| Message ID | 20220714174244.295605-1-hjl.tools@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | x86: Disable sibcall if indirect_return attribute doesn't match | expand |
On Fri, Jul 15, 2022 at 1:44 AM H.J. Lu via Gcc-patches <gcc-patches@gcc.gnu.org> wrote: > > When shadow stack is enabled, function with indirect_return attribute > may return via indirect jump. In this case, we need to disable sibcall > if caller doesn't have indirect_return attribute and indirect branch > tracking is enabled since compiler won't generate ENDBR when calling the > caller. > LGTM. > gcc/ > > PR target/85620 > * config/i386/i386.cc (ix86_function_ok_for_sibcall): Return > false if callee has indirect_return attribute and caller > doesn't. > > gcc/testsuite/ > > PR target/85620 > * gcc.target/i386/pr85620-2.c: Updated. > * gcc.target/i386/pr85620-5.c: New test. > * gcc.target/i386/pr85620-6.c: Likewise. > * gcc.target/i386/pr85620-7.c: Likewise. > --- > gcc/config/i386/i386.cc | 10 ++++++++++ > gcc/testsuite/gcc.target/i386/pr85620-2.c | 3 ++- > gcc/testsuite/gcc.target/i386/pr85620-5.c | 13 +++++++++++++ > gcc/testsuite/gcc.target/i386/pr85620-6.c | 14 ++++++++++++++ > gcc/testsuite/gcc.target/i386/pr85620-7.c | 14 ++++++++++++++ > 5 files changed, 53 insertions(+), 1 deletion(-) > create mode 100644 gcc/testsuite/gcc.target/i386/pr85620-5.c > create mode 100644 gcc/testsuite/gcc.target/i386/pr85620-6.c > create mode 100644 gcc/testsuite/gcc.target/i386/pr85620-7.c > > diff --git a/gcc/config/i386/i386.cc b/gcc/config/i386/i386.cc > index 3a3c7299eb4..e03f86d4a23 100644 > --- a/gcc/config/i386/i386.cc > +++ b/gcc/config/i386/i386.cc > @@ -1024,6 +1024,16 @@ ix86_function_ok_for_sibcall (tree decl, tree exp) > return false; > } > > + /* Disable sibcall if callee has indirect_return attribute and > + caller doesn't since callee will return to the caller's caller > + via an indirect jump. */ > + if (((flag_cf_protection & (CF_RETURN | CF_BRANCH)) > + == (CF_RETURN | CF_BRANCH)) > + && lookup_attribute ("indirect_return", TYPE_ATTRIBUTES (type)) > + && !lookup_attribute ("indirect_return", > + TYPE_ATTRIBUTES (TREE_TYPE (cfun->decl)))) > + return false; > + > /* Otherwise okay. That also includes certain types of indirect calls. */ > return true; > } > diff --git a/gcc/testsuite/gcc.target/i386/pr85620-2.c b/gcc/testsuite/gcc.target/i386/pr85620-2.c > index b2e680fa1fe..14ce0ffd1e1 100644 > --- a/gcc/testsuite/gcc.target/i386/pr85620-2.c > +++ b/gcc/testsuite/gcc.target/i386/pr85620-2.c > @@ -1,6 +1,7 @@ > /* { dg-do compile } */ > /* { dg-options "-O2 -fcf-protection" } */ > -/* { dg-final { scan-assembler-times {\mendbr} 1 } } */ > +/* { dg-final { scan-assembler-times {\mendbr} 2 } } */ > +/* { dg-final { scan-assembler-not "jmp" } } */ > > struct ucontext; > > diff --git a/gcc/testsuite/gcc.target/i386/pr85620-5.c b/gcc/testsuite/gcc.target/i386/pr85620-5.c > new file mode 100644 > index 00000000000..04537702d09 > --- /dev/null > +++ b/gcc/testsuite/gcc.target/i386/pr85620-5.c > @@ -0,0 +1,13 @@ > +/* { dg-do compile } */ > +/* { dg-options "-O2 -fcf-protection" } */ > +/* { dg-final { scan-assembler-not "jmp" } } */ > + > +struct ucontext; > + > +extern int (*bar) (struct ucontext *) __attribute__((__indirect_return__)); > + > +int > +foo (struct ucontext *oucp) > +{ > + return bar (oucp); > +} > diff --git a/gcc/testsuite/gcc.target/i386/pr85620-6.c b/gcc/testsuite/gcc.target/i386/pr85620-6.c > new file mode 100644 > index 00000000000..0b6a64e8454 > --- /dev/null > +++ b/gcc/testsuite/gcc.target/i386/pr85620-6.c > @@ -0,0 +1,14 @@ > +/* { dg-do compile } */ > +/* { dg-options "-O2 -fcf-protection" } */ > +/* { dg-final { scan-assembler "jmp" } } */ > + > +struct ucontext; > + > +extern int bar (struct ucontext *) __attribute__((__indirect_return__)); > + > +__attribute__((__indirect_return__)) > +int > +foo (struct ucontext *oucp) > +{ > + return bar (oucp); > +} > diff --git a/gcc/testsuite/gcc.target/i386/pr85620-7.c b/gcc/testsuite/gcc.target/i386/pr85620-7.c > new file mode 100644 > index 00000000000..fa62d56decf > --- /dev/null > +++ b/gcc/testsuite/gcc.target/i386/pr85620-7.c > @@ -0,0 +1,14 @@ > +/* { dg-do compile } */ > +/* { dg-options "-O2 -fcf-protection" } */ > +/* { dg-final { scan-assembler "jmp" } } */ > + > +struct ucontext; > + > +extern int (*bar) (struct ucontext *) __attribute__((__indirect_return__)); > +extern int foo (struct ucontext *) __attribute__((__indirect_return__)); > + > +int > +foo (struct ucontext *oucp) > +{ > + return bar (oucp); > +} > -- > 2.36.1 >
diff --git a/gcc/config/i386/i386.cc b/gcc/config/i386/i386.cc index 3a3c7299eb4..e03f86d4a23 100644 --- a/gcc/config/i386/i386.cc +++ b/gcc/config/i386/i386.cc @@ -1024,6 +1024,16 @@ ix86_function_ok_for_sibcall (tree decl, tree exp) return false; } + /* Disable sibcall if callee has indirect_return attribute and + caller doesn't since callee will return to the caller's caller + via an indirect jump. */ + if (((flag_cf_protection & (CF_RETURN | CF_BRANCH)) + == (CF_RETURN | CF_BRANCH)) + && lookup_attribute ("indirect_return", TYPE_ATTRIBUTES (type)) + && !lookup_attribute ("indirect_return", + TYPE_ATTRIBUTES (TREE_TYPE (cfun->decl)))) + return false; + /* Otherwise okay. That also includes certain types of indirect calls. */ return true; } diff --git a/gcc/testsuite/gcc.target/i386/pr85620-2.c b/gcc/testsuite/gcc.target/i386/pr85620-2.c index b2e680fa1fe..14ce0ffd1e1 100644 --- a/gcc/testsuite/gcc.target/i386/pr85620-2.c +++ b/gcc/testsuite/gcc.target/i386/pr85620-2.c @@ -1,6 +1,7 @@ /* { dg-do compile } */ /* { dg-options "-O2 -fcf-protection" } */ -/* { dg-final { scan-assembler-times {\mendbr} 1 } } */ +/* { dg-final { scan-assembler-times {\mendbr} 2 } } */ +/* { dg-final { scan-assembler-not "jmp" } } */ struct ucontext; diff --git a/gcc/testsuite/gcc.target/i386/pr85620-5.c b/gcc/testsuite/gcc.target/i386/pr85620-5.c new file mode 100644 index 00000000000..04537702d09 --- /dev/null +++ b/gcc/testsuite/gcc.target/i386/pr85620-5.c @@ -0,0 +1,13 @@ +/* { dg-do compile } */ +/* { dg-options "-O2 -fcf-protection" } */ +/* { dg-final { scan-assembler-not "jmp" } } */ + +struct ucontext; + +extern int (*bar) (struct ucontext *) __attribute__((__indirect_return__)); + +int +foo (struct ucontext *oucp) +{ + return bar (oucp); +} diff --git a/gcc/testsuite/gcc.target/i386/pr85620-6.c b/gcc/testsuite/gcc.target/i386/pr85620-6.c new file mode 100644 index 00000000000..0b6a64e8454 --- /dev/null +++ b/gcc/testsuite/gcc.target/i386/pr85620-6.c @@ -0,0 +1,14 @@ +/* { dg-do compile } */ +/* { dg-options "-O2 -fcf-protection" } */ +/* { dg-final { scan-assembler "jmp" } } */ + +struct ucontext; + +extern int bar (struct ucontext *) __attribute__((__indirect_return__)); + +__attribute__((__indirect_return__)) +int +foo (struct ucontext *oucp) +{ + return bar (oucp); +} diff --git a/gcc/testsuite/gcc.target/i386/pr85620-7.c b/gcc/testsuite/gcc.target/i386/pr85620-7.c new file mode 100644 index 00000000000..fa62d56decf --- /dev/null +++ b/gcc/testsuite/gcc.target/i386/pr85620-7.c @@ -0,0 +1,14 @@ +/* { dg-do compile } */ +/* { dg-options "-O2 -fcf-protection" } */ +/* { dg-final { scan-assembler "jmp" } } */ + +struct ucontext; + +extern int (*bar) (struct ucontext *) __attribute__((__indirect_return__)); +extern int foo (struct ucontext *) __attribute__((__indirect_return__)); + +int +foo (struct ucontext *oucp) +{ + return bar (oucp); +}