diff --git a/gcc/ChangeLog b/gcc/ChangeLog index e19b1aecf9b3..fbdf51d21594 100644 --- a/gcc/ChangeLog +++ b/gcc/ChangeLog @@ -1,3 +1,12 @@ +2018-01-09 Sudakshina Das + + * config/aarch64/aarch64.c (aarch64_override_options): Add case to + check configure option to set BTI and Return Address Signing. + * configure.ac: Add --enable-standard-branch-protection and + --disable-standard-branch-protection. + * configure: Regenerated. + * doc/install.texi: Document the same. + 2018-01-09 Sudakshina Das Ramana Radhakrishnan diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c index d5e140dd08a8..0b0bc854db7a 100644 --- a/gcc/config/aarch64/aarch64.c +++ b/gcc/config/aarch64/aarch64.c @@ -11825,6 +11825,28 @@ aarch64_override_options (void) if (!selected_tune) selected_tune = selected_cpu; + if (aarch64_enable_bti == 2) + { +#ifdef TARGET_ENABLE_BTI + aarch64_enable_bti = 1; +#else + aarch64_enable_bti = 0; +#endif + } + + /* Return address signing is currently not supported for ILP32 targets. For + LP64 targets use the configured option in the absence of a command-line + option for -mbranch-protection. */ + if (!TARGET_ILP32 && accepted_branch_protection_string == NULL) + { +#ifdef TARGET_ENABLE_PAC_RET + aarch64_ra_sign_scope = AARCH64_FUNCTION_NON_LEAF; + aarch64_ra_sign_key = AARCH64_KEY_A; +#else + aarch64_ra_sign_scope = AARCH64_FUNCTION_NONE; +#endif + } + #ifndef HAVE_AS_MABI_OPTION /* The compiler may have been configured with 2.23.* binutils, which does not have support for ILP32. */ diff --git a/gcc/configure b/gcc/configure index caebe4c08852..ed76a7e8d9c1 100755 --- a/gcc/configure +++ b/gcc/configure @@ -979,6 +979,7 @@ with_plugin_ld enable_gnu_indirect_function enable_initfini_array enable_comdat +enable_standard_branch_protection enable_fix_cortex_a53_835769 enable_fix_cortex_a53_843419 with_glibc_version @@ -1708,6 +1709,14 @@ Optional Features: --enable-initfini-array use .init_array/.fini_array sections --enable-comdat enable COMDAT group support + --enable-standard-branch-protection + enable Branch Target Identification Mechanism and + Return Address Signing by default for AArch64 + --disable-standard-branch-protection + disable Branch Target Identification Mechanism and + Return Address Signing by default for AArch64 + + --enable-fix-cortex-a53-835769 enable workaround for AArch64 Cortex-A53 erratum 835769 by default @@ -25054,6 +25063,25 @@ if test $gcc_cv_as_aarch64_picreloc = yes; then $as_echo "#define HAVE_AS_SMALL_PIC_RELOCS 1" >>confdefs.h +fi + + # Enable Branch Target Identification Mechanism and Return Address + # Signing by default. + # Check whether --enable-standard-branch-protection was given. +if test "${enable_standard_branch_protection+set}" = set; then : + enableval=$enable_standard_branch_protection; + case $enableval in + yes) + tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1" + ;; + no) + ;; + *) + as_fn_error "'$enableval' is an invalid value for --enable-standard-branch-protection.\ + Valid choices are 'yes' and 'no'." "$LINENO" 5 + ;; + esac + fi # Enable default workaround for AArch64 Cortex-A53 erratum 835769. diff --git a/gcc/configure.ac b/gcc/configure.ac index ea5edfa9ac59..e3a455817cbc 100644 --- a/gcc/configure.ac +++ b/gcc/configure.ac @@ -3962,6 +3962,29 @@ case "$target" in ldr x0, [[x2, #:gotpage_lo15:globalsym]] ],,[AC_DEFINE(HAVE_AS_SMALL_PIC_RELOCS, 1, [Define if your assembler supports relocs needed by -fpic.])]) + # Enable Branch Target Identification Mechanism and Return Address + # Signing by default. + AC_ARG_ENABLE(standard-branch-protection, + [ +AS_HELP_STRING([--enable-standard-branch-protection], + [enable Branch Target Identification Mechanism and Return Address Signing by default for AArch64]) +AS_HELP_STRING([--disable-standard-branch-protection], + [disable Branch Target Identification Mechanism and Return Address Signing by default for AArch64]) + ], + [ + case $enableval in + yes) + tm_defines="${tm_defines} TARGET_ENABLE_BTI=1 TARGET_ENABLE_PAC_RET=1" + ;; + no) + ;; + *) + AC_MSG_ERROR(['$enableval' is an invalid value for --enable-standard-branch-protection.\ + Valid choices are 'yes' and 'no'.]) + ;; + esac + ], + []) # Enable default workaround for AArch64 Cortex-A53 erratum 835769. AC_ARG_ENABLE(fix-cortex-a53-835769, [ diff --git a/gcc/doc/install.texi b/gcc/doc/install.texi index dd01e4caeb17..d5e1edbdb0bf 100644 --- a/gcc/doc/install.texi +++ b/gcc/doc/install.texi @@ -3413,6 +3413,16 @@ The workaround is disabled by default if neither of @option{--enable-fix-cortex-a53-843419} or @option{--disable-fix-cortex-a53-843419} is given at configure time. +To enable Branch Target Identification Mechanism and Return Address Signing by +default at configure time use the @option{--enable-standard-branch-protection} +option. This is equivalent to having @option{-mbranch-protection=standard} +during compilation. This can be explicitly disabled during compilation by +passing the @option{-mbranch-protection=none} option which turns off all +types of branch protections. Conversely, +@option{--disable-standard-branch-protection} will disable both the +protections by default. This mechanism is turned off by default if neither +of the options are given at configure time. + @html
@end html diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog index b55a7abd83e1..daa66aa58306 100644 --- a/gcc/testsuite/ChangeLog +++ b/gcc/testsuite/ChangeLog @@ -1,3 +1,12 @@ +2018-01-09 Sudakshina Das + + * gcc.target/aarch64/bti-1.c: Update test to not add command line + option when configure with bti. + * gcc.target/aarch64/bti-2.c: Likewise. + * lib/target-supports.exp + (check_effective_target_default_branch_protection): + Add configure check for --enable-standard-branch-protection. + 2018-01-09 Sudakshina Das * gcc.target/aarch64/bti-1.c: New test. diff --git a/gcc/testsuite/gcc.target/aarch64/bti-1.c b/gcc/testsuite/gcc.target/aarch64/bti-1.c index 575d01a5411a..67551859649f 100644 --- a/gcc/testsuite/gcc.target/aarch64/bti-1.c +++ b/gcc/testsuite/gcc.target/aarch64/bti-1.c @@ -1,6 +1,9 @@ /* { dg-do compile } */ /* -Os to create jump table. */ -/* { dg-options "-Os -mbranch-protection=standard" } */ +/* { dg-options "-Os" } */ +/* If configured with --enable-standard-branch-protection, don't use + command line option. */ +/* { dg-additional-options "-mbranch-protection=standard" { target { ! default_branch_protection } } } */ extern int f1 (void); extern int f2 (void); diff --git a/gcc/testsuite/gcc.target/aarch64/bti-2.c b/gcc/testsuite/gcc.target/aarch64/bti-2.c index e50eef15c893..85943c3d6415 100644 --- a/gcc/testsuite/gcc.target/aarch64/bti-2.c +++ b/gcc/testsuite/gcc.target/aarch64/bti-2.c @@ -1,6 +1,8 @@ /* { dg-do run } */ /* { dg-require-effective-target aarch64_bti_hw } */ -/* { dg-options "-mbranch-protection=standard" } */ +/* If configured with --enable-standard-branch-protection, don't use + command line option. */ +/* { dg-additional-options "-mbranch-protection=standard" { target { ! default_branch_protection } } } */ #include diff --git a/gcc/testsuite/lib/target-supports.exp b/gcc/testsuite/lib/target-supports.exp index d694f495493f..f0043d5dd4f9 100644 --- a/gcc/testsuite/lib/target-supports.exp +++ b/gcc/testsuite/lib/target-supports.exp @@ -4329,6 +4329,11 @@ proc check_effective_target_aarch64_bti_hw { } { } "-O2" ] } +# Return 1 if GCC was configured with --enable-standard-branch-protection +proc check_effective_target_default_branch_protection { } { + return [check_configured_with "enable-standard-branch-protection"] +} + # Return 1 if the target supports the ARMv8.1 Adv.SIMD extension, 0 # otherwise. The test is valid for AArch64 and ARM. Record the command # line options needed.