info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1057469: gcc-12: Please build with -mbranch-protection=standard to enable PAC/BTI support on arm64
3 views
Skip to first unread message
Emanuele Rocca
Dec 5, 2023, 10:00:04 AM12/5/23
to
Package: gcc-12
Version: 12.3.0-12
X-Debbugs-Cc: debia...@lists.debian.org, debian...@lists.debian.org
Dear Maintainer,
PAC/BTI is a useful Arm security feature, see this recent presentation
at the Cambridge Mini Debconf for all details: [0]
In order to properly support PAC/BTI in Debian we need to enable support
in both GCC and glibc. An executable is marked as BTI compatible only if
all the execution units of the program are BTI compatible. See pages
10-11 on the presentation slides. [1]
I have filed https://bugs.debian.org/1055711 already for gcc-13, which
is the default compiler in sid. However, it's important to enable the
switch on gcc-12 as well because:
a) glibc is currently built with gcc-12, see thread at [2]. The compiler
building glibc needs to have the feature turned on
b) there are multiple programs in Debian still using GCC 12
c) more generally it would be great for GCC 12 users to also get the
feature :-)
See attached patch.
Thanks!
Emanuele
[0] https://wiki.debian.org/DebianEvents/gb/2023/MiniDebConfCambridge/Capper
[1] https://wiki.debian.org/DebianEvents/gb/2023/MiniDebConfCambridge/Capper?action=AttachFile&do=view&target=miniconf-2023-PAC-and-BTI.pdf
[2] https://lists.debian.org/debian-glibc/2023/11/msg00032.html
Version: 12.3.0-12
X-Debbugs-Cc: debia...@lists.debian.org, debian...@lists.debian.org
Dear Maintainer,
PAC/BTI is a useful Arm security feature, see this recent presentation
at the Cambridge Mini Debconf for all details: [0]
In order to properly support PAC/BTI in Debian we need to enable support
in both GCC and glibc. An executable is marked as BTI compatible only if
all the execution units of the program are BTI compatible. See pages
10-11 on the presentation slides. [1]
I have filed https://bugs.debian.org/1055711 already for gcc-13, which
is the default compiler in sid. However, it's important to enable the
switch on gcc-12 as well because:
a) glibc is currently built with gcc-12, see thread at [2]. The compiler
building glibc needs to have the feature turned on
b) there are multiple programs in Debian still using GCC 12
c) more generally it would be great for GCC 12 users to also get the
feature :-)
See attached patch.
Thanks!
Emanuele
[0] https://wiki.debian.org/DebianEvents/gb/2023/MiniDebConfCambridge/Capper
[1] https://wiki.debian.org/DebianEvents/gb/2023/MiniDebConfCambridge/Capper?action=AttachFile&do=view&target=miniconf-2023-PAC-and-BTI.pdf
[2] https://lists.debian.org/debian-glibc/2023/11/msg00032.html
0 new messages