Bug#1057469: gcc-13: Please build gcc with -mbranch-protection=standard to fix PAC/BTI support on arm64

To: Matthias Klose <doko@debian.org>
Cc: 1057469@bugs.debian.org
Subject: Bug#1057469: gcc-13: Please build gcc with -mbranch-protection=standard to fix PAC/BTI support on arm64
From: Emanuele Rocca <ema@debian.org>
Date: Fri, 5 Jan 2024 17:58:58 +0100
Message-id: <[🔎] ZZg1UqNDr0FOsFSP@ariel>
Reply-to: Emanuele Rocca <ema@debian.org>, 1057469@bugs.debian.org
In-reply-to: <e64a40d8-0f11-4dc8-bede-a3a5425d2392@debian.org>
References: <ZW86uvpIv90J6nbD@ariel> <e64a40d8-0f11-4dc8-bede-a3a5425d2392@debian.org> <ZW86uvpIv90J6nbD@ariel>

Hi Matthias,

On 2023-12-31 10:32, Matthias Klose wrote:
> please also check
> 
>  - that a cross compiler with this patch has these enabled
> 
>  - that a cross build of gcc-13 targeting arm64 with this
>    patch has these enabled

Very good point, indeed the original patch I sent did not address either
of the above.

As a first attempt I tried setting CFLAGS_FOR_TARGET and
CXXFLAGS_FOR_TARGET instead of CFLAGS and CXXFLAGS. That worked fine for
cross compilers (ie: building gcc-13-cross), but it broke native builds
with the following error:

 configure:3576: /<<PKGBUILDDIR>>/build-nvptx/./gcc/xgcc -B/<<PKGBUILDDIR>>/build-nvptx/./gcc/ -nostdinc -B/<<PKGBUILDDI R>>/build-nvptx/nvptx-none/newlib/ -isystem /<<PKGBUILDDIR>>/build-nvptx/nvptx-none/newlib/targ-include -isystem /<<PKG BUILDDIR>>/src-nvptx/newlib/libc/include -B/usr/nvptx-none/bin/ -B/usr/nvptx-none/lib/ -isystem /usr/nvptx-none/include -isystem /usr/nvptx-none/sys-include -isystem /<<PKGBUILDDIR>>/build-nvptx/sys-include    -o conftest -mbranch-protect ion=standard   conftest.c  >&5
 xgcc: error: unrecognized command-line option '-mbranch-protection=standard'

I wonder if this may be related to https://bugs.debian.org/1060075 ?

At any rate, the following patch seems to cover all cases: native build,
cross compiler build and cross build of the native compiler.

I suspect but cannot prove that without #1060075 it would be enough to
just unconditionally set CFLAGS_FOR_TARGET and CXXFLAGS_FOR_TARGET.

diff -Nru gcc-13-13.2.0/debian/rules2 gcc-13-13.2.0/debian/rules2
--- gcc-13-13.2.0/debian/rules2	2023-12-09 20:15:56.000000000 +0100
+++ gcc-13-13.2.0/debian/rules2	2024-01-04 17:23:48.000000000 +0100
@@ -199,6 +199,22 @@
   STAGE1_LDFLAGS	=
 endif
 
+ifeq ($(DEB_TARGET_ARCH),arm64)
+  ifeq ($(DEB_CROSS),yes)
+    # Building cross compilers
+    CFLAGS_FOR_TARGET += -mbranch-protection=standard
+    CXXFLAGS_FOR_TARGET += -mbranch-protection=standard
+  else ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+    # Cross build of the native compiler
+    CFLAGS_FOR_TARGET += -mbranch-protection=standard
+    CXXFLAGS_FOR_TARGET += -mbranch-protection=standard
+  else
+    # Native build
+    CFLAGS += -mbranch-protection=standard
+    CXXFLAGS += -mbranch-protection=standard
+  endif
+endif
+
 # set CFLAGS/LDFLAGS for the configure step only, maybe be modifed for some target
 # all other flags are passed to the make step.
 pass_vars = $(foreach v,$(1),$(if $($(v)),$(v)="$($(v))"))
diff -Nru gcc-13-13.2.0/debian/rules.defs gcc-13-13.2.0/debian/rules.defs
--- gcc-13-13.2.0/debian/rules.defs	2023-12-14 19:55:12.000000000 +0100
+++ gcc-13-13.2.0/debian/rules.defs	2024-01-04 17:23:48.000000000 +0100
@@ -781,7 +781,7 @@
   offload_targets :=
   with_offload_nvptx :=
 endif
-ifneq (,$(findstring build-cross, $(build_type)))
+ifneq ($(build_type),build-native)
   offload_targets :=
   with_offload_nvptx := disabled for cross builds
 endif

Reply to:

Prev by Date: Bug#1060075: gcc-13 FTCBFS: target system type set to nvptx-unknown-none
Next by Date: Bug#1060080: gcc-snapshot: please stop creating empty dirs in /lib
Previous by thread: Bug#1060075: gcc-13 FTCBFS: target system type set to nvptx-unknown-none
Next by thread: Bug#1060080: gcc-snapshot: please stop creating empty dirs in /lib
Index(es):
- Date
- Thread