Bug#1055711: gcc-13: Please build gcc with -mbranch-protection=standard to fix PAC/BTI support on arm64
Hi Matthias,
On 2023-11-24 02:29, Matthias Klose wrote:
> please send a test patch, that doesn't turn off this flag by default.
I'm not sure if I understand the question, but with the attached patch
all .o and .a files shipped by libgcc-13-dev have the right BTI, PAC
properties according to readelf -n.
Build logs here for reference:
https://people.debian.org/~ema/gcc-13_13.2.0-7.1_arm64.build
Let me know if this is what you were looking for.
Note that of all files without BTI in the notes section mentioned in
https://bugs.debian.org/1055711#5, libgcc-13-dev ships crtbeginS.o and
crtendS.o. Those are fixed with the proposed patch. The remaining files
(Scrt1.o, crti.o, and crtn.o) are instead installed by libc6-dev. We'll
need to fix them separately in glibc.
Thanks,
Emanuele
diff -Nru gcc-13-13.2.0/debian/changelog gcc-13-13.2.0/debian/changelog
--- gcc-13-13.2.0/debian/changelog 2023-11-24 11:53:24.000000000 +0100
+++ gcc-13-13.2.0/debian/changelog 2023-11-27 17:22:11.000000000 +0100
@@ -1,3 +1,11 @@
+gcc-13 (13.2.0-7.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Add -mbranch-protection=standard to CFLAGS and CXXFLAGS on arm64
+ (Closes: #1055711)
+
+ -- Emanuele Rocca <ema@debian.org> Mon, 27 Nov 2023 17:22:11 +0100
+
gcc-13 (13.2.0-7) unstable; urgency=medium
* Update to git 20231124 from the gcc-13 branch.
diff -Nru gcc-13-13.2.0/debian/rules2 gcc-13-13.2.0/debian/rules2
--- gcc-13-13.2.0/debian/rules2 2023-10-24 14:39:05.000000000 +0200
+++ gcc-13-13.2.0/debian/rules2 2023-11-27 17:22:11.000000000 +0100
@@ -195,6 +195,11 @@
STAGE1_LDFLAGS =
endif
+ifeq ($(DEB_TARGET_ARCH),arm64)
+ CFLAGS += -mbranch-protection=standard
+ CXXFLAGS += -mbranch-protection=standard
+endif
+
# set CFLAGS/LDFLAGS for the configure step only, maybe be modifed for some target
# all other flags are passed to the make step.
pass_vars = $(foreach v,$(1),$(if $($(v)),$(v)="$($(v))"))
Reply to: