x86: Enable -fcf-protection with multi-byte NOPs

Programming / Compilers / GCC - hjl [138bc75d-0d04-0410-961f-82ee72b054a4] - 19 April 2018 15:15 EDT

-fcf-protection -mcet can't be used with IFUNC features, like symbol multiversioning or target clone, since IBT/SHSTK are applied to the whole program and they may be disabled in some functions. But -fcf-protection is implemented with multi-byte NOPs on all 64-bit processors as well as 32-bit processors starting with Pentium Pro. If -fcf-protection requires-mcet, IFUNC features can't be used on Linux when -fcf-protection is enabled by default.

This patch changes -fcf-protection to implement indirect branch and return address tracking with multi-byte NOPs. -mibt and -mshstk are changed to only enable CET built-in functions. CET tests are updated to allow -fcf-protection without -mibt, -mshstk and -mcet on x86.-fcf-protection=none are also added to tests which fail with-fcf-protection so that -fcf-protection can be added to RUNTESTFLAGS to verify -fcf-protection implementation.

gcc/

PR target/85417
- config/i386/cet.c (file_end_indicate_exec_stack_and_cet): Check flag_cf_protection instead of TARGET_IBT and TARGET_SHSTK.
- config/i386/i386-c.c (ix86_target_macros_internal): Also define __IBT__ and __SHSTK__ for -fcf-protection.
- config/i386/i386.c (pass_insert_endbranch::gate): Don't check TARGET_IBT. (ix86_trampoline_init): Likewise. (x86_output_mi_thunk): Likewise. (ix86_notrack_prefixed_insn_p): Likewise. (ix86_option_override_internal): Don't disallow -fcf-protection.
- config/i386/i386.md (rdssp): Also enable for
-fcf-protection. (incssp): Likewise. (nop_endbr): Likewise.
- config/i386/i386.opt (mcet): Change help message to built-in functions only. (mibt): Likewise. (mshstk): Likewise.
- doc/invoke.texi: Remove -mcet, -mibt and -mshstk condition on -fcf-protection. Change -mcet, -mibt and -mshstk to only enable CET built-in functions.

gcc/testsuite/

PR target/85417
- c-c++-common/attr-nocf-check-1.c: Compile with
-fcf-protection=none.
- c-c++-common/attr-nocf-check-3.c: Likewise.
- gcc.dg/march-generic.c: Likewise.
- gcc.target/i386/align-limit.c: Likewise.
- gcc.target/i386/cet-notrack-icf-1.c: Likewise.
- gcc.target/i386/cet-notrack-icf-3.c: Likewise.
- gcc.target/i386/cet-property-2.c: Likewise.
- gcc.target/i386/ret-thunk-26.c: Likewise.
- c-c++-common/fcf-protection-1.c: Remove dg-error for x86 targets.
- c-c++-common/fcf-protection-2.c: Likewise.
- c-c++-common/fcf-protection-3.c: Likewise.
- c-c++-common/fcf-protection-5.c: Likewise.
- c-c++-common/fcf-protection-6.c: Likewise.
- c-c++-common/fcf-protection-7.c: Likewise.
- gcc.target/i386/cet-label-3.c: New test.
- gcc.target/i386/cet-property-3.c: Likewise.
- gcc.target/i386/cet-sjlj-7.c: Likewise.
- gcc.target/i386/pr85417-1.c: Likewise.
- gcc.target/i386/indirect-thunk-attr-7.c: Also expect __x86_indirect_thunk_nt_(r|e)ax
- gcc.target/i386/indirect-thunk-extern-7.c: Likewise.
- gcc.target/i386/pr85403.c: Remove dg-error,

b1384095a7c x86: Enable -fcf-protection with multi-byte NOPs
gcc/ChangeLog | 25 ++++++++++
gcc/config/i386/cet.c | 4 +-
gcc/config/i386/i386-c.c | 6 ++-
gcc/config/i386/i386.c | 54 +++-------------------
gcc/config/i386/i386.md | 6 +--
gcc/config/i386/i386.opt | 9 ++--
gcc/doc/invoke.texi | 28 ++++-------
gcc/testsuite/ChangeLog | 28 +++++++++++
gcc/testsuite/c-c++-common/attr-nocf-check-1.c | 1 +
gcc/testsuite/c-c++-common/attr-nocf-check-3.c | 1 +
gcc/testsuite/c-c++-common/fcf-protection-1.c | 1 -
gcc/testsuite/c-c++-common/fcf-protection-2.c | 1 -
gcc/testsuite/c-c++-common/fcf-protection-3.c | 1 -
gcc/testsuite/c-c++-common/fcf-protection-5.c | 1 -
gcc/testsuite/c-c++-common/fcf-protection-6.c | 2 -
gcc/testsuite/c-c++-common/fcf-protection-7.c | 2 -
gcc/testsuite/gcc.dg/march-generic.c | 2 +-
gcc/testsuite/gcc.target/i386/align-limit.c | 2 +-
gcc/testsuite/gcc.target/i386/cet-label-3.c | 16 +++++++
gcc/testsuite/gcc.target/i386/cet-notrack-icf-1.c | 2 +-
gcc/testsuite/gcc.target/i386/cet-notrack-icf-3.c | 2 +-
gcc/testsuite/gcc.target/i386/cet-property-2.c | 2 +-
gcc/testsuite/gcc.target/i386/cet-property-3.c | 11 +++++
gcc/testsuite/gcc.target/i386/cet-sjlj-7.c | 48 +++++++++++++++++++
.../gcc.target/i386/indirect-thunk-attr-7.c | 2 +-
.../gcc.target/i386/indirect-thunk-extern-7.c | 2 +-
gcc/testsuite/gcc.target/i386/pr85403.c | 2 +-
gcc/testsuite/gcc.target/i386/pr85417-1.c | 17 +++++++
gcc/testsuite/gcc.target/i386/ret-thunk-26.c | 2 +-
29 files changed, 186 insertions(+), 94 deletions(-)

Upstream: gcc.gnu.org


  • Share