What is the change
This change introduces the -mharden-pac-ret=load-return-address option to enable code generation of the mitigation against the PACMAN attack via load of return address. The PACMAN attack tries to extract secrets via side-channel exploits that leverage Pointer Authentication (PAC).
The change adds a new command-line option, -mharden-pac-ret, and a corresponding function attribute with the same values.
Why this change cannot be done upstream
Upstream is still reviewing the patches, but we need the changes in our main branch so that the feature is present in our releases until upstream makes a decision about the patches.
List of upstream PRs:
What is the change
This change introduces the
-mharden-pac-ret=load-return-addressoption to enable code generation of the mitigation against the PACMAN attack via load of return address. The PACMAN attack tries to extract secrets via side-channel exploits that leverage Pointer Authentication (PAC).The change adds a new command-line option,
-mharden-pac-ret, and a corresponding function attribute with the same values.Why this change cannot be done upstream
Upstream is still reviewing the patches, but we need the changes in our main branch so that the feature is present in our releases until upstream makes a decision about the patches.
List of upstream PRs: