diff options
| -rw-r--r-- | gcc/config/aarch64/aarch64.c | 11 | ||||
| -rw-r--r-- | gcc/testsuite/gcc.target/aarch64/return_address_sign_1.c | 8 | ||||
| -rw-r--r-- | gcc/testsuite/gcc.target/aarch64/return_address_sign_b_1.c | 8 |
3 files changed, 19 insertions, 8 deletions
diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c index 26cbeff..6ef2e39 100644 --- a/gcc/config/aarch64/aarch64.c +++ b/gcc/config/aarch64/aarch64.c @@ -6957,6 +6957,17 @@ aarch64_return_address_signing_enabled (void) /* This function should only be called after frame laid out. */ gcc_assert (cfun->machine->frame.laid_out); + /* Turn return address signing off in any function that uses + __builtin_eh_return. The address passed to __builtin_eh_return + is not signed so either it has to be signed (with original sp) + or the code path that uses it has to avoid authenticating it. + Currently eh return introduces a return to anywhere gadget, no + matter what we do here since it uses ret with user provided + address. An ideal fix for that is to use indirect branch which + can be protected with BTI j (to some extent). */ + if (crtl->calls_eh_return) + return false; + /* If signing scope is AARCH64_FUNCTION_NON_LEAF, we only sign a leaf function if its LR is pushed onto stack. */ return (aarch64_ra_sign_scope == AARCH64_FUNCTION_ALL diff --git a/gcc/testsuite/gcc.target/aarch64/return_address_sign_1.c b/gcc/testsuite/gcc.target/aarch64/return_address_sign_1.c index 0140bee..232ba67 100644 --- a/gcc/testsuite/gcc.target/aarch64/return_address_sign_1.c +++ b/gcc/testsuite/gcc.target/aarch64/return_address_sign_1.c @@ -41,12 +41,12 @@ func3 (int a, int b, int c) void __attribute__ ((target ("arch=armv8.3-a"))) func4 (long offset, void *handler, int *ptr, int imm1, int imm2) { - /* paciasp */ + /* no paciasp */ *ptr = imm1 + foo (imm1) + imm2; __builtin_eh_return (offset, handler); - /* autiasp */ + /* no autiasp */ return; } -/* { dg-final { scan-assembler-times "autiasp" 4 } } */ -/* { dg-final { scan-assembler-times "paciasp" 4 } } */ +/* { dg-final { scan-assembler-times "autiasp" 3 } } */ +/* { dg-final { scan-assembler-times "paciasp" 3 } } */ diff --git a/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_1.c b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_1.c index 32d788d..43e32ab 100644 --- a/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_1.c +++ b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_1.c @@ -41,12 +41,12 @@ func3 (int a, int b, int c) void __attribute__ ((target ("arch=armv8.3-a"))) func4 (long offset, void *handler, int *ptr, int imm1, int imm2) { - /* pacibsp */ + /* no pacibsp */ *ptr = imm1 + foo (imm1) + imm2; __builtin_eh_return (offset, handler); - /* autibsp */ + /* no autibsp */ return; } -/* { dg-final { scan-assembler-times "pacibsp" 4 } } */ -/* { dg-final { scan-assembler-times "autibsp" 4 } } */ +/* { dg-final { scan-assembler-times "pacibsp" 3 } } */ +/* { dg-final { scan-assembler-times "autibsp" 3 } } */ |