Skip to content

[Downstream Change] PAC-RET hardening against the PACMAN attack #910

Description

@vhscampos

What is the change
This change introduces the -mharden-pac-ret=load-return-address option to enable code generation of the mitigation against the PACMAN attack via load of return address. The PACMAN attack tries to extract secrets via side-channel exploits that leverage Pointer Authentication (PAC).

The change adds a new command-line option, -mharden-pac-ret, and a corresponding function attribute with the same values.

Why this change cannot be done upstream
Upstream is still reviewing the patches, but we need the changes in our main branch so that the feature is present in our releases until upstream makes a decision about the patches.

List of upstream PRs:

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions