diff options
| author | Matthew Malcomson <matthew.malcomson@arm.com> | 2020-07-09 09:11:58 +0100 |
|---|---|---|
| committer | Matthew Malcomson <matthew.malcomson@arm.com> | 2020-07-09 09:11:58 +0100 |
| commit | a9ba2a9b77bec7eacaf066801f22d1c366a2bc86 (patch) | |
| tree | a9c871fba0e6c6b389f025c54aac4151540aa020 /gcc/doc | |
| parent | 2a39c42a42cdea4a8962b9e140b88e0051894f38 (diff) | |
| download | gcc-a9ba2a9b77bec7eacaf066801f22d1c366a2bc86.zip gcc-a9ba2a9b77bec7eacaf066801f22d1c366a2bc86.tar.gz gcc-a9ba2a9b77bec7eacaf066801f22d1c366a2bc86.tar.bz2 | |
aarch64: New Straight Line Speculation (SLS) mitigation flags
Here we introduce the flags that will be used for straight line speculation.
The new flag introduced is `-mharden-sls=`.
This flag can take arguments of `none`, `all`, or a comma seperated list of one
or more of `retbr` or `blr`.
`none` indicates no special mitigation of the straight line speculation
vulnerability.
`all` requests all mitigations currently implemented.
`retbr` requests that the RET and BR instructions have a speculation barrier
inserted after them.
`blr` requests that BLR instructions are replaced by a BL to a function stub
using a BR with a speculation barrier after it.
Setting this on a per-function basis using attributes or the like is not
enabled, but may be in the future.
gcc/ChangeLog:
2020-06-02 Matthew Malcomson <matthew.malcomson@arm.com>
* config/aarch64/aarch64-protos.h (aarch64_harden_sls_retbr_p):
New.
(aarch64_harden_sls_blr_p): New.
* config/aarch64/aarch64.c (enum aarch64_sls_hardening_type):
New.
(aarch64_harden_sls_retbr_p): New.
(aarch64_harden_sls_blr_p): New.
(aarch64_validate_sls_mitigation): New.
(aarch64_override_options): Parse options for SLS mitigation.
* config/aarch64/aarch64.opt (-mharden-sls): New option.
* doc/invoke.texi: Document new option.
Diffstat (limited to 'gcc/doc')
| -rw-r--r-- | gcc/doc/invoke.texi | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index e21d8a5..f4fc303 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -698,6 +698,7 @@ Objective-C and Objective-C++ Dialects}. -msign-return-address=@var{scope} @gol -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf} +@var{b-key}]|@var{bti} @gol +-mharden-sls=@var{opts} @gol -march=@var{name} -mcpu=@var{name} -mtune=@var{name} @gol -moverride=@var{string} -mverbose-cost-dump @gol -mstack-protector-guard=@var{guard} -mstack-protector-guard-reg=@var{sysreg} @gol @@ -17367,6 +17368,17 @@ functions. The optional argument @samp{b-key} can be used to sign the functions with the B-key instead of the A-key. @samp{bti} turns on branch target identification mechanism. +@item -mharden-sls=@var{opts} +@opindex mharden-sls +Enable compiler hardening against straight line speculation (SLS). +@var{opts} is a comma-separated list of the following options: +@table @samp +@item retbr +@item blr +@end table +In addition, @samp{-mharden-sls=all} enables all SLS hardening while +@samp{-mharden-sls=none} disables all SLS hardening. + @item -msve-vector-bits=@var{bits} @opindex msve-vector-bits Specify the number of bits in an SVE vector register. This option only has |