[clang] [llvm] [PAC][Driver] Implement `-mbranch-protection=pauthabi` option (PR #97237)
Peter Smith via llvm-commits
llvm-commits at lists.llvm.org
Tue Jul 2 10:53:03 PDT 2024
================
@@ -1537,11 +1570,16 @@ static void CollectARMPACBTIOptions(const ToolChain &TC, const ArgList &Args,
if (!isAArch64 && PBP.Key == "b_key")
D.Diag(diag::warn_unsupported_branch_protection)
<< "b-key" << A->getAsString(Args);
+ if (!isAArch64 && PBP.HasPauthABI)
+ D.Diag(diag::warn_unsupported_branch_protection)
+ << "pauthabi" << A->getAsString(Args);
Scope = PBP.Scope;
Key = PBP.Key;
BranchProtectionPAuthLR = PBP.BranchProtectionPAuthLR;
IndirectBranches = PBP.BranchTargetEnforcement;
GuardedControlStack = PBP.GuardedControlStack;
+ if (isAArch64 && PBP.HasPauthABI)
----------------
smithp35 wrote:
Do we need any additional error checking for the existing branch protection options that affect pointer authentication?
For example we have
```
pac-ret // return address signing with A key
pac-ret+leaf // extend return address signing to leaf functions
standard = pac-ret+bti+pc // enable pac-ret, bti and pc (if available on hardware).
pc // Enable pc as modifier in return address signing.
b-key // Use b-key for signing return address.
```
When pauthabi is used, are the other PAC related options ignored? I can see `+leaf` being potentially useful, as well as `+pc`. I think b-key is going to clash with the signing schema.
The other options look to be subsets of pauthabi (unless additional command line options unless `-fno-ptrauth-returns` is used.
https://github.com/llvm/llvm-project/pull/97237
More information about the llvm-commits
mailing list