As the introduction at https://community.arm.com/groups/processors/blog/2016/10/27/armv8-a-architecture-2016-additions
ARMv8.3-A includes a new hardware feature called "Pointer Authentication". This new extension support some new instructions which can sign and authenticate pointer value. One utilization of this feature is we can implement Return-Oriented-Programming protections. For example, we can sign the return address register at function start then authenticate it before return. If the content is modified unexpectedly, then exception will happen thus prevent redirecting program's execution flow. This type of prevention however requires the original content of return address be signed that unwinders (C++ EH unwinder, GDB unwinder etc...) can no longer do backtrace correctly without understanding how to restore the original value of return address. Therefore we need to describe any return address or frame related register mangling through DWARF information. This patchset includes implementation of such return address siging protection and AArch64 DWARF operation extension. Below are comparision of codesize overhead between standard gcc -fstack-protector-strong and -msign-return-address on AArch64. linux kernel openssl Protection Scope (libcrypto + libssl) ----------------------------------------------------------------------- ssp-strong (gcc) + 2.93% + 2.98% Overflow protect on risky functions ----------------------------------------------------------------------- sign LR + 1.82% + 2.18% LR protect on All Please review this patchset. Thanks. Jiong Wang (9): [RFC] Reserve three DW_OP number in vendor extension space Encoding support for AArch64 DWARF operations Add commandline support for -march=armv8.3-a Return address protection support on AArch64 Generate dwarf information for -msign-return-address Add builtins support for pac/aut/xpac libgcc, let AArch64 use customized unwinder file libgcc, runtime support for AArch64 DWARF operations [RFC] Accelerate -fstack-protector through pointer authentication gcc/config/aarch64/aarch64-arches.def | 1 + gcc/config/aarch64/aarch64-builtins.c | 110 ++ gcc/config/aarch64/aarch64-opts.h | 32 + gcc/config/aarch64/aarch64-protos.h | 1 + gcc/config/aarch64/aarch64.c | 296 +++- gcc/config/aarch64/aarch64.h | 54 + gcc/config/aarch64/aarch64.md | 128 +- gcc/config/aarch64/aarch64.opt | 45 + gcc/config/aarch64/predicates.md | 4 + gcc/defaults.h | 8 + gcc/doc/extend.texi | 12 + gcc/doc/invoke.texi | 24 +- gcc/doc/tm.texi | 8 + gcc/doc/tm.texi.in | 8 + gcc.target/aarch64/return_address_sign_1.c | 57 + gcc.target/aarch64/return_address_sign_scope_1.c | 57 + include/dwarf2.def | 10 + libgcc/config.host | 2 + libgcc/config/aarch64/t-eh-aarch64 | 3 + libgcc/config/aarch64/unwind-aarch64.c | 1820 ++++++++++++++++++++