https://gcc.gnu.org/bugzilla/show_bug.cgi?id=92424
Bug ID: 92424
Summary: [aarch64] Broken code with -fpatchable-function-entry
and BTI
Product: gcc
Version: 9.0
Status: UNCONFIRMED
Keywords: wrong-code
Severity: normal
Priority: P3
Component: target
Assignee: unassigned at gcc dot gnu.org
Reporter: ktkachov at gcc dot gnu.org
Target Milestone: ---
-fpatchable-function-entry seems to interact badly with
-mbranch-protection=standard (used to insert BTI markers)
void g(void);
void f(void)
{ g(); g(); }
aarch64-linux-gnu-gcc -mbranch-protection=standard
-fpatchable-function-entry=2,1 -O3 -c foo.c -save-temps
Produces:
.arch armv8-a
.file "foo.c"
.text
.align 2
.p2align 3,,7
.global f
.section __patchable_function_entries,"aw",@progbits
.8byte .LPFE1
.text
.LPFE1:
nop
.type f, %function
f:
nop // <------- Function entry has NOP rather than PACIASP landing pad
.LFB0:
.cfi_startproc
hint 25 // paciasp
.cfi_window_save
stp x29, x30, [sp, -16]!
.cfi_def_cfa_offset 16
.cfi_offset 29, -16
.cfi_offset 30, -8
mov x29, sp
bl g
ldp x29, x30, [sp], 16
.cfi_restore 30
.cfi_restore 29
.cfi_def_cfa_offset 0
hint 29 // autiasp
.cfi_window_save
b g
.cfi_endproc
.LFE0:
.size f, .-f
Could a possible solution be to emit ofr -mbranch-protection={standard or bti}
-fpatchable-function-entry=N,M:
f-4*M:
.rept M
nop
.endr
f:
bti c
.rept N-M
nop
.endr
// paciasp may be used from here on in
Unless we fix the codegen we should perhaps error out when the two options are
combined rather than producing silently wrong code?
