30076 – aarch64: stubs can add indirect branch that breaks BTI

Bug 30076 - aarch64: stubs can add indirect branch that breaks BTI

Summary: aarch64: stubs can add indirect branch that breaks BTI

Status:	RESOLVED FIXED

Alias:	None

Product:	binutils
Classification:	Unclassified
Component:	ld (show other bugs)
Version:	2.35

Importance:	P2 normal
Target Milestone:	2.41
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2023-02-03 16:24 UTC by Szabolcs Nagy
Modified:	2023-03-23 12:56 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Szabolcs Nagy 2023-02-03 16:24:23 UTC

ld may insert stubs with indirect branch if the call target is out of reach for the direct call/branch instruction.

In BTI enaled code two stubs should be inserted with the second one having a BTI and then direct branching to the original target.

alternatively BTI-safe code could be required to have BTI at the start of each function that may be linker stub targets, but this would increase the generated BTIs.

originally reported for gcc at https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106671

Comment 1 Szabolcs Nagy 2023-03-23 12:56:30 UTC

fixed at
"bfd: aarch64: Fix stubs that may break BTI PR30076"
https://sourceware.org/git?p=binutils-gdb.git;a=commit;h=15b4f66b0a9a3be6caf1898d22a13c39e662006f

and optimized at
"bfd: aarch64: Optimize BTI stubs PR30076"
https://sourceware.org/git?p=binutils-gdb.git;a=commit;h=5834f36d93cabf1a8bcc7dd7654141aed3d296bc