Hi, On 2026-03-13 03:34, Matthias Klose wrote: > On 3/13/26 13:42, Emanuele Rocca wrote: > > I just noticed that although we turned on PAC/BTI/GCS support in gcc for > > crtbeginS.o and friends, we haven't enabled the features for the compiler > > itself. > why is this needed? It doesn't affect the target code.
We are enabling PAC/BTI/GCS across the whole Debian archive: https://people.debian.org/~ema/sid-arm64-elffiles/progress.png https://people.debian.org/~ema/sid-arm64-elffiles/elffiles.txt The features mitigate ROP/JOP attacks, and gcc like all other programs can benefit from the increased security. Additionally, users may want to enforce GCS system-wide by passing the glibc.cpu.aarch64_gcs=1 tunable. If we don't turn the feature on in GCC itself, those users won't be able to use gcc at all. > also, are there changes in the test results when having that? What's the best way to verify that? Diffing the === XXX Summary === sections of the build log?
