https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92424
Bug ID: 92424 Summary: [aarch64] Broken code with -fpatchable-function-entry and BTI Product: gcc Version: 9.0 Status: UNCONFIRMED Keywords: wrong-code Severity: normal Priority: P3 Component: target Assignee: unassigned at gcc dot gnu.org Reporter: ktkachov at gcc dot gnu.org Target Milestone: --- -fpatchable-function-entry seems to interact badly with -mbranch-protection=standard (used to insert BTI markers) void g(void); void f(void) { g(); g(); } aarch64-linux-gnu-gcc -mbranch-protection=standard -fpatchable-function-entry=2,1 -O3 -c foo.c -save-temps Produces: .arch armv8-a .file "foo.c" .text .align 2 .p2align 3,,7 .global f .section __patchable_function_entries,"aw",@progbits .8byte .LPFE1 .text .LPFE1: nop .type f, %function f: nop // <------- Function entry has NOP rather than PACIASP landing pad .LFB0: .cfi_startproc hint 25 // paciasp .cfi_window_save stp x29, x30, [sp, -16]! .cfi_def_cfa_offset 16 .cfi_offset 29, -16 .cfi_offset 30, -8 mov x29, sp bl g ldp x29, x30, [sp], 16 .cfi_restore 30 .cfi_restore 29 .cfi_def_cfa_offset 0 hint 29 // autiasp .cfi_window_save b g .cfi_endproc .LFE0: .size f, .-f Could a possible solution be to emit ofr -mbranch-protection={standard or bti} -fpatchable-function-entry=N,M: f-4*M: .rept M nop .endr f: bti c .rept N-M nop .endr // paciasp may be used from here on in Unless we fix the codegen we should perhaps error out when the two options are combined rather than producing silently wrong code?