diff options
Diffstat (limited to 'gcc')
| -rw-r--r-- | gcc/config/aarch64/aarch64-protos.h | 3 | ||||
| -rw-r--r-- | gcc/config/aarch64/aarch64.c | 76 | ||||
| -rw-r--r-- | gcc/config/aarch64/aarch64.opt | 4 | ||||
| -rw-r--r-- | gcc/doc/invoke.texi | 12 |
4 files changed, 95 insertions, 0 deletions
diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h index 9e43adb..8ca67d7 100644 --- a/gcc/config/aarch64/aarch64-protos.h +++ b/gcc/config/aarch64/aarch64-protos.h @@ -780,4 +780,7 @@ extern const atomic_ool_names aarch64_ool_ldeor_names; tree aarch64_resolve_overloaded_builtin_general (location_t, tree, void *); +extern bool aarch64_harden_sls_retbr_p (void); +extern bool aarch64_harden_sls_blr_p (void); + #endif /* GCC_AARCH64_PROTOS_H */ diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c index 2e9672c..b407b13 100644 --- a/gcc/config/aarch64/aarch64.c +++ b/gcc/config/aarch64/aarch64.c @@ -14489,6 +14489,79 @@ aarch64_validate_mcpu (const char *str, const struct processor **res, return false; } +/* Straight line speculation indicators. */ +enum aarch64_sls_hardening_type +{ + SLS_NONE = 0, + SLS_RETBR = 1, + SLS_BLR = 2, + SLS_ALL = 3, +}; +static enum aarch64_sls_hardening_type aarch64_sls_hardening; + +/* Return whether we should mitigatate Straight Line Speculation for the RET + and BR instructions. */ +bool +aarch64_harden_sls_retbr_p (void) +{ + return aarch64_sls_hardening & SLS_RETBR; +} + +/* Return whether we should mitigatate Straight Line Speculation for the BLR + instruction. */ +bool +aarch64_harden_sls_blr_p (void) +{ + return aarch64_sls_hardening & SLS_BLR; +} + +/* As of yet we only allow setting these options globally, in the future we may + allow setting them per function. */ +static void +aarch64_validate_sls_mitigation (const char *const_str) +{ + char *token_save = NULL; + char *str = NULL; + + if (strcmp (const_str, "none") == 0) + { + aarch64_sls_hardening = SLS_NONE; + return; + } + if (strcmp (const_str, "all") == 0) + { + aarch64_sls_hardening = SLS_ALL; + return; + } + + char *str_root = xstrdup (const_str); + str = strtok_r (str_root, ",", &token_save); + if (!str) + error ("invalid argument given to %<-mharden-sls=%>"); + + int temp = SLS_NONE; + while (str) + { + if (strcmp (str, "blr") == 0) + temp |= SLS_BLR; + else if (strcmp (str, "retbr") == 0) + temp |= SLS_RETBR; + else if (strcmp (str, "none") == 0 || strcmp (str, "all") == 0) + { + error ("%<%s%> must be by itself for %<-mharden-sls=%>", str); + break; + } + else + { + error ("invalid argument %<%s%> for %<-mharden-sls=%>", str); + break; + } + str = strtok_r (NULL, ",", &token_save); + } + aarch64_sls_hardening = (aarch64_sls_hardening_type) temp; + free (str_root); +} + /* Parses CONST_STR for branch protection features specified in aarch64_branch_protect_types, and set any global variables required. Returns the parsing result and assigns LAST_STR to the last processed token from @@ -14733,6 +14806,9 @@ aarch64_override_options (void) selected_arch = NULL; selected_tune = NULL; + if (aarch64_harden_sls_string) + aarch64_validate_sls_mitigation (aarch64_harden_sls_string); + if (aarch64_branch_protection_string) aarch64_validate_mbranch_protection (aarch64_branch_protection_string); diff --git a/gcc/config/aarch64/aarch64.opt b/gcc/config/aarch64/aarch64.opt index d99d14c..5170361 100644 --- a/gcc/config/aarch64/aarch64.opt +++ b/gcc/config/aarch64/aarch64.opt @@ -71,6 +71,10 @@ mgeneral-regs-only Target Report RejectNegative Mask(GENERAL_REGS_ONLY) Save Generate code which uses only the general registers. +mharden-sls= +Target RejectNegative Joined Var(aarch64_harden_sls_string) +Generate code to mitigate against straight line speculation. + mfix-cortex-a53-835769 Target Report Var(aarch64_fix_a53_err835769) Init(2) Save Workaround for ARM Cortex-A53 Erratum number 835769. diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index e21d8a5..f4fc303 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -698,6 +698,7 @@ Objective-C and Objective-C++ Dialects}. -msign-return-address=@var{scope} @gol -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf} +@var{b-key}]|@var{bti} @gol +-mharden-sls=@var{opts} @gol -march=@var{name} -mcpu=@var{name} -mtune=@var{name} @gol -moverride=@var{string} -mverbose-cost-dump @gol -mstack-protector-guard=@var{guard} -mstack-protector-guard-reg=@var{sysreg} @gol @@ -17367,6 +17368,17 @@ functions. The optional argument @samp{b-key} can be used to sign the functions with the B-key instead of the A-key. @samp{bti} turns on branch target identification mechanism. +@item -mharden-sls=@var{opts} +@opindex mharden-sls +Enable compiler hardening against straight line speculation (SLS). +@var{opts} is a comma-separated list of the following options: +@table @samp +@item retbr +@item blr +@end table +In addition, @samp{-mharden-sls=all} enables all SLS hardening while +@samp{-mharden-sls=none} disables all SLS hardening. + @item -msve-vector-bits=@var{bits} @opindex msve-vector-bits Specify the number of bits in an SVE vector register. This option only has |