diff mbox series

x86/cet: Add -fcf-protection=none before -fcf-protection=branch

Message ID 20240101155518.3604623-1-hjl.tools@gmail.com
State New
Headers show
Series x86/cet: Add -fcf-protection=none before -fcf-protection=branch | expand

Commit Message

H.J. Lu Jan. 1, 2024, 3:55 p.m. UTC 
When shadow stack is enabled, some CET tests failed when compiled with
GCC 14:

FAIL: elf/tst-cet-legacy-4
FAIL: elf/tst-cet-legacy-5a
FAIL: elf/tst-cet-legacy-6a

which are caused by

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113039

These tests use -fcf-protection -fcf-protection=branch and assume that
-fcf-protection=branch will override -fcf-protection.  But this GCC 14
commit:

https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1c6231c05bdcca

changed the -fcf-protection behavior such that

-fcf-protection -fcf-protection=branch

is treated the same as

-fcf-protection

Use

-fcf-protection -fcf-protection=none -fcf-protection=branch

as the workaround.  This fixes BZ #31187.

Tested with GCC 13 and GCC 14 on Intel Tiger Lake.
---
 sysdeps/x86/Makefile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Noah Goldstein Jan. 1, 2024, 6:37 p.m. UTC | #1 
On Mon, Jan 1, 2024 at 7:55 AM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> When shadow stack is enabled, some CET tests failed when compiled with
> GCC 14:
>
> FAIL: elf/tst-cet-legacy-4
> FAIL: elf/tst-cet-legacy-5a
> FAIL: elf/tst-cet-legacy-6a
>
> which are caused by
>
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113039
>
> These tests use -fcf-protection -fcf-protection=branch and assume that
> -fcf-protection=branch will override -fcf-protection.  But this GCC 14
> commit:
>
> https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1c6231c05bdcca
>
> changed the -fcf-protection behavior such that
>
> -fcf-protection -fcf-protection=branch
>
> is treated the same as
>
> -fcf-protection
>
> Use
>
> -fcf-protection -fcf-protection=none -fcf-protection=branch
>
> as the workaround.  This fixes BZ #31187.
>
> Tested with GCC 13 and GCC 14 on Intel Tiger Lake.
> ---
>  sysdeps/x86/Makefile | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile
> index a49b13c595..5c8ab64c4d 100644
> --- a/sysdeps/x86/Makefile
> +++ b/sysdeps/x86/Makefile
> @@ -215,12 +215,12 @@ modules-names += \
>    tst-cet-legacy-mod-6c \
>  # modules-names
>
> -CFLAGS-tst-cet-legacy-2.c += -fcf-protection=branch
> +CFLAGS-tst-cet-legacy-2.c += -fcf-protection=none -fcf-protection=branch
>  CFLAGS-tst-cet-legacy-2a.c += -fcf-protection
>  CFLAGS-tst-cet-legacy-mod-1.c += -fcf-protection=none
>  CFLAGS-tst-cet-legacy-mod-2.c += -fcf-protection=none
>  CFLAGS-tst-cet-legacy-3.c += -fcf-protection=none
> -CFLAGS-tst-cet-legacy-4.c += -fcf-protection=branch
> +CFLAGS-tst-cet-legacy-4.c += -fcf-protection=none -fcf-protection=branch
>  CPPFLAGS-tst-cet-legacy-4a.c += -DCET_IS_PERMISSIVE=1
>  CFLAGS-tst-cet-legacy-4a.c += -fcf-protection
>  CFLAGS-tst-cet-legacy-4b.c += -fcf-protection
> @@ -231,7 +231,7 @@ CPPFLAGS-tst-cet-legacy-5a.c += -DCET_IS_PERMISSIVE=1
>  endif
>  CFLAGS-tst-cet-legacy-5b.c += -fcf-protection -mshstk
>  CPPFLAGS-tst-cet-legacy-5b.c += -DCET_DISABLED_BY_ENV=1
> -CFLAGS-tst-cet-legacy-mod-5a.c += -fcf-protection=branch
> +CFLAGS-tst-cet-legacy-mod-5a.c += -fcf-protection=none -fcf-protection=branch
>  CFLAGS-tst-cet-legacy-mod-5b.c += -fcf-protection
>  CFLAGS-tst-cet-legacy-mod-5c.c += -fcf-protection
>  CFLAGS-tst-cet-legacy-6a.c += -fcf-protection -mshstk
> @@ -240,7 +240,7 @@ CPPFLAGS-tst-cet-legacy-6a.c += -DCET_IS_PERMISSIVE=1
>  endif
>  CFLAGS-tst-cet-legacy-6b.c += -fcf-protection -mshstk
>  CPPFLAGS-tst-cet-legacy-6b.c += -DCET_DISABLED_BY_ENV=1
> -CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=branch
> +CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=none -fcf-protection=branch
>  CFLAGS-tst-cet-legacy-mod-6b.c += -fcf-protection
>  CFLAGS-tst-cet-legacy-mod-6c.c += -fcf-protection
>  CFLAGS-tst-cet-legacy-7.c += -fcf-protection=none
> --
> 2.43.0
>
LGTM.
Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
diff mbox series

Patch

diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile
index a49b13c595..5c8ab64c4d 100644
--- a/sysdeps/x86/Makefile
+++ b/sysdeps/x86/Makefile
@@ -215,12 +215,12 @@  modules-names += \
   tst-cet-legacy-mod-6c \
 # modules-names
 
-CFLAGS-tst-cet-legacy-2.c += -fcf-protection=branch
+CFLAGS-tst-cet-legacy-2.c += -fcf-protection=none -fcf-protection=branch
 CFLAGS-tst-cet-legacy-2a.c += -fcf-protection
 CFLAGS-tst-cet-legacy-mod-1.c += -fcf-protection=none
 CFLAGS-tst-cet-legacy-mod-2.c += -fcf-protection=none
 CFLAGS-tst-cet-legacy-3.c += -fcf-protection=none
-CFLAGS-tst-cet-legacy-4.c += -fcf-protection=branch
+CFLAGS-tst-cet-legacy-4.c += -fcf-protection=none -fcf-protection=branch
 CPPFLAGS-tst-cet-legacy-4a.c += -DCET_IS_PERMISSIVE=1
 CFLAGS-tst-cet-legacy-4a.c += -fcf-protection
 CFLAGS-tst-cet-legacy-4b.c += -fcf-protection
@@ -231,7 +231,7 @@  CPPFLAGS-tst-cet-legacy-5a.c += -DCET_IS_PERMISSIVE=1
 endif
 CFLAGS-tst-cet-legacy-5b.c += -fcf-protection -mshstk
 CPPFLAGS-tst-cet-legacy-5b.c += -DCET_DISABLED_BY_ENV=1
-CFLAGS-tst-cet-legacy-mod-5a.c += -fcf-protection=branch
+CFLAGS-tst-cet-legacy-mod-5a.c += -fcf-protection=none -fcf-protection=branch
 CFLAGS-tst-cet-legacy-mod-5b.c += -fcf-protection
 CFLAGS-tst-cet-legacy-mod-5c.c += -fcf-protection
 CFLAGS-tst-cet-legacy-6a.c += -fcf-protection -mshstk
@@ -240,7 +240,7 @@  CPPFLAGS-tst-cet-legacy-6a.c += -DCET_IS_PERMISSIVE=1
 endif
 CFLAGS-tst-cet-legacy-6b.c += -fcf-protection -mshstk
 CPPFLAGS-tst-cet-legacy-6b.c += -DCET_DISABLED_BY_ENV=1
-CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=branch
+CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=none -fcf-protection=branch
 CFLAGS-tst-cet-legacy-mod-6b.c += -fcf-protection
 CFLAGS-tst-cet-legacy-mod-6c.c += -fcf-protection
 CFLAGS-tst-cet-legacy-7.c += -fcf-protection=none