From patchwork Mon Feb 5 15:14:54 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nick Clifton X-Patchwork-Id: 869337 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-472611-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="RS9/vo31"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3zZrkk6W6bz9t2x for ; Tue, 6 Feb 2018 02:15:41 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:cc:subject:date:message-id:mime-version:content-type; q=dns; s=default; b=bpSZNGDBPCJkYtqrVs4fBmnuy24T026v7eWPmFwAvoeB5f3+qh tNOLvvnFdXIYqCBeIxwwxSf6HP05N1NLWkn2WR334lr5kycDf2aTVG/TJdIDIh/3 AK6czJAOToCoN/y8tDdrKWZ3+owq4k2HfWTUQASf5vnzO0+C+jKUzlGgo= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:cc:subject:date:message-id:mime-version:content-type; s= default; bh=dGSYKinjPGmolk6G2bCutgB5zCo=; b=RS9/vo314bJRQqv5wD7x 2N7oISha0XZmx0E6P/EW2gi26VNW6TwTx46QhGRdH7n87wea6kBg/zswGKfI25I8 feR31q27o2H7sie1FOt8mh20WKQ2IzuFh4Zu7GMcGG/yhFQH7mvg+nQFkjJqSGEq fHDu1Lu+/yqTL72a6aZfSQc= Received: (qmail 114497 invoked by alias); 5 Feb 2018 15:15:33 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 114023 invoked by uid 89); 5 Feb 2018 15:15:19 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-10.9 required=5.0 tests=BAYES_00, GIT_PATCH_2, GIT_PATCH_3, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_PASS, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=Hx-languages-length:4058 X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 05 Feb 2018 15:15:17 +0000 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id E103EC0587E8; Mon, 5 Feb 2018 15:15:05 +0000 (UTC) Received: from snowball.redhat.com (ovpn-117-92.ams2.redhat.com [10.36.117.92]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 13BB0659E7; Mon, 5 Feb 2018 15:15:01 +0000 (UTC) From: Nick Clifton To: hjl.tools@gmail.com Cc: gcc-patches@gcc.gnu.org Subject: RFA: PR 84154: Fix checking -mibt and -mshstk options for control flow protection Date: Mon, 05 Feb 2018 15:14:54 +0000 Message-ID: <87k1vra2oh.fsf@redhat.com> MIME-Version: 1.0 X-IsSubscribed: yes Hi H.J. Attached is a potential patch for PR 84145: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84145 The problem was that the code to check that the --mibt and/or -mshstk options have been correctly enabled for control flow protection did not take into account that the wrong option might have been enabled. So the patch inverts the test, looking at the value of flag_cf_protection first and then checking to see if the needed x86 specific options have been enabled. This gives results like this: % gcc -c main.c % gcc -c main.c -fcf-protection=full cc1: error: '-fcf-protection=full' requires CET support on this target. Use -mcet or both of -mibt and -mshstk options to enable CET % gcc -c main.c -fcf-protection=full -mcet % gcc -c main.c -fcf-protection=full -mibt cc1: error: '-fcf-protection=full' requires CET support on this target. Use -mcet or both of -mibt and -mshstk options to enable CET % gcc -c main.c -fcf-protection=full -mibt -mshstk % gcc -c main.c -fcf-protection=branch cc1: error: '-fcf-protection=branch' requires CET support on this target. Use -mcet or -mibt to enable CET % gcc -c main.c -fcf-protection=branch -mcet % gcc -c main.c -fcf-protection=branch -mibt % gcc -c main.c -fcf-protection=branch -mshstk cc1: error: '-fcf-protection=branch' requires CET support on this target. Use -mcet or -mibt to enable CET % gcc -c main.c -fcf-protection=return cc1: error: '-fcf-protection=return' requires CET support on this target. Use -mcet or -mshstk to enable CET % gcc -c main.c -fcf-protection=return -mcet % gcc -c main.c -fcf-protection=return -mibt cc1: error: '-fcf-protection=return' requires CET support on this target. Use -mcet or -mshstk to enable CET % gcc -c main.c -fcf-protection=return -mshstk % What do you think ? Is the patch OK for the mainline ? Cheers Nick gcc/ChangeLog 2018-02-05 Nick Clifton PR 84145 * config/i386/i386.c (ix86_option_override_internal): Rework checks for -fcf-protection and -mibt/-mshstk. Index: gcc/config/i386/i386.c =================================================================== --- gcc/config/i386/i386.c (revision 257389) +++ gcc/config/i386/i386.c (working copy) @@ -4915,30 +4915,43 @@ /* Do not support control flow instrumentation if CET is not enabled. */ if (opts->x_flag_cf_protection != CF_NONE) { - if (!(TARGET_IBT_P (opts->x_ix86_isa_flags2) - || TARGET_SHSTK_P (opts->x_ix86_isa_flags))) + switch (flag_cf_protection) { - if (flag_cf_protection == CF_FULL) + case CF_NONE: + break; + case CF_BRANCH: + if (! TARGET_IBT_P (opts->x_ix86_isa_flags2)) { - error ("%<-fcf-protection=full%> requires CET support " - "on this target. Use -mcet or one of -mibt, " - "-mshstk options to enable CET"); + error ("%<-fcf-protection=branch%> requires CET support " + "on this target. Use -mcet or -mibt to enable CET"); + flag_cf_protection = CF_NONE; + return false; } - else if (flag_cf_protection == CF_BRANCH) + break; + case CF_RETURN: + if (! TARGET_SHSTK_P (opts->x_ix86_isa_flags)) { - error ("%<-fcf-protection=branch%> requires CET support " - "on this target. Use -mcet or one of -mibt, " - "-mshstk options to enable CET"); + error ("%<-fcf-protection=return%> requires CET support " + "on this target. Use -mcet or -mshstk to enable CET"); + flag_cf_protection = CF_NONE; + return false; } - else if (flag_cf_protection == CF_RETURN) + break; + case CF_FULL: + if ( ! TARGET_IBT_P (opts->x_ix86_isa_flags2) + || ! TARGET_SHSTK_P (opts->x_ix86_isa_flags)) { - error ("%<-fcf-protection=return%> requires CET support " - "on this target. Use -mcet or one of -mibt, " + error ("%<-fcf-protection=full%> requires CET support " + "on this target. Use -mcet or both of -mibt and " "-mshstk options to enable CET"); + flag_cf_protection = CF_NONE; + return false; } - flag_cf_protection = CF_NONE; - return false; + break; + default: + gcc_unreachable (); } + opts->x_flag_cf_protection = (cf_protection_level) (opts->x_flag_cf_protection | CF_SET); }