* https://bugs.launchpad.net/ubuntu/+source/gcc-13/+bug/2040321 * https://fedoraproject.org/wiki/Changes/Aarch64_PointerAuthentication * https://developer.arm.com/documentation/102433/0100/Applying-these-techniques-to-real-code * https://community.arm.com/arm-community-blogs/b/tools-software-ides-blog/posts/code-reuse-attacks-the-compiler-story GCC already has `--enable-standard-branch-protection` which we can use. It's a no-op for older arm64 hardware.
On IRC, we concluded it's probably best to fold this into USE=cet.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16a3926345a8573258e479fe5bc11ed00a0b7595 commit 16a3926345a8573258e479fe5bc11ed00a0b7595 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-03-11 19:18:54 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-03-11 19:20:19 +0000 Revert "profiles/arch/arm64: unmask USE=cet for relevant components" This reverts commit 06508e5d8becd9c7094e213d5cfb4f5b6a0adac0. I'll let dilfridge handle the unmasking for just 23.0. Bug: https://bugs.gentoo.org/916381 Signed-off-by: Sam James <sam@gentoo.org> profiles/arch/arm64/package.use.mask | 5 ----- profiles/arch/arm64/package.use.stable.mask | 6 ------ 2 files changed, 11 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08aa2e189eebece34d24a3814480e539aac764e3 commit 08aa2e189eebece34d24a3814480e539aac764e3 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-03-11 19:18:30 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-03-11 19:20:19 +0000 sys-devel/gcc: adjust CET dep for arm64's branch-protection Specific binutils support isn't needed there other than a new enough gas in general. Bug: https://bugs.gentoo.org/916381 Signed-off-by: Sam James <sam@gentoo.org> sys-devel/gcc/gcc-11.4.1_p20240111.ebuild | 2 +- sys-devel/gcc/gcc-11.4.1_p20240208.ebuild | 2 +- sys-devel/gcc/gcc-11.4.1_p20240222.ebuild | 2 +- sys-devel/gcc/gcc-11.4.1_p20240229.ebuild | 2 +- sys-devel/gcc/gcc-11.4.1_p20240307.ebuild | 2 +- sys-devel/gcc/gcc-11.5.9999.ebuild | 4 ++-- sys-devel/gcc/gcc-12.3.1_p20240112.ebuild | 2 +- sys-devel/gcc/gcc-12.3.1_p20240209.ebuild | 2 +- sys-devel/gcc/gcc-12.3.1_p20240223.ebuild | 2 +- sys-devel/gcc/gcc-12.3.1_p20240301.ebuild | 2 +- sys-devel/gcc/gcc-12.3.1_p20240308.ebuild | 2 +- sys-devel/gcc/gcc-12.4.9999.ebuild | 4 ++-- sys-devel/gcc/gcc-13.2.1_p20240113-r1.ebuild | 2 +- sys-devel/gcc/gcc-13.2.1_p20240210.ebuild | 2 +- sys-devel/gcc/gcc-13.2.1_p20240224.ebuild | 2 +- sys-devel/gcc/gcc-13.2.1_p20240302.ebuild | 2 +- sys-devel/gcc/gcc-13.2.1_p20240309.ebuild | 2 +- sys-devel/gcc/gcc-13.3.9999.ebuild | 4 ++-- sys-devel/gcc/gcc-14.0.1_pre20240218.ebuild | 2 +- sys-devel/gcc/gcc-14.0.1_pre20240225.ebuild | 2 +- sys-devel/gcc/gcc-14.0.1_pre20240303-r1.ebuild | 2 +- sys-devel/gcc/gcc-14.0.1_pre20240310.ebuild | 2 +- sys-devel/gcc/gcc-14.0.9999.ebuild | 2 +- 23 files changed, 26 insertions(+), 26 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21002768fb04ac37c34d8b990e9e9641e886abf1 commit 21002768fb04ac37c34d8b990e9e9641e886abf1 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-03-11 19:13:25 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-03-11 19:20:18 +0000 profiles/arch/arm64: unmask USE=cet for relevant components But stable-mask them for now. Bug: https://bugs.gentoo.org/916381 Signed-off-by: Sam James <sam@gentoo.org> profiles/arch/arm64/package.use.mask | 5 +++++ profiles/arch/arm64/package.use.stable.mask | 6 ++++++ 2 files changed, 11 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84d8df0d57240632244bcc7487faa18220492af0 commit 84d8df0d57240632244bcc7487faa18220492af0 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-03-11 19:11:19 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-03-11 19:20:17 +0000 sys-devel/gcc: update USE=cet description for arm64 BTI/PAC (branch-protection) Also, update the description for CET not being supported on x86 (see 21a25eb278b04b204b043bc23750eec632e3bef0). It was originally planned upstream but has been dropped. Bug: https://bugs.gentoo.org/916381 Signed-off-by: Sam James <sam@gentoo.org> sys-devel/gcc/metadata.xml | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=99fb7418c7de7029635ba480eb53450e423cf953 commit 99fb7418c7de7029635ba480eb53450e423cf953 Author: Sam James <sam@gentoo.org> AuthorDate: 2024-03-11 19:05:21 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-03-11 19:20:17 +0000 sys-libs/glibc: pass -mbranch-protection=none if USE=-cet on arm64 Quoting NEWS: """ [...] User code can use PAC-RET without libc support, but BTI requires a libc that is built with BTI support, otherwise runtime objects linked into user code will not be BTI compatible. """ This is the same as 0b7eace724b0035856311008c95cc7fe18b8231b but for newly-introduced-in-Gentoo support for default -mbranch-protection in GCC. Bug: https://bugs.gentoo.org/916381 Signed-off-by: Sam James <sam@gentoo.org> sys-libs/glibc/glibc-2.39-r2.ebuild | 8 ++++++-- sys-libs/glibc/glibc-9999.ebuild | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30f3ff1918fd6ced807451130fb79c432085470b commit 30f3ff1918fd6ced807451130fb79c432085470b Author: Sam James <sam@gentoo.org> AuthorDate: 2024-03-11 18:59:31 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-03-11 19:20:16 +0000 toolchain.eclass: pass --enable-standard-branch-detection if USE=cet This enables BTI and PAC if supported for arm64. We decided to overload USE=cet to avoid adding yet-another-USE flag to GCC, given it's the same thing. Bug: https://bugs.gentoo.org/916381 Signed-off-by: Sam James <sam@gentoo.org> eclass/toolchain.eclass | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6bf005b843e3d6ee10aa1f088d93c4f89055cc6 commit b6bf005b843e3d6ee10aa1f088d93c4f89055cc6 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2024-03-11 23:04:34 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2024-03-11 23:05:16 +0000 toolchain.eclass: Selectively enable cet options per arch Bug: https://bugs.gentoo.org/916381 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> eclass/toolchain.eclass | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a987beb34abf907570d0e199fa062ad8dc929d68 commit a987beb34abf907570d0e199fa062ad8dc929d68 Author: Kyle Elbert <kcelbert@gmail.com> AuthorDate: 2024-03-18 12:42:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-03-18 13:02:35 +0000 toolchain.eclass: More selectively enable cet per arch This block enables the x86_64 specific -fcf-protection during bootstrap. Added check to ensure its only enabled there. Bug: https://bugs.gentoo.org/916381 Fixes: b6bf005b843e3d6ee10aa1f088d93c4f89055cc6 Signed-off-by: Kyle Elbert <kcelbert@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/35816 Signed-off-by: Sam James <sam@gentoo.org> eclass/toolchain.eclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
I've been running with it enabled now on my pi 5 ( which doesn't actually support the instructions afaik ) for a while now ( close to a month, I had it in EXTRA_ECONF before it was working properly with the useflag, which it is now) with no issues. Maybe might want to add something equivalent for clang's defaults ( they seem to support the -mbranch-protection=standard command line option too) , but otherwise it seems ready to me
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d56d8f8e35fa4f7b8d65dbd6cd535ad6ac69cc9c commit d56d8f8e35fa4f7b8d65dbd6cd535ad6ac69cc9c Author: Sam James <sam@gentoo.org> AuthorDate: 2024-09-19 22:55:44 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2024-09-19 22:57:19 +0000 toolchain.eclass: disable automagic CET for x86 It's not supported on 32-bit kernels anyway. This got lost in b6bf005b843e3d6ee10aa1f088d93c4f89055cc6 when wiring up arm64. Bug: https://bugs.gentoo.org/916381 Closes: https://bugs.gentoo.org/939874 Fixes: b6bf005b843e3d6ee10aa1f088d93c4f89055cc6 Signed-off-by: Sam James <sam@gentoo.org> eclass/toolchain.eclass | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
Thanks. I'll file a new bug for clang.
