user0/rust
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adds AArch64 GCS support

Browse source 
- Adds option to rustc config to enable GCS
- Passes `guarded-control-stack` flag to llvm if enabled
This commit is contained in:
Reuben Cruise 2025-09-01 16:53:50 +01:00
parent 2ebb1263e3
commit 6f813e887a
6 changed files with 18 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
compiler/rustc_codegen_llvm/src/attributes.rs
View file

@ -407,13 +407,16 @@ pub(crate) fn llfn_attrs_from_instance<'ll, 'tcx>(
to_add.extend(sanitize_attrs(cx, codegen_fn_attrs.no_sanitize));
// For non-naked functions, set branch protection attributes on aarch64.
if let Some(BranchProtection { bti, pac_ret }) =
if let Some(BranchProtection { bti, pac_ret, gcs }) =
cx.sess().opts.unstable_opts.branch_protection
{
assert!(cx.sess().target.arch == "aarch64");
if bti {
to_add.push(llvm::CreateAttrString(cx.llcx, "branch-target-enforcement"));
}
if gcs {
to_add.push(llvm::CreateAttrString(cx.llcx, "guarded-control-stack"));
}
if let Some(PacRet { leaf, pc, key }) = pac_ret {
if pc {
to_add.push(llvm::CreateAttrString(cx.llcx, "branch-protection-pauth-lr"));

9
compiler/rustc_codegen_llvm/src/context.rs
View file

@ -370,7 +370,8 @@ pub(crate) unsafe fn create_module<'ll>(
);
}
if let Some(BranchProtection { bti, pac_ret }) = sess.opts.unstable_opts.branch_protection {
if let Some(BranchProtection { bti, pac_ret, gcs }) = sess.opts.unstable_opts.branch_protection
{
if sess.target.arch == "aarch64" {
llvm::add_module_flag_u32(
llmod,
@ -403,6 +404,12 @@ pub(crate) unsafe fn create_module<'ll>(
"sign-return-address-with-bkey",
u32::from(pac_opts.key == PAuthKey::B),
);
llvm::add_module_flag_u32(
llmod,
llvm::ModuleFlagMergeBehavior::Min,
"guarded-control-stack",
gcs.into(),
);
} else {
bug!(
"branch-protection used on non-AArch64 target; \

3
compiler/rustc_interface/src/tests.rs
View file

@ -772,7 +772,8 @@ fn test_unstable_options_tracking_hash() {
branch_protection,
Some(BranchProtection {
bti: true,
pac_ret: Some(PacRet { leaf: true, pc: true, key: PAuthKey::B })
pac_ret: Some(PacRet { leaf: true, pc: true, key: PAuthKey::B }),
gcs: true,
})
);
tracked!(codegen_backend, Some("abc".to_string()));

1
compiler/rustc_session/src/config.rs
View file

@ -1615,6 +1615,7 @@ pub struct PacRet {
pub struct BranchProtection {
pub bti: bool,
pub pac_ret: Option<PacRet>,
pub gcs: bool,
}
pub(crate) const fn default_lib_output() -> CrateType {

3
compiler/rustc_session/src/options.rs
View file

@ -866,7 +866,7 @@ mod desc {
pub(crate) const parse_polonius: &str = "either no value or `legacy` (the default), or `next`";
pub(crate) const parse_stack_protector: &str =
"one of (`none` (default), `basic`, `strong`, or `all`)";
pub(crate) const parse_branch_protection: &str = "a `,` separated combination of `bti`, `pac-ret`, followed by a combination of `pc`, `b-key`, or `leaf`";
pub(crate) const parse_branch_protection: &str = "a `,` separated combination of `bti`, `gcs`, `pac-ret`, (optionally with `pc`, `b-key`, `leaf` if `pac-ret` is set)";
pub(crate) const parse_proc_macro_execution_strategy: &str =
"one of supported execution strategies (`same-thread`, or `cross-thread`)";
pub(crate) const parse_remap_path_scope: &str =
@ -1903,6 +1903,7 @@ pub mod parse {
Some(pac) => pac.pc = true,
_ => return false,
},
"gcs" => slot.gcs = true,
_ => return false,
};
}

1
src/doc/unstable-book/src/compiler-flags/branch-protection.md
View file

@ -13,6 +13,7 @@ It takes some combination of the following values, separated by a `,`.
- `leaf` - Enable pointer authentication for all functions, including leaf functions.
- `b-key` - Sign return addresses with key B, instead of the default key A.
- `bti` - Enable branch target identification.
- `gcs` - Enable guarded control stack support.
`leaf`, `b-key` and `pc` are only valid if `pac-ret` was previously specified.
For example, `-Z branch-protection=bti,pac-ret,leaf` is valid, but