RFR: 8277204: Implementation of JEP 8264130: PAC-RET protection for Linux/AArch64 [v10]
Andrew Haley
aph at openjdk.java.net
Sun Dec 12 10:22:16 UTC 2021
On Sat, 11 Dec 2021 15:39:24 GMT, Florian Weimer <fweimer at openjdk.org> wrote:
>> src/hotspot/cpu/aarch64/globals_aarch64.hpp line 122:
>>
>>> 120: "It cannot be used with OnSpinWaitInst=none.") \
>>> 121: range(1, 99) \
>>> 122: product(bool, UseROPProtection, false, \
>>
>> Question: this is called "UseROPProtection", the configure option is called "enable-branch-protection", and GCC option is called "-mbranch-protection". This is confusing. I would have thought we would want the same name, and use it for all branch protection. So why is this not "UseBranchProtection"?
>
> `-mbranch-protection` switches on both PAC-RET and BTI. This PR only covers a use of PAC that looks very ROP-focused to me.
True, because we don't (yet) support BTI. Is there any point having two separate flags for BTI and PAC-RET? If someone wants one, they'll very likely want the other, won't they?
-------------
PR: https://git.openjdk.java.net/jdk/pull/6334
More information about the build-dev
mailing list