. -mpc-relative-literal-loads -msign-return-address=@var{scope} -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf} -+@var{b-key}]|@var{bti} ++@var{b-key}]|@var{bti}[+@var{all}] -mharden-sls=@var{opts} -march=@var{name} -mcpu=@var{name} -mtune=@var{name} -moverride=@var{string} -mverbose-cost-dump @@ -858,7 +858,7 @@ Objective-C and Objective-C++ Dialects}. -mstack-protector-guard=@var{guard} -mstack-protector-guard-offset=@var{offset} -mfdpic -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}] -[+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]]} +[+@var{bti}[+@var{all}]]|@var{bti}[+@var{all}][+@var{pac-ret}[+@var{leaf}]]} @emph{AVR Options} @gccoptlist{-mmcu=@var{mcu} -mabsdata -maccumulate-args @@ -20560,7 +20560,7 @@ default value is @samp{none}. This option has been deprecated by -mbranch-protection. @opindex mbranch-protection -@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}+@var{b-key}]|@var{bti} +@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}+@var{b-key}]|@var{bti}[+@var{all}] Select the branch protection features to use. @samp{none} is the default and turns off all types of branch protection. @samp{standard} turns on all types of branch protection features. If a feature @@ -20572,7 +20572,10 @@ functions will practically always do this) using the a-key. The optional argument @samp{leaf} can be used to extend the signing to include leaf functions. The optional argument @samp{b-key} can be used to sign the functions with the B-key instead of the A-key. -@samp{bti} turns on branch target identification mechanism. +@samp{bti}[+@var{all}] turns on branch target identification mechanism. If +the optional argument @samp{all} is specified, bti-c instruction will be +unconditionally added to the beginning of all functions, otherwise, only +added to function that is supposed to be indirect call target by compiler. @opindex mharden-sls @item -mharden-sls=@var{opts} @@ -22836,7 +22839,7 @@ build the Linux kernel using the same (@code{arm-*-uclinuxfdpiceabi}) toolchain as the one used to build the userland programs. @opindex mbranch-protection -@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}]|@var{bti}[+@var{pac-ret}[+@var{leaf}]] +@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}][+@var{bti}[+@var{all}]]|@var{bti}[+@var{all}][+@var{pac-ret}[+@var{leaf}]] Enable branch protection features (armv8.1-m.main only). @samp{none} generate code without branch protection or return address signing. @@ -22848,7 +22851,8 @@ the return address to memory. @samp{leaf} When return address signing is enabled, also sign leaf functions even if they do not write the return address to memory. +@samp{bti} Add landing-pad instructions at the permitted targets of -indirect branch instructions. +indirect branch instructions. If the optional argument @samp{all} is +specified, the instruction will be unconditionally added to all functions. If the @samp{+pacbti} architecture extension is not enabled, then all branch protection and return address signing operations are diff --git a/gcc/testsuite/gcc.target/aarch64/bti-5.c b/gcc/testsuite/gcc.target/aarch64/bti-5.c new file mode 100644 index 00000000000..654cd0cce7e --- /dev/null +++ b/gcc/testsuite/gcc.target/aarch64/bti-5.c @@ -0,0 +1,17 @@ +/* { dg-do run } */ +/* { dg-options "-O1 -save-temps" } */ +/* { dg-require-effective-target lp64 } */ +/* { dg-additional-options "-mbranch-protection=bti+all" { target { ! default_branch_protection } } } */ + +static int __attribute__((noinline)) +func(int w) { + return 37; +} + +int __attribute__((section(".main.text"))) +main(int argc, char **argv) +{ + return func(argc) == 37 ? 0 : 1; +} + +/* { dg-final { scan-assembler-times "hint\t34" 2 } } */