On 2023-12-31 10:32, Matthias Klose wrote:
> please also check
>
> - that a cross compiler with this patch has these enabled
>
> - that a cross build of gcc-13 targeting arm64 with this
> patch has these enabled
There have been a few gcc-12 and gcc-13 updates since I initially sent my patch
so I now verified that it still works as expected.
The BTI patch looks like this, both for gcc-12 and -13:
diff -Nru gcc-12-12.3.0/debian/rules2 gcc-12-12.3.0/debian/rules2
--- gcc-12-12.3.0/debian/rules2 2023-12-03 18:45:19.000000000 +0100
+++ gcc-12-12.3.0/debian/rules2 2024-05-02 14:25:19.000000000 +0200
@@ -195,6 +195,22 @@
STAGE1_LDFLAGS =
endif
+ifeq ($(DEB_TARGET_ARCH),arm64)
+ ifeq ($(DEB_CROSS),yes)
+ # Building cross compilers
+ CFLAGS_FOR_TARGET += -mbranch-protection=standard
+ CXXFLAGS_FOR_TARGET += -mbranch-protection=standard
+ else ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
+ # Cross build of the native compiler
+ CFLAGS_FOR_TARGET += -mbranch-protection=standard
+ CXXFLAGS_FOR_TARGET += -mbranch-protection=standard
+ else
+ # Native build
+ CFLAGS += -mbranch-protection=standard
+ CXXFLAGS += -mbranch-protection=standard
+ endif
+endif
+
# set CFLAGS/LDFLAGS for the configure step only, maybe be modifed for some
target
# all other flags are passed to the make step.
pass_vars = $(foreach v,$(1),$(if $($(v)),$(v)="$($(v))"))
These are the checks I performed:
(1) Native aarch64 compiler built on aarch64
On aarch64, I applied the BTI patch to gcc-12's debian/rules2 and built the
package with sbuild. Then I checked that crtbeginS.o and crtendS.o from
libgcc-12-dev had BTI on.
dpkg --extract libgcc-12-dev_12.3.0-18_arm64.deb /tmp/libgcc-12-dev
readelf -n
/tmp/libgcc-12-dev/usr/lib/gcc/aarch64-linux-gnu/12/crt{begin,end}S.o | grep BTI
Same procedure and outcome when it comes to gcc-13.
(2) Cross compiler (aarch64) built on x86_64
On x86_64, I did the following in a clean sid chroot:
apt build-dep gcc-12-cross
Apply the BTI patch to /usr/src/gcc-12/debian/rules2
Then, inside the source directory of gcc-12-cross:
export CROSS_ARCHS="amd64 arm64"
debian/rules control
dpkg-buildpackage
At the end of the build process, I checked that crtbeginS.o and crtendS.o as
shipped by libgcc-12-dev-arm64-cross had BTI on.
dpkg --extract libgcc-12-dev-arm64-cross_12.3.0-17_all.deb /tmp/libgcc-cross
readelf -n
/tmp/libgcc-cross/usr/lib/gcc-cross/aarch64-linux-gnu/12/crt{begin,end}S.o |
grep BTI
Same procedure and outcome when it comes to gcc-13.
(3) Cross build of the native compiler
There are various issues that make cross builds of the native compiler fail.
They are unrelated to the patch proposed here, but I'm mentioning them because
I had to work around them in order to test if a cross build of the native
compiler would carry the BTI property as expected.
The first problem is due to the m2 language, which fails to cross build. I
believe this to be a long standing, known issue (at least Helmut mentioned
being aware of it in the past). Languages can be disabled by passing the
'nolang' build option to DEB_BUILD_OPTIONS, so that's what I have done.
The second issue affects gcc-12 only. Cross building gcc-12 for arm64 on a
amd64 machine fails with an undefined reference error (fprintf_unlocked). Full
logs at https://people.debian.org/~ema/gcc-12_12.3.0-17_arm64.build. Because of
this second problem, I tested a cross-build of the native gcc-13 only, not of
gcc-12.
The third issue affects gcc-13: nvptx does not cross build properly (see
#1060075) but it is enabled in gcc-13 for arm64. To work around this problem
when it comes to gcc-13 I have removed arm64 from the list of nvptx_archs in
debian/rules.defs.
Then, I cross built with m2 disabled:
DEB_BUILD_OPTIONS='nolang=m2' sbuild --host=arm64
At the end of the build process, I verified that crtbeginS.o and crtendS.o from
libgcc-13-dev had BTI on.
dpkg --extract libgcc-13-dev_13.2.0-24.1_arm64.deb /tmp/xxx
readelf -n /tmp/xxx/usr/lib/gcc/aarch64-linux-gnu/13/crt{begin,end}S.o | grep
BTI
