[Bug target/85417] -fcf-protection should provide CET protection on x86

Thu, 19 Apr 2018 08:16:28 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85417

--- Comment #6 from hjl at gcc dot gnu.org <hjl at gcc dot gnu.org> ---
Author: hjl
Date: Thu Apr 19 15:15:04 2018
New Revision: 259496

URL: https://gcc.gnu.org/viewcvs?rev=259496&root=gcc&view=rev
Log:
x86: Enable -fcf-protection with multi-byte NOPs

-fcf-protection -mcet can't be used with IFUNC features, like symbol
multiversioning or target clone, since IBT/SHSTK are applied to the whole
program and they may be disabled in some functions.  But -fcf-protection
is implemented with multi-byte NOPs on all 64-bit processors as well as
32-bit processors starting with Pentium Pro.  If -fcf-protection requires
-mcet, IFUNC features can't be used on Linux when -fcf-protection is
enabled by default.

This patch changes -fcf-protection to implement indirect branch and
return address tracking with multi-byte NOPs.  -mibt and -mshstk are
changed to only enable CET built-in functions.  CET tests are updated
to allow -fcf-protection without -mibt, -mshstk and -mcet on x86.
-fcf-protection=none are also added to tests which fail with
-fcf-protection so that -fcf-protection can be added to RUNTESTFLAGS
to verify -fcf-protection implementation.

gcc/

        PR target/85417
        * config/i386/cet.c (file_end_indicate_exec_stack_and_cet):
        Check flag_cf_protection instead of TARGET_IBT and TARGET_SHSTK.
        * config/i386/i386-c.c (ix86_target_macros_internal): Also
        define __IBT__ and __SHSTK__ for -fcf-protection.
        * config/i386/i386.c (pass_insert_endbranch::gate): Don't check
        TARGET_IBT.
        (ix86_trampoline_init): Likewise.
        (x86_output_mi_thunk): Likewise.
        (ix86_notrack_prefixed_insn_p): Likewise.
        (ix86_option_override_internal): Don't disallow -fcf-protection.
        * config/i386/i386.md (rdssp<mode>): Also enable for
        -fcf-protection.
        (incssp<mode>): Likewise.
        (nop_endbr): Likewise.
        * config/i386/i386.opt (mcet): Change help message to built-in
        functions only.
        (mibt): Likewise.
        (mshstk): Likewise.
        * doc/invoke.texi: Remove -mcet, -mibt and -mshstk condition
        on -fcf-protection.  Change -mcet, -mibt and -mshstk to only
        enable CET built-in functions.

gcc/testsuite/

        PR target/85417
        * c-c++-common/attr-nocf-check-1.c: Compile with
        -fcf-protection=none.
        * c-c++-common/attr-nocf-check-3.c: Likewise.
        * gcc.dg/march-generic.c: Likewise.
        * gcc.target/i386/align-limit.c: Likewise.
        * gcc.target/i386/cet-notrack-icf-1.c: Likewise.
        * gcc.target/i386/cet-notrack-icf-3.c: Likewise.
        * gcc.target/i386/cet-property-2.c: Likewise.
        * gcc.target/i386/ret-thunk-26.c: Likewise.
        * c-c++-common/fcf-protection-1.c: Remove dg-error for x86
        targets.
        * c-c++-common/fcf-protection-2.c: Likewise.
        * c-c++-common/fcf-protection-3.c: Likewise.
        * c-c++-common/fcf-protection-5.c: Likewise.
        * c-c++-common/fcf-protection-6.c: Likewise.
        * c-c++-common/fcf-protection-7.c: Likewise.
        * gcc.target/i386/cet-label-3.c: New test.
        * gcc.target/i386/cet-property-3.c: Likewise.
        * gcc.target/i386/cet-sjlj-7.c: Likewise.
        * gcc.target/i386/pr85417-1.c: Likewise.
        * gcc.target/i386/indirect-thunk-attr-7.c: Also expect
        __x86_indirect_thunk_nt_(r|e)ax
        * gcc.target/i386/indirect-thunk-extern-7.c: Likewise.
        * gcc.target/i386/pr85403.c: Remove dg-error,

Added:
    trunk/gcc/testsuite/gcc.target/i386/cet-label-3.c
    trunk/gcc/testsuite/gcc.target/i386/cet-property-3.c
    trunk/gcc/testsuite/gcc.target/i386/cet-sjlj-7.c
    trunk/gcc/testsuite/gcc.target/i386/pr85417-1.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/config/i386/cet.c
    trunk/gcc/config/i386/i386-c.c
    trunk/gcc/config/i386/i386.c
    trunk/gcc/config/i386/i386.md
    trunk/gcc/config/i386/i386.opt
    trunk/gcc/doc/invoke.texi
    trunk/gcc/testsuite/ChangeLog
    trunk/gcc/testsuite/c-c++-common/attr-nocf-check-1.c
    trunk/gcc/testsuite/c-c++-common/attr-nocf-check-3.c
    trunk/gcc/testsuite/c-c++-common/fcf-protection-1.c
    trunk/gcc/testsuite/c-c++-common/fcf-protection-2.c
    trunk/gcc/testsuite/c-c++-common/fcf-protection-3.c
    trunk/gcc/testsuite/c-c++-common/fcf-protection-5.c
    trunk/gcc/testsuite/c-c++-common/fcf-protection-6.c
    trunk/gcc/testsuite/c-c++-common/fcf-protection-7.c
    trunk/gcc/testsuite/gcc.dg/march-generic.c
    trunk/gcc/testsuite/gcc.target/i386/align-limit.c
    trunk/gcc/testsuite/gcc.target/i386/cet-notrack-icf-1.c
    trunk/gcc/testsuite/gcc.target/i386/cet-notrack-icf-3.c
    trunk/gcc/testsuite/gcc.target/i386/cet-property-2.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-7.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-7.c
    trunk/gcc/testsuite/gcc.target/i386/pr85403.c
    trunk/gcc/testsuite/gcc.target/i386/ret-thunk-26.c

Reply via email to