git.ipfire.org Git - thirdparty/Python/cpython.git/commit

[3.15] gh-139808: Add branch protections for aarch64 in asm_trampoline.S (GH-130864) (#149730)

gh-139808: Add branch protections for aarch64 in asm_trampoline.S (GH-130864)

Apply protection against ROP/JOP attacks for aarch64 on asm_trampoline.S.

The BTI flag must be applied in assembler sources for this class
of attacks to be mitigated on newer aarch64 processors.

See also:
https://sourceware.org/annobin/annobin.html/Test-branch-protection.html
and
https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enabling-pac-and-bti-on-aarch64
(cherry picked from commit da8477b25c6124c961306d4d7cd5ec7dafda6be4)

Co-authored-by: stratakis <cstratak@redhat.com>
Co-authored-by: Victor Stinner <vstinner@python.org>

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Tue, 12 May 2026 20:10:24 +0000 (22:10 +0200)
committer	GitHub <noreply@github.com>
	Tue, 12 May 2026 20:10:24 +0000 (22:10 +0200)
commit	564902ea8ae409d46a8ff9c06f3f9d58f754cf59
tree	346ea0978285b4547bc018f546d3bf863b5b0568	tree \| snapshot
parent	e2e9cea7692fdb0ac3e34fd38a25d9025035769f	commit \| diff

Misc/NEWS.d/next/Core_and_Builtins/2026-05-12-16-47-23.gh-issue-139808.iIs7_E.rst	[new file with mode: 0644]	blob
Python/asm_trampoline.S		diff \| blob \| blame \| history
Python/asm_trampoline_aarch64.h	[new file with mode: 0644]	blob
Python/jit_unwind.c		diff \| blob \| blame \| history