2018-01-09 Sudakshina Das <sudi.das@arm.com>
+
+ * config/aarch64/aarch64.c (aarch64_override_options): Add case to
+ check configure option to set BTI and Return Address Signing.
+ * configure.ac: Add --enable-standard-branch-protection and
+ --disable-standard-branch-protection.
+ * configure: Regenerated.
+ * doc/install.texi: Document the same.
+
+2018-01-09 Sudakshina Das <sudi.das@arm.com>
Ramana Radhakrishnan <ramana.radhakrishnan@arm.com>
* config.gcc (aarch64*-*-*): Add aarch64-bti-insert.o.
if (!selected_tune)
selected_tune = selected_cpu;
+ if (aarch64_enable_bti == 2)
+ {
+#ifdef TARGET_ENABLE_BTI
+ aarch64_enable_bti = 1;
+#else
+ aarch64_enable_bti = 0;
+#endif
+ }
+
+ /* Return address signing is currently not supported for ILP32 targets. For
+ LP64 targets use the configured option in the absence of a command-line
+ option for -mbranch-protection. */
+ if (!TARGET_ILP32 && accepted_branch_protection_string == NULL)
+ {
+#ifdef TARGET_ENABLE_PAC_RET
+ aarch64_ra_sign_scope = AARCH64_FUNCTION_NON_LEAF;
+ aarch64_ra_sign_key = AARCH64_KEY_A;
+#else
+ aarch64_ra_sign_scope = AARCH64_FUNCTION_NONE;
+#endif
+ }
+
#ifndef HAVE_AS_MABI_OPTION
/* The compiler may have been configured with 2.23.* binutils, which does
not have support for ILP32. */
enable_gnu_indirect_function
enable_initfini_array
enable_comdat
+enable_standard_branch_protection
enable_fix_cortex_a53_835769
enable_fix_cortex_a53_843419
with_glibc_version
--enable-initfini-array use .init_array/.fini_array sections
--enable-comdat enable COMDAT group support
+ --enable-standard-branch-protection
+ enable Branch Target Identification Mechanism and
+ Return Address Signing by default for AArch64
+ --disable-standard-branch-protection
+ disable Branch Target Identification Mechanism and
+ Return Address Signing by default for AArch64
+
+
--enable-fix-cortex-a53-835769
enable workaround for AArch64 Cortex-A53 erratum
835769 by default
fi
+ # Enable Branch Target Identification Mechanism and Return Address
+ # Signing by default.
+ # Check whether --enable-standard-branch-protection was given.
+if test "${enable_standard_branch_protection+set}" = set; then :
+ enableval=$enable_standard_branch_protection;
+ case $enableval in
+ yes)
+ tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1"
+ ;;
+ no)
+ ;;
+ *)
+ as_fn_error "'$enableval' is an invalid value for --enable-standard-branch-protection.\
+ Valid choices are 'yes' and 'no'." "$LINENO" 5
+ ;;
+ esac
+
+fi
+
# Enable default workaround for AArch64 Cortex-A53 erratum 835769.
# Check whether --enable-fix-cortex-a53-835769 was given.
if test "${enable_fix_cortex_a53_835769+set}" = set; then :
ldr x0, [[x2, #:gotpage_lo15:globalsym]]
],,[AC_DEFINE(HAVE_AS_SMALL_PIC_RELOCS, 1,
[Define if your assembler supports relocs needed by -fpic.])])
+ # Enable Branch Target Identification Mechanism and Return Address
+ # Signing by default.
+ AC_ARG_ENABLE(standard-branch-protection,
+ [
+AS_HELP_STRING([--enable-standard-branch-protection],
+ [enable Branch Target Identification Mechanism and Return Address Signing by default for AArch64])
+AS_HELP_STRING([--disable-standard-branch-protection],
+ [disable Branch Target Identification Mechanism and Return Address Signing by default for AArch64])
+ ],
+ [
+ case $enableval in
+ yes)
+ tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1"
+ ;;
+ no)
+ ;;
+ *)
+ AC_MSG_ERROR(['$enableval' is an invalid value for --enable-standard-branch-protection.\
+ Valid choices are 'yes' and 'no'.])
+ ;;
+ esac
+ ],
+ [])
# Enable default workaround for AArch64 Cortex-A53 erratum 835769.
AC_ARG_ENABLE(fix-cortex-a53-835769,
[
@option{--enable-fix-cortex-a53-843419} or
@option{--disable-fix-cortex-a53-843419} is given at configure time.
+To enable Branch Target Identification Mechanism and Return Address Signing by
+default at configure time use the @option{--enable-standard-branch-protection}
+option. This is equivalent to having @option{-mbranch-protection=standard}
+during compilation. This can be explicitly disabled during compilation by
+passing the @option{-mbranch-protection=none} option which turns off all
+types of branch protections. Conversely,
+@option{--disable-standard-branch-protection} will disable both the
+protections by default. This mechanism is turned off by default if neither
+of the options are given at configure time.
+
@html
<hr />
@end html
2018-01-09 Sudakshina Das <sudi.das@arm.com>
+ * gcc.target/aarch64/bti-1.c: Update test to not add command line
+ option when configure with bti.
+ * gcc.target/aarch64/bti-2.c: Likewise.
+ * lib/target-supports.exp
+ (check_effective_target_default_branch_protection):
+ Add configure check for --enable-standard-branch-protection.
+
+2018-01-09 Sudakshina Das <sudi.das@arm.com>
+
* gcc.target/aarch64/bti-1.c: New test.
* gcc.target/aarch64/bti-2.c: New test.
* gcc.target/aarch64/bti-3.c: New test.
/* { dg-do compile } */
/* -Os to create jump table. */
-/* { dg-options "-Os -mbranch-protection=standard" } */
+/* { dg-options "-Os" } */
+/* If configured with --enable-standard-branch-protection, don't use
+ command line option. */
+/* { dg-additional-options "-mbranch-protection=standard" { target { ! default_branch_protection } } } */
extern int f1 (void);
extern int f2 (void);
/* { dg-do run } */
/* { dg-require-effective-target aarch64_bti_hw } */
-/* { dg-options "-mbranch-protection=standard" } */
+/* If configured with --enable-standard-branch-protection, don't use
+ command line option. */
+/* { dg-additional-options "-mbranch-protection=standard" { target { ! default_branch_protection } } } */
#include<stdio.h>
} "-O2" ]
}
+# Return 1 if GCC was configured with --enable-standard-branch-protection
+proc check_effective_target_default_branch_protection { } {
+ return [check_configured_with "enable-standard-branch-protection"]
+}
+
# Return 1 if the target supports the ARMv8.1 Adv.SIMD extension, 0
# otherwise. The test is valid for AArch64 and ARM. Record the command
# line options needed.