RFR: 8277204: Implementation of JEP 8264130: PAC-RET protection for Linux/AArch64 [v10]
Florian Weimer
fweimer at openjdk.java.net
Sat Dec 11 15:42:13 UTC 2021
On Sat, 11 Dec 2021 14:05:12 GMT, Andrew Haley <aph at openjdk.org> wrote:
>> Alan Hayward has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Remove BSD/Apple specific code
>
> src/hotspot/cpu/aarch64/globals_aarch64.hpp line 122:
>
>> 120: "It cannot be used with OnSpinWaitInst=none.") \
>> 121: range(1, 99) \
>> 122: product(bool, UseROPProtection, false, \
>
> Question: this is called "UseROPProtection", the configure option is called "enable-branch-protection", and GCC option is called "-mbranch-protection". This is confusing. I would have thought we would want the same name, and use it for all branch protection. So why is this not "UseBranchProtection"?
`-mbranch-protection` switches on both PAC-RET and BTI. This PR only covers a use of PAC that looks very ROP-focused to me.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6334
More information about the build-dev
mailing list