On Tue, 2021-11-23 at 20:10 +0800, Mark Rutland wrote: > On Tue, Nov 16, 2021 at 10:11:47AM +0000, Will Deacon wrote: > > On Mon, Nov 15, 2021 at 11:18:08AM +0800, Kuan-Ying Lee wrote: > > > We pass -mbranch-protection=pac-ret+leaf to support PAC > > > when we use GCC 9 or later. > > > > > > Before GCC 9, we pass -msign-return-address=all to support > > > PAC. > > > > > > Signed-off-by: Kuan-Ying Lee <Kuan-Ying.Lee@xxxxxxxxxxxx> > > > --- > > > Documentation/arm64/pointer-authentication.rst | 6 ++++-- > > > 1 file changed, 4 insertions(+), 2 deletions(-) > > > > > > diff --git a/Documentation/arm64/pointer-authentication.rst > > > b/Documentation/arm64/pointer-authentication.rst > > > index f127666ea3a8..055d08b0d42d 100644 > > > --- a/Documentation/arm64/pointer-authentication.rst > > > +++ b/Documentation/arm64/pointer-authentication.rst > > > @@ -54,8 +54,10 @@ virtual address size configured by the kernel. > > > For example, with a > > > virtual address size of 48, the PAC is 7 bits wide. > > > > > > Recent versions of GCC can compile code with APIAKey-based > > > return > > > -address protection when passed the -msign-return-address option. > > > This > > > -uses instructions in the HINT space (unless -march=armv8.3-a or > > > higher > > > +address protection when passed compiler option as following. > > > +Pass -msign-return-address when we use GCC 7, 8. > > > +Pass -mbranch-protection when we use GCC 9 or later. > > > +This uses instructions in the HINT space (unless -march=armv8.3- > > > a or higher > > > is also passed), and such code can run on systems without the > > > pointer > > > authentication extension. > > > > I think I'd be more inclined to delete this paragraph altogether. > > It doesn't > > really document anything to do with the kernel, and trying to > > document the > > behaviour of "recent" versions of GCC is futile. > > Agreed. I think the only thing we might want to mention is that we > rely > on the compiler to use the HINT space instructions (PACIASP and > AUTIASP) > so that a kernel built with pointer authentication support works on > HW > without the feature. > > So replacing that paragraph with something like: > > > When ARM64_PTR_AUTH_KERNEL is selected the kernel will be compiled > > with HINT space pointer authentication instructions protecting > > function returns. Kernels built with this option will work on > > hardware with or without pointer authentication support. > > ... would make sense to me. Hi, Thanks you both for suggestions. I will rewrite this paragraph in v2. Thanks, Kuan-Ying Lee > > Thanks, > Mark.