[pac] Allow PAC-only build of C++ code

The enablement of PAC in Chromium will have two phases where support will first be enabled on C++ code (e.g. Blink/Chrome/etc) and its dependencies, followed next by support for dynamic code generated by V8. This change will allow enable PAC support for C++ code when V8 is built with Chromium. Bug: chromium:919548 Change-Id: I8ebcbcfe3c2a3a38807b814f936272ac09625795 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3372162 Reviewed-by: Clemens Backes <clemensb@chromium.org> Commit-Queue: Adenilson Cavalcanti <cavalcantii@chromium.org> Cr-Commit-Position: refs/heads/main@{#78548}
2022-01-06 19:18:52 -08:00 · 2022-01-06 19:18:52 -08:00 · 4dd8d9a926
commit 4dd8d9a926
parent da4467b64a
1 changed files with 17 additions and 9 deletions
--- a/BUILD.gn
+++ b/BUILD.gn
@ -457,6 +457,14 @@ if (v8_multi_arch_build &&
  v8_enable_pointer_compression = !v8_enable_pointer_compression
  v8_enable_pointer_compression_shared_cage = v8_enable_pointer_compression
 }
+
+# Check if it is a Chromium build and activate PAC/BTI if needed.
+# TODO(cavalcantii): have a single point of integration with PAC/BTI flags.
+if (build_with_chromium && v8_current_cpu == "arm64" &&
+    arm_control_flow_integrity == "standard") {
+  v8_control_flow_integrity = true
+}
+
 if (v8_enable_short_builtin_calls &&
    ((!v8_enable_pointer_compression && v8_current_cpu != "x64") ||
     v8_control_flow_integrity)) {
@ -471,12 +479,6 @@ if (v8_enable_shared_ro_heap == "") {
                             v8_enable_pointer_compression_shared_cage
 }

-# Check if it is a Chromium build and activate PAC/BTI if needed.
-if (build_with_chromium && v8_current_cpu == "arm64" &&
-    arm_control_flow_integrity == "standard") {
-  v8_control_flow_integrity = true
-}
-
 # Enable the v8 sandbox on 64-bit Chromium builds.
 if (build_with_chromium && v8_enable_pointer_compression_shared_cage) {
  v8_enable_sandbox = true
@ -1024,11 +1026,17 @@ config("toolchain") {
  }
  if (v8_current_cpu == "arm64") {
    defines += [ "V8_TARGET_ARCH_ARM64" ]
-    if (v8_control_flow_integrity) {
-      # TODO(v8:10026): Enable this in src/build.
-      if (current_cpu == "arm64") {
+    if (current_cpu == "arm64") {
+      # This will enable PAC+BTI in code generation and static code.
+      if (v8_control_flow_integrity) {
+        # TODO(v8:10026): Enable this in src/build.
        cflags += [ "-mbranch-protection=standard" ]
        asmflags = [ "-mmark-bti-property" ]
+      } else if (build_with_chromium && arm_control_flow_integrity == "pac") {
+        # This should enable PAC only in C++ code (and no CFI in runtime
+        # generated code). For details, see crbug.com/919548.
+        cflags += [ "-mbranch-protection=pac-ret" ]
+        asmflags = [ "-mbranch-protection=pac-ret" ]
      }
    }
  }