GCC 15 Adds Option For Arm Guarded Control Stack "GCS" Code Generation

Written by Michael Larabel in GNU on 15 November 2024 at 06:39 AM EST. 4 Comments
GNU
GCC 15 feature development is soon wrapping up to focus on bug fixing before releasing GCC 15.1 as stable in the early months of 2025. One of the latest features to make it in the compiler codebase is code generation support around Arm Guarded Control Stack (GCS) functionality.

Arm introduced Guarded Control Stack with their 2022 CPU extensions and is a means of helping mitigate against some return object programming (ROP) attacks. As explained in the Arm documentation:
"A GCS is a protected region of virtual address space allocated by software. When the processor executes a Branch with Link instruction, such as BL, the return address is pushed onto the GCS as well as being written into the Link Register (LR). On a procedure return, the latest stored return address is popped from the GCS. The processor either compares the popped value with the LR, or uses the popped value directly...To prevent accidental or malicious changes to the GCS, a new Stage 1 permission is introduced. This permission allows reads by software, but restricts writes to either GCSPUSH instructions or as a side-effect of executing a BL."

Arm GCS


With the latest GCC patches merged on Thursday, there is now a "-mbranch-protection=gcs" option supported. This enables Arm Guarded Control Stack compatible code generation. This branch protection option is the same one that can also be set to Branch Target Identification "BTI" for earlier Arm processors.

Arm GCS Patches


The -mbranch-protection=gcs option is introduced via this commit while related Arm GCS patches were also merged on Thursday and will all be part of the upcoming GCC 15.1 release.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week