[PATCH] D155485: Retain all jump table range checks when using BTI.
Peter Smith via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Jul 17 09:57:08 PDT 2023
peter.smith added a comment.
I can confirm that this is Arm's preferred way of fixing this. The alternative is to always use a BTI setting indirect branch, but this requires adding `BTI j` in front of every valid target of the branch, which bloats code-size and leaves more targets for an attacker to indirectly jump to.
Branch Target Identification on AArch64, which doesn't have a direct equivalent of the `mov pc, Rn` non BTI setting indirect branch is not currently affected. However the architecture has reserved the use of RET x16 for this purpose so code-generation strategy may change to need this in the future on AArch64 too.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D155485/new/
https://reviews.llvm.org/D155485
More information about the llvm-commits
mailing list