Package: gcc-10
Version: 10.2.1-6
Severity: normal
Tags: patch bullseye
X-Debbugs-Cc: debian-ker...@lists.debian.org
In an upcoming kernel update I would like to add mitigation of
Straight Line Speculation (SLS) for amd64. This depends partly on
compiler support, enabled with the -mharden-sls option, which is
currently only available in gcc 11 and 12.
Attached is a debdiff that adds this to gcc-10. I have:
- Rebuilt the package, with no test regressions
- Built a working kernel package with SLS (and return thunks) enabled
The debdiff is against the bullseye version. I haven't tested the
latest version since we are using gcc-11 in testing/unstable.
I still have to check whether the kernel really still needs this
option in the compiler, since it also builds with retpolines and
rethunks and can replace those jumps with SLS mitigation instead where
appropriate.
Ben.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'oldstable-updates'), (500,
'unstable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.18.0-2-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gcc-10 depends on:
ii binutils 2.38.50.20220629-2
ii cpp-10 10.4.0-1
ii gcc-10-base 10.4.0-1
ii libc6 2.33-7
ii libcc1-0 12.1.0-5
ii libgcc-10-dev 10.4.0-1
ii libgcc-s1 12.1.0-5
ii libgmp10 2:6.2.1+dfsg1-1
ii libisl23 0.24-2
ii libmpc3 1.2.1-2
ii libmpfr6 4.1.0-3
ii libstdc++6 12.1.0-5
ii libzstd1 1.5.2+dfsg-1
ii zlib1g 1:1.2.11.dfsg-4
Versions of packages gcc-10 recommends:
ii libc6-dev 2.33-7
Versions of packages gcc-10 suggests:
ii gcc-10-doc 10.3.0-2
pn gcc-10-locales <none>
ii gcc-10-multilib 10.4.0-1
-- debconf-show failed
diff -Nru gcc-10-10.2.1/debian/changelog gcc-10-10.2.1/debian/changelog
--- gcc-10-10.2.1/debian/changelog 2021-01-10 12:35:39.000000000 +0100
+++ gcc-10-10.2.1/debian/changelog 2022-07-11 15:02:37.000000000 +0200
@@ -1,3 +1,9 @@
+gcc-10 (10.2.1-6.1) UNRELEASED; urgency=medium
+
+ * Backport support for -mharden-sls for x86
+
+ -- Ben Hutchings <b...@debian.org> Mon, 11 Jul 2022 15:02:37 +0200
+
gcc-10 (10.2.1-6) unstable; urgency=medium
* Update to git 20210110 from the gcc-10 branch.
diff -Nru
gcc-10-10.2.1/debian/patches/x86-add-mharden-sls-none-all-return-indirect-branch.diff
gcc-10-10.2.1/debian/patches/x86-add-mharden-sls-none-all-return-indirect-branch.diff
---
gcc-10-10.2.1/debian/patches/x86-add-mharden-sls-none-all-return-indirect-branch.diff
1970-01-01 01:00:00.000000000 +0100
+++
gcc-10-10.2.1/debian/patches/x86-add-mharden-sls-none-all-return-indirect-branch.diff
2022-07-11 15:02:37.000000000 +0200
@@ -0,0 +1,247 @@
+From: "H.J. Lu" <hjl.to...@gmail.com>
+Date: Wed, 27 Oct 2021 07:48:54 -0700
+Subject: [PATCH] x86: Add -mharden-sls=[none|all|return|indirect-branch]
+Origin:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=39d944c4237e5d35e28a2668d3b9a2e0f6f7bd01
+
+Add -mharden-sls= to mitigate against straight line speculation (SLS)
+for function return and indirect branch by adding an INT3 instruction
+after function return and indirect branch.
+
+gcc/
+
+ PR target/102952
+ * config/i386/i386-opts.h (harden_sls): New enum.
+ * config/i386/i386.c (output_indirect_thunk): Mitigate against
+ SLS for function return.
+ (ix86_output_function_return): Likewise.
+ (ix86_output_jmp_thunk_or_indirect): Mitigate against indirect
+ branch.
+ (ix86_output_indirect_jmp): Likewise.
+ (ix86_output_call_insn): Likewise.
+ * config/i386/i386.opt: Add -mharden-sls=.
+ * doc/invoke.texi: Document -mharden-sls=.
+
+gcc/testsuite/
+
+ PR target/102952
+ * gcc.target/i386/harden-sls-1.c: New test.
+ * gcc.target/i386/harden-sls-2.c: Likewise.
+ * gcc.target/i386/harden-sls-3.c: Likewise.
+ * gcc.target/i386/harden-sls-4.c: Likewise.
+ * gcc.target/i386/harden-sls-5.c: Likewise.
+
+(cherry picked from commit 53a643f8568067d7700a9f2facc8ba39974973d3)
+[benh:
+ - Drop changes in gcc/doc/invoke.texi, which is not included in the
+ Debian package
+ - Use NULL instead of nullptr]
+---
+ gcc/config/i386/i386-opts.h | 7 +++++++
+ gcc/config/i386/i386.c | 21 +++++++++++++-------
+ gcc/config/i386/i386.opt | 20 +++++++++++++++++++
+ gcc/doc/invoke.texi | 10 +++++++++-
+ gcc/testsuite/gcc.target/i386/harden-sls-1.c | 14 +++++++++++++
+ gcc/testsuite/gcc.target/i386/harden-sls-2.c | 14 +++++++++++++
+ gcc/testsuite/gcc.target/i386/harden-sls-3.c | 14 +++++++++++++
+ gcc/testsuite/gcc.target/i386/harden-sls-4.c | 16 +++++++++++++++
+ gcc/testsuite/gcc.target/i386/harden-sls-5.c | 17 ++++++++++++++++
+ 9 files changed, 125 insertions(+), 8 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-1.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-2.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-3.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-4.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-5.c
+
+--- a/src/gcc/config/i386/i386-opts.h
++++ b/src/gcc/config/i386/i386-opts.h
+@@ -125,4 +125,11 @@ enum instrument_return {
+ instrument_return_nop5
+ };
+
++enum harden_sls {
++ harden_sls_none = 0,
++ harden_sls_return = 1 << 0,
++ harden_sls_indirect_branch = 1 << 1,
++ harden_sls_all = harden_sls_return | harden_sls_indirect_branch
++};
++
+ #endif
+--- a/src/gcc/config/i386/i386.c
++++ b/src/gcc/config/i386/i386.c
+@@ -5478,6 +5478,8 @@ output_indirect_thunk (unsigned int regn
+ }
+
+ fputs ("\tret\n", asm_out_file);
++ if ((ix86_harden_sls & harden_sls_return))
++ fputs ("\tint3\n", asm_out_file);
+ }
+
+ /* Output a funtion with a call and return thunk for indirect branch.
+@@ -15426,6 +15428,8 @@ ix86_output_jmp_thunk_or_indirect (const
+ fprintf (asm_out_file, "\tjmp\t");
+ assemble_name (asm_out_file, thunk_name);
+ putc ('\n', asm_out_file);
++ if ((ix86_harden_sls & harden_sls_indirect_branch))
++ fputs ("\tint3\n", asm_out_file);
+ }
+ else
+ output_indirect_thunk (regno);
+@@ -15648,10 +15652,10 @@ ix86_output_indirect_jmp (rtx call_op)
+ gcc_unreachable ();
+
+ ix86_output_indirect_branch (call_op, "%0", true);
+- return "";
+ }
+ else
+- return "%!jmp\t%A0";
++ output_asm_insn ("%!jmp\t%A0", &call_op);
++ return (ix86_harden_sls & harden_sls_indirect_branch) ? "int3" : "";
+ }
+
+ /* Output return instrumentation for current function if needed. */
+@@ -15719,10 +15723,8 @@ ix86_output_function_return (bool long_p
+ return "";
+ }
+
+- if (!long_p)
+- return "ret";
+-
+- return "rep%; ret";
++ output_asm_insn (long_p ? "rep%; ret" : "ret", NULL);
++ return (ix86_harden_sls & harden_sls_return) ? "int3" : "";
+ }
+
+ /* Output indirect function return. RET_OP is the function return
+@@ -15817,7 +15819,12 @@ ix86_output_call_insn (rtx_insn *insn, r
+ if (output_indirect_p && !direct_p)
+ ix86_output_indirect_branch (call_op, xasm, true);
+ else
+- output_asm_insn (xasm, &call_op);
++ {
++ output_asm_insn (xasm, &call_op);
++ if (!direct_p
++ && (ix86_harden_sls & harden_sls_indirect_branch))
++ return "int3";
++ }
+ return "";
+ }
+
+--- a/src/gcc/config/i386/i386.opt
++++ b/src/gcc/config/i386/i386.opt
+@@ -1109,6 +1109,26 @@ mrecord-return
+ Target Report Var(ix86_flag_record_return) Init(0)
+ Generate a __return_loc section pointing to all return instrumentation code.
+
++mharden-sls=
++Target RejectNegative Joined Enum(harden_sls) Var(ix86_harden_sls)
Init(harden_sls_none)
++Generate code to mitigate against straight line speculation.
++
++Enum
++Name(harden_sls) Type(enum harden_sls)
++Known choices for mitigation against straight line speculation with
-mharden-sls=:
++
++EnumValue
++Enum(harden_sls) String(none) Value(harden_sls_none)
++
++EnumValue
++Enum(harden_sls) String(return) Value(harden_sls_return)
++
++EnumValue
++Enum(harden_sls) String(indirect-branch) Value(harden_sls_indirect_branch)
++
++EnumValue
++Enum(harden_sls) String(all) Value(harden_sls_all)
++
+ mavx512bf16
+ Target Report Mask(ISA2_AVX512BF16) Var(ix86_isa_flags2) Save
+ Support MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AVX, AVX2, AVX512F and
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/harden-sls-1.c
+@@ -0,0 +1,14 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-extern -mharden-sls=all" } */
++/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
++
++extern void foo (void);
++
++void
++bar (void)
++{
++ foo ();
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]+_?foo" } } */
++/* { dg-final { scan-assembler-not {int3} } } */
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/harden-sls-2.c
+@@ -0,0 +1,14 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-extern -mharden-sls=all" } */
++/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
++
++extern void (*fptr) (void);
++
++void
++foo (void)
++{
++ fptr ();
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]+_?__x86_indirect_thunk_(r|e)ax" }
} */
++/* { dg-final { scan-assembler-times "int3" 1 } } */
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/harden-sls-3.c
+@@ -0,0 +1,14 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk -mharden-sls=all" } */
++/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
++
++extern void (*fptr) (void);
++
++void
++foo (void)
++{
++ fptr ();
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]+_?__x86_indirect_thunk_(r|e)ax" }
} */
++/* { dg-final { scan-assembler-times "int3" 2 } } */
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/harden-sls-4.c
+@@ -0,0 +1,16 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=keep -mharden-sls=all" } */
++/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
++
++extern void (*fptr) (void);
++
++void
++foo (void)
++{
++ fptr ();
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]+\\*_?fptr" { target { ! x32 } } }
} */
++/* { dg-final { scan-assembler "movl\[ \t\]+fptr\\(%rip\\), %eax" { target
x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]+\\*%rax" { target x32 } } } */
++/* { dg-final { scan-assembler-times "int3" 1 } } */
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/harden-sls-5.c
+@@ -0,0 +1,17 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep
-mindirect-branch=thunk-extern -mharden-sls=return" } */
++/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch;
++
++int
++male_indirect_jump (long offset)
++{
++ dispatch(offset);
++ return 0;
++}
++
++/* { dg-final { scan-assembler-times "ret" 1 } } */
++/* { dg-final { scan-assembler-times "int3" 1 } } */
diff -Nru gcc-10-10.2.1/debian/patches/x86-add-mindirect-branch-cs-prefix.diff
gcc-10-10.2.1/debian/patches/x86-add-mindirect-branch-cs-prefix.diff
--- gcc-10-10.2.1/debian/patches/x86-add-mindirect-branch-cs-prefix.diff
1970-01-01 01:00:00.000000000 +0100
+++ gcc-10-10.2.1/debian/patches/x86-add-mindirect-branch-cs-prefix.diff
2022-07-11 15:02:37.000000000 +0200
@@ -0,0 +1,108 @@
+From: "H.J. Lu" <hjl.to...@gmail.com>
+Date: Wed, 27 Oct 2021 06:27:15 -0700
+Subject: [PATCH 1/1] x86: Add -mindirect-branch-cs-prefix
+Origin:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5d928740a533cd9e78673fad7ea86d20b2142277
+
+Add -mindirect-branch-cs-prefix to add CS prefix to call and jmp to
+indirect thunk with branch target in r8-r15 registers so that the call
+and jmp instruction length is 6 bytes to allow them to be replaced with
+"lfence; call *%r8-r15" or "lfence; jmp *%r8-r15" at run-time.
+
+gcc/
+
+ PR target/102952
+ * config/i386/i386.c (ix86_output_jmp_thunk_or_indirect): Emit
+ CS prefix for -mindirect-branch-cs-prefix.
+ (ix86_output_indirect_branch_via_reg): Likewise.
+ * config/i386/i386.opt: Add -mindirect-branch-cs-prefix.
+ * doc/invoke.texi: Document -mindirect-branch-cs-prefix.
+
+gcc/testsuite/
+
+ PR target/102952
+ * gcc.target/i386/indirect-thunk-cs-prefix-1.c: New test.
+ * gcc.target/i386/indirect-thunk-cs-prefix-2.c: Likewise.
+
+(cherry picked from commit 2196a681d7810ad8b227bf983f38ba716620545e)
+[benh: Drop changes in gcc/doc/invoke.texi, which is not included in
+ the Debian package]
+---
+ gcc/config/i386/i386.c | 6 ++++++
+ gcc/config/i386/i386.opt | 4 ++++
+ gcc/doc/invoke.texi | 10 +++++++++-
+ .../gcc.target/i386/indirect-thunk-cs-prefix-1.c | 14 ++++++++++++++
+ .../gcc.target/i386/indirect-thunk-cs-prefix-2.c | 15 +++++++++++++++
+ 5 files changed, 48 insertions(+), 1 deletion(-)
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-1.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-2.c
+
+--- a/src/gcc/config/i386/i386.c
++++ b/src/gcc/config/i386/i386.c
+@@ -15425,6 +15425,9 @@ ix86_output_jmp_thunk_or_indirect (const
+ {
+ if (thunk_name != NULL)
+ {
++ if (REX_INT_REGNO_P (regno)
++ && ix86_indirect_branch_cs_prefix)
++ fprintf (asm_out_file, "\tcs\n");
+ fprintf (asm_out_file, "\tjmp\t");
+ assemble_name (asm_out_file, thunk_name);
+ putc ('\n', asm_out_file);
+@@ -15478,6 +15481,9 @@ ix86_output_indirect_branch_via_reg (rtx
+ {
+ if (thunk_name != NULL)
+ {
++ if (REX_INT_REGNO_P (regno)
++ && ix86_indirect_branch_cs_prefix)
++ fprintf (asm_out_file, "\tcs\n");
+ fprintf (asm_out_file, "\tcall\t");
+ assemble_name (asm_out_file, thunk_name);
+ putc ('\n', asm_out_file);
+--- a/src/gcc/config/i386/i386.opt
++++ b/src/gcc/config/i386/i386.opt
+@@ -1068,6 +1068,10 @@ Enum(indirect_branch) String(thunk-inlin
+ EnumValue
+ Enum(indirect_branch) String(thunk-extern) Value(indirect_branch_thunk_extern)
+
++mindirect-branch-cs-prefix
++Target Var(ix86_indirect_branch_cs_prefix) Init(0)
++Add CS prefix to call and jmp to indirect thunk with branch target in r8-r15
registers.
++
+ mindirect-branch-register
+ Target Report Var(ix86_indirect_branch_register) Init(0)
+ Force indirect call and jump via register.
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-1.c
+@@ -0,0 +1,14 @@
++/* { dg-do compile { target { ! ia32 } } } */
++/* { dg-options "-O2 -ffixed-rax -ffixed-rbx -ffixed-rcx -ffixed-rdx
-ffixed-rdi -ffixed-rsi -mindirect-branch-cs-prefix
-mindirect-branch=thunk-extern" } */
++/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
++
++extern void (*fptr) (void);
++
++void
++foo (void)
++{
++ fptr ();
++}
++
++/* { dg-final { scan-assembler-times "jmp\[
\t\]+_?__x86_indirect_thunk_r\[0-9\]+" 1 } } */
++/* { dg-final { scan-assembler-times "\tcs" 1 } } */
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-2.c
+@@ -0,0 +1,15 @@
++/* { dg-do compile { target { ! ia32 } } } */
++/* { dg-options "-O2 -ffixed-rax -ffixed-rbx -ffixed-rcx -ffixed-rdx
-ffixed-rdi -ffixed-rsi -mindirect-branch-cs-prefix
-mindirect-branch=thunk-extern" } */
++/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
++
++extern void (*bar) (void);
++
++int
++foo (void)
++{
++ bar ();
++ return 0;
++}
++
++/* { dg-final { scan-assembler-times "call\[
\t\]+_?__x86_indirect_thunk_r\[0-9\]+" 1 } } */
++/* { dg-final { scan-assembler-times "\tcs" 1 } } */
diff -Nru
gcc-10-10.2.1/debian/patches/x86-generate-int3-for-__builtin_eh_return.diff
gcc-10-10.2.1/debian/patches/x86-generate-int3-for-__builtin_eh_return.diff
--- gcc-10-10.2.1/debian/patches/x86-generate-int3-for-__builtin_eh_return.diff
1970-01-01 01:00:00.000000000 +0100
+++ gcc-10-10.2.1/debian/patches/x86-generate-int3-for-__builtin_eh_return.diff
2022-07-11 15:02:37.000000000 +0200
@@ -0,0 +1,67 @@
+From: "H.J. Lu" <hjl.to...@gmail.com>
+Date: Wed, 5 Jan 2022 18:04:21 -0800
+Subject: [PATCH 1/1] x86: Generate INT3 for __builtin_eh_return
+Origin:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=978956485a663493130b02f787095095d163290e
+
+Generate INT3 after indirect jmp in exception return for -fcf-protection
+with -mharden-sls=indirect-jmp.
+
+gcc/
+
+ PR target/103925
+ * config/i386/i386.c (ix86_output_indirect_function_return):
+ Generate INT3 after indirect jmp for -mharden-sls=indirect-jmp.
+
+gcc/testsuite/
+
+ PR target/103925
+ * gcc.target/i386/harden-sls-6.c: New test.
+
+(cherry picked from commit c2e5c4feed32c808591b5278f680bbabe63eb225)
+---
+ gcc/config/i386/i386.c | 9 ++++++---
+ gcc/testsuite/gcc.target/i386/harden-sls-6.c | 18 ++++++++++++++++++
+ 2 files changed, 24 insertions(+), 3 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-6.c
+
+--- a/src/gcc/config/i386/i386.c
++++ b/src/gcc/config/i386/i386.c
+@@ -15765,11 +15765,14 @@ ix86_output_indirect_function_return (rt
+ }
+ else
+ output_indirect_thunk (regno);
+-
+- return "";
+ }
+ else
+- return "%!jmp\t%A0";
++ {
++ output_asm_insn ("%!jmp\t%A0", &ret_op);
++ if (ix86_harden_sls & harden_sls_indirect_jmp)
++ fputs ("\tint3\n", asm_out_file);
++ }
++ return "";
+ }
+
+ /* Output the assembly for a call instruction. */
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/harden-sls-6.c
+@@ -0,0 +1,18 @@
++/* { dg-do compile { target { ! ia32 } } } */
++/* { dg-options "-O2 -fcf-protection -mharden-sls=indirect-jmp" } */
++
++struct _Unwind_Context _Unwind_Resume_or_Rethrow_this_context;
++
++void offset (int);
++
++struct _Unwind_Context {
++ void *reg[7];
++} _Unwind_Resume_or_Rethrow() {
++ struct _Unwind_Context cur_contextcur_context =
++ _Unwind_Resume_or_Rethrow_this_context;
++ offset(0);
++ __builtin_eh_return ((long) offset, 0);
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]+\\*%rcx" } } */
++/* { dg-final { scan-assembler-times "int3" 1 } } */
diff -Nru gcc-10-10.2.1/debian/patches/x86-remove-before-ret.diff
gcc-10-10.2.1/debian/patches/x86-remove-before-ret.diff
--- gcc-10-10.2.1/debian/patches/x86-remove-before-ret.diff 1970-01-01
01:00:00.000000000 +0100
+++ gcc-10-10.2.1/debian/patches/x86-remove-before-ret.diff 2022-07-11
15:02:37.000000000 +0200
@@ -0,0 +1,65 @@
+From: "H.J. Lu" <hjl.to...@gmail.com>
+Date: Wed, 17 Nov 2021 11:41:12 -0800
+Subject: [PATCH] x86: Remove "%!" before ret
+Origin:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=c604b03126722b419073a97e97ed844677058714
+
+Before MPX was removed, "%!" was mapped to
+
+ case '!':
+ if (ix86_bnd_prefixed_insn_p (current_output_insn))
+ fputs ("bnd ", file);
+ return;
+
+After CET was added and MPX was removed, "%!" was mapped to
+
+ case '!':
+ if (ix86_notrack_prefixed_insn_p (current_output_insn))
+ fputs ("notrack ", file);
+ return;
+
+ix86_notrack_prefixed_insn_p always returns false on ret since the
+notrack prefix is only for indirect branches. Remove the unused "%!"
+before ret.
+
+ PR target/103307
+ * config/i386/i386.c (ix86_code_end): Remove "%!" before ret.
+ (ix86_output_function_return): Likewise.
+ * config/i386/i386.md (simple_return_pop_internal): Likewise.
+
+(cherry picked from commit 8e410de43ce039bbe08f1e0195e3b6ec24f68cae)
+---
+ gcc/config/i386/i386.c | 4 ++--
+ gcc/config/i386/i386.md | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/src/gcc/config/i386/i386.c
++++ b/src/gcc/config/i386/i386.c
+@@ -5680,7 +5680,7 @@ ix86_code_end (void)
+ xops[0] = gen_rtx_REG (Pmode, regno);
+ xops[1] = gen_rtx_MEM (Pmode, stack_pointer_rtx);
+ output_asm_insn ("mov%z0\t{%1, %0|%0, %1}", xops);
+- output_asm_insn ("%!ret", NULL);
++ fputs ("\tret\n", asm_out_file);
+ final_end_function ();
+ init_insn_lengths ();
+ free_after_compilation (cfun);
+@@ -15720,7 +15720,7 @@ ix86_output_function_return (bool long_p
+ }
+
+ if (!long_p)
+- return "%!ret";
++ return "ret";
+
+ return "rep%; ret";
+ }
+--- a/src/gcc/config/i386/i386.md
++++ b/src/gcc/config/i386/i386.md
+@@ -13363,7 +13363,7 @@
+ [(simple_return)
+ (use (match_operand:SI 0 "const_int_operand"))]
+ "reload_completed"
+- "%!ret\t%0"
++ "ret\t%0"
+ "&& cfun->machine->function_return_type != indirect_branch_keep"
+ [(const_int 0)]
+ "ix86_split_simple_return_pop_internal (operands[0]); DONE;"
diff -Nru
gcc-10-10.2.1/debian/patches/x86-rename-harden-sls-indirect-branch-to--harden-sls-indirect-jmp.diff
gcc-10-10.2.1/debian/patches/x86-rename-harden-sls-indirect-branch-to--harden-sls-indirect-jmp.diff
---
gcc-10-10.2.1/debian/patches/x86-rename-harden-sls-indirect-branch-to--harden-sls-indirect-jmp.diff
1970-01-01 01:00:00.000000000 +0100
+++
gcc-10-10.2.1/debian/patches/x86-rename-harden-sls-indirect-branch-to--harden-sls-indirect-jmp.diff
2022-07-11 15:02:37.000000000 +0200
@@ -0,0 +1,86 @@
+From: "H.J. Lu" <hjl.to...@gmail.com>
+Date: Wed, 5 Jan 2022 16:33:16 -0800
+Subject: [PATCH 1/1] x86: Rename -harden-sls=indirect-branch to
+ -harden-sls=indirect-jmp
+Origin:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=58a4e292e8507a2968bfd2b10631ba95d5440c97
+
+Indirect branch also includes indirect call instructions. Rename
+-harden-sls=indirect-branch to -harden-sls=indirect-jmp to match its
+intended behavior.
+
+ PR target/102952
+ * config/i386/i386-opts.h (harden_sls): Replace
+ harden_sls_indirect_branch with harden_sls_indirect_jmp.
+ * config/i386/i386.c (ix86_output_jmp_thunk_or_indirect):
+ Likewise.
+ (ix86_output_indirect_jmp): Likewise.
+ (ix86_output_call_insn): Likewise.
+ * config/i386/i386.opt: Replace indirect-branch with
+ indirect-jmp. Replace harden_sls_indirect_branch with
+ harden_sls_indirect_jmp.
+ * doc/invoke.texi (-harden-sls=): Replace indirect-branch with
+ indirect-jmp.
+
+(cherry picked from commit ed8060950c64f2e449aaf90e438aa26d0d9d0b31)
+[benh: Drop changes in gcc/doc/invoke.texi, which is not included in
+ the Debian package]
+---
+ gcc/config/i386/i386-opts.h | 4 ++--
+ gcc/config/i386/i386.c | 6 +++---
+ gcc/config/i386/i386.opt | 2 +-
+ gcc/doc/invoke.texi | 4 ++--
+ 4 files changed, 8 insertions(+), 8 deletions(-)
+
+--- a/src/gcc/config/i386/i386-opts.h
++++ b/src/gcc/config/i386/i386-opts.h
+@@ -128,8 +128,8 @@ enum instrument_return {
+ enum harden_sls {
+ harden_sls_none = 0,
+ harden_sls_return = 1 << 0,
+- harden_sls_indirect_branch = 1 << 1,
+- harden_sls_all = harden_sls_return | harden_sls_indirect_branch
++ harden_sls_indirect_jmp = 1 << 1,
++ harden_sls_all = harden_sls_return | harden_sls_indirect_jmp
+ };
+
+ #endif
+--- a/src/gcc/config/i386/i386.c
++++ b/src/gcc/config/i386/i386.c
+@@ -15431,7 +15431,7 @@ ix86_output_jmp_thunk_or_indirect (const
+ fprintf (asm_out_file, "\tjmp\t");
+ assemble_name (asm_out_file, thunk_name);
+ putc ('\n', asm_out_file);
+- if ((ix86_harden_sls & harden_sls_indirect_branch))
++ if ((ix86_harden_sls & harden_sls_indirect_jmp))
+ fputs ("\tint3\n", asm_out_file);
+ }
+ else
+@@ -15661,7 +15661,7 @@ ix86_output_indirect_jmp (rtx call_op)
+ }
+ else
+ output_asm_insn ("%!jmp\t%A0", &call_op);
+- return (ix86_harden_sls & harden_sls_indirect_branch) ? "int3" : "";
++ return (ix86_harden_sls & harden_sls_indirect_jmp) ? "int3" : "";
+ }
+
+ /* Output return instrumentation for current function if needed. */
+@@ -15828,7 +15828,7 @@ ix86_output_call_insn (rtx_insn *insn, r
+ {
+ output_asm_insn (xasm, &call_op);
+ if (!direct_p
+- && (ix86_harden_sls & harden_sls_indirect_branch))
++ && (ix86_harden_sls & harden_sls_indirect_jmp))
+ return "int3";
+ }
+ return "";
+--- a/src/gcc/config/i386/i386.opt
++++ b/src/gcc/config/i386/i386.opt
+@@ -1128,7 +1128,7 @@ EnumValue
+ Enum(harden_sls) String(return) Value(harden_sls_return)
+
+ EnumValue
+-Enum(harden_sls) String(indirect-branch) Value(harden_sls_indirect_branch)
++Enum(harden_sls) String(indirect-jmp) Value(harden_sls_indirect_jmp)
+
+ EnumValue
+ Enum(harden_sls) String(all) Value(harden_sls_all)
diff -Nru gcc-10-10.2.1/debian/rules.patch gcc-10-10.2.1/debian/rules.patch
--- gcc-10-10.2.1/debian/rules.patch 2021-01-10 12:35:39.000000000 +0100
+++ gcc-10-10.2.1/debian/rules.patch 2022-07-11 15:02:18.000000000 +0200
@@ -124,6 +124,15 @@
debian_patches += pr39491
endif
+ifneq (,$(findstring gcc-10, $(PKGSOURCE)))
+ debian_patches += \
+ x86-remove-before-ret \
+ x86-add-mharden-sls-none-all-return-indirect-branch \
+ x86-add-mindirect-branch-cs-prefix \
+ x86-rename-harden-sls-indirect-branch-to--harden-sls-indirect-jmp \
+ x86-generate-int3-for-__builtin_eh_return
+endif
+
# Patches for non-core languages.
debian_patches += gm2 gm2-texinfo gm2-bootstrap-compare
