- Add command line options for selecting the B key when enabling return address signing (also tidy up the msign_return_address tablegen definiton by suffixing the option with EQ)
- This expands the -msign-return-address=<scope> to now be -msign-return-address=<scope>[+<key>] where <key> is one of a_key or b_key. The default key is a_key.
- Generate the "sign-return-address-key" function attribute with the relevant key
Details
Diff Detail
Event Timeline
test/CodeGen/aarch64-sign-return-address.c | ||
---|---|---|
1–3 | If the default is the a_key, does this test need to check the a_key attribute? |
This looks like it has the same problem as D51418 (doesn't get applied to C++ static constructor functions).
- updated tests to check the default a_key attribute is included in functions that have the return address signing scope attribute
- setting the return-address-sign-key attribute of global static constructors
- Introduce the -mbranch-protection option. This is to be used for both pointer authentication and branch protection security features.
- The branch protection compiler support will follow later
- The options available are -mbranch-protection=<type>(+<type>)* where <type> ::= [bti,pac-ret[+leaf,b-key]*]
- This should be the primary way of using branch protection features and the -msign-return-address option should be deprecated
- Remove the b-key selection from the earlier patch for -msign-return-address
include/clang/Frontend/CodeGenOptions.h | ||
---|---|---|
117 | Perhaps a line of comment on each enum-value would be useful (much like the code around). |
include/clang/Frontend/CodeGenOptions.h | ||
---|---|---|
117 | I'm not sure what value there would be in adding extra comments here, I think the values are fairly self explanatory. |
lib/Frontend/CompilerInvocation.cpp | ||
---|---|---|
1133 | The driver code is emitting a separate -msign-return-address-key= option, but this is expecting the key to still be part of -msign-return-address=, so we can never end up selecting the B key. Out of the two approaches, I prefer having multiple simpler options in CC1, so that we don't have to repeat all of the parsing that happens in the driver. Also, you're emitting the -mbranch-target-enforce option in the driver, but not handling it here. We should either reject it in the driver for now, or add the CC1 part of that in this patch. |
- Stop parsing msign-return-address as a scope and key pair
- pass bti value through to the CC1 driver and handle it, this adds the branch-target-enforce attribute to functions
lib/CodeGen/CGDeclCXX.cpp | ||
---|---|---|
364 | LLVM style has the opening brace on the same line as the if. There's a git-clang-format script in the clang repo which can fix up style issues like this for a whole patch, changing touching lines you haven't changes. | |
374 | I think we need to handle branch-target-enforcement here too. | |
lib/CodeGen/TargetInfo.cpp | ||
4988 | Style nit: brace on same line as if. | |
lib/Driver/ToolChains/Clang.cpp | ||
1433 | Please add a comment about what the parts of the return value are. | |
1440 | I'm not sure what this is trying to say. Is it referring to the "standard" case below? | |
1448 | I'd make this 4, because that's the longest sensible argument ("pac-ret+leaf+b-key+bti"). | |
1460 | Add a comment about the fact that "leaf" and "b-key" must follow "pac-ret", to explain why we don't just parse this in one loop. | |
1543 | Nit: brace on same line as if. | |
test/CodeGenCXX/aarch64-sign-return-address-static-ctor.cpp | ||
7 | This should also test branch target enforcement (it's also missing from the code). |
This was committed under 345273. (Forgot to mention the revision in the commit message)
Perhaps a line of comment on each enum-value would be useful (much like the code around).