From patchwork Sat Mar 24 23:49:48 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hongjiu.lu@intel.com>
X-Patchwork-Id: 890590
Return-Path: 
 <gcc-patches-return-475421-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org
	(client-ip=209.132.180.131; helo=sourceware.org;
	envelope-from=gcc-patches-return-475421-incoming=patchwork.ozlabs.org@gcc.gnu.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=none (p=none dis=none) header.from=intel.com
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org
	header.b="WZipUor0"; dkim-atps=neutral
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 407xwX00kmz9s08
	for <incoming@patchwork.ozlabs.org>;
	Sun, 25 Mar 2018 10:50:01 +1100 (AEDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:date
	:from:to:subject:message-id:reply-to:mime-version:content-type;
	q=dns; s=default; b=N3Oa7qEupnZ+ASrCIUtql9U0p9GoKQUcXBU9/iE9QwL
	ByWDzrAPY2mB1Bnvbggng6TAtQIpX24K1eQjthT+M6296hrfmjjIRGb8iw/gx3L8
	iwMSCSETePEVJw5XoIrziQeOXeazQk9Y6VRvplYts8Qw2ZyEGgQx3PS6PmaetkqM
	=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:date
	:from:to:subject:message-id:reply-to:mime-version:content-type;
	s=default; bh=eOt1ftO3cPf4hA/ZOYTO2/wv5gA=; b=WZipUor0lhruv0Jd/
	GhEthIb745MdTDoF0UPiWc4iWlu7VpukKz4A5jMVC4hO83aYN+cQGg5t/dbBTZly
	v+zO5ZloiYRy/wxCHvOaDTWmuuJEOapyKoUeYAjnqx37u+qM83/Z+Iafsv7J2cdm
	yv7byHVpzZEYxgT+GCfjgQtld8=
Received: (qmail 104940 invoked by alias); 24 Mar 2018 23:49:52 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org
Received: (qmail 104140 invoked by uid 89); 24 Mar 2018 23:49:52 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00, GIT_PATCH_0,
	GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3,
	KAM_LAZY_DOMAIN_SECURITY, NO_DNS_FOR_FROM,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
	spammy=Hx-languages-length:3066, decl_rtl, DECL_RTL
X-HELO: mga18.intel.com
Received: from mga18.intel.com (HELO mga18.intel.com) (134.134.136.126) by
	sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP;
	Sat, 24 Mar 2018 23:49:51 +0000
X-Amp-Result: UNSCANNABLE
X-Amp-File-Uploaded: False
Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by
	orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	24 Mar 2018 16:49:49 -0700
X-ExtLoop1: 1
Received: from gnu-bdx-1.sc.intel.com ([172.25.70.238]) by
	fmsmga007.fm.intel.com with ESMTP; 24 Mar 2018 16:49:48 -0700
Received: by gnu-bdx-1.sc.intel.com (Postfix, from userid 1000)	id
	C28981C015A; Sat, 24 Mar 2018 16:49:48 -0700 (PDT)
Date: Sat, 24 Mar 2018 16:49:48 -0700
From: "H.J. Lu" <hongjiu.lu@intel.com>
To: gcc-patches@gcc.gnu.org, Uros Bizjak <ubizjak@gmail.com>,
	Igor Tsimbalist <igor.v.tsimbalist@intel.com>
Subject: [PATCH] i386: Insert ENDBR to trampoline for -fcf-protection=branch
	-mibt
Message-ID: <20180324234948.GA2698@intel.com>
Reply-To: "H.J. Lu" <hjl.tools@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.9.2 (2017-12-15)

When -fcf-protection=branch -mibt are used, we need to insert ENDBR
to trampoline.  TRAMPOLINE_SIZE is creased by 4 bytes to accommodate
4-byte ENDBR instruction.

OK for trunk?

H.J.
----
gcc/

	PR target/85044
	* config/i386/i386.c (ix86_trampoline_init): Insert ENDBR for
	-fcf-protection=branch -mibt.
	* config/i386/i386.h (TRAMPOLINE_SIZE): Increased by 4 bytes.

gcc/testsuite/

	PR target/85044
	* gcc.target/i386/pr85044.c: New test.
---
 gcc/config/i386/i386.c                  | 17 +++++++++++++++++
 gcc/config/i386/i386.h                  |  2 +-
 gcc/testsuite/gcc.target/i386/pr85044.c | 24 ++++++++++++++++++++++++
 3 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 gcc/testsuite/gcc.target/i386/pr85044.c

diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index 3b264318f50..b4f6aec1434 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -30411,6 +30411,7 @@ ix86_trampoline_init (rtx m_tramp, tree fndecl, rtx chain_value)
   rtx mem, fnaddr;
   int opcode;
   int offset = 0;
+  bool need_endbr = (flag_cf_protection & CF_BRANCH) && TARGET_IBT;
 
   fnaddr = XEXP (DECL_RTL (fndecl), 0);
 
@@ -30418,6 +30419,14 @@ ix86_trampoline_init (rtx m_tramp, tree fndecl, rtx chain_value)
     {
       int size;
 
+      if (need_endbr)
+	{
+	  /* Insert ENDBR64.  */
+	  mem = adjust_address (m_tramp, SImode, offset);
+	  emit_move_insn (mem, gen_int_mode (0xfa1e0ff3, SImode));
+	  offset += 4;
+	}
+
       /* Load the function address to r11.  Try to load address using
 	 the shorter movl instead of movabs.  We may want to support
 	 movq for kernel mode, but kernel does not use trampolines at
@@ -30495,6 +30504,14 @@ ix86_trampoline_init (rtx m_tramp, tree fndecl, rtx chain_value)
       else
 	opcode = 0x68;
 
+      if (need_endbr)
+	{
+	  /* Insert ENDBR32.  */
+	  mem = adjust_address (m_tramp, SImode, offset);
+	  emit_move_insn (mem, gen_int_mode (0xfb1e0ff3, SImode));
+	  offset += 4;
+	}
+
       mem = adjust_address (m_tramp, QImode, offset);
       emit_move_insn (mem, gen_int_mode (opcode, QImode));
 
diff --git a/gcc/config/i386/i386.h b/gcc/config/i386/i386.h
index 7f4b04f421d..c7f9b4551b3 100644
--- a/gcc/config/i386/i386.h
+++ b/gcc/config/i386/i386.h
@@ -1716,7 +1716,7 @@ typedef struct ix86_args {
 
 /* Length in units of the trampoline for entering a nested function.  */
 
-#define TRAMPOLINE_SIZE (TARGET_64BIT ? 24 : 10)
+#define TRAMPOLINE_SIZE (TARGET_64BIT ? 28 : 14)
 
 /* Definitions for register eliminations.
 
diff --git a/gcc/testsuite/gcc.target/i386/pr85044.c b/gcc/testsuite/gcc.target/i386/pr85044.c
new file mode 100644
index 00000000000..332f582d79b
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/pr85044.c
@@ -0,0 +1,24 @@
+/* { dg-do run { target cet } } */
+/* { dg-options "-O2 -fcf-protection=branch -mibt" } */
+
+void callme (void (*callback) (void));
+
+int
+main (void)
+{
+  int ok = 0;
+  void callback (void) { ok = 1; }
+
+  callme (&callback);
+
+  if (!ok)
+   __builtin_abort ();
+  return 0;
+}
+
+__attribute__((noinline, noclone))
+void
+callme (void (*callback) (void))
+{
+  (*callback) ();
+}