+2018-04-19 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR target/85417
+ * config/i386/cet.c (file_end_indicate_exec_stack_and_cet):
+ Check flag_cf_protection instead of TARGET_IBT and TARGET_SHSTK.
+ * config/i386/i386-c.c (ix86_target_macros_internal): Also
+ define __IBT__ and __SHSTK__ for -fcf-protection.
+ * config/i386/i386.c (pass_insert_endbranch::gate): Don't check
+ TARGET_IBT.
+ (ix86_trampoline_init): Likewise.
+ (x86_output_mi_thunk): Likewise.
+ (ix86_notrack_prefixed_insn_p): Likewise.
+ (ix86_option_override_internal): Don't disallow -fcf-protection.
+ * config/i386/i386.md (rdssp<mode>): Also enable for
+ -fcf-protection.
+ (incssp<mode>): Likewise.
+ (nop_endbr): Likewise.
+ * config/i386/i386.opt (mcet): Change help message to built-in
+ functions only.
+ (mibt): Likewise.
+ (mshstk): Likewise.
+ * doc/invoke.texi: Remove -mcet, -mibt and -mshstk condition
+ on -fcf-protection. Change -mcet, -mibt and -mshstk to only
+ enable CET built-in functions.
+
2018-04-19 Sebastian Peryt <sebastian.peryt@intel.com>
* common/config/i386/i386-common.c
unsigned int feature_1 = 0;
- if (TARGET_IBT)
+ if (flag_cf_protection & CF_BRANCH)
/* GNU_PROPERTY_X86_FEATURE_1_IBT. */
feature_1 |= 0x1;
- if (TARGET_SHSTK)
+ if (flag_cf_protection & CF_RETURN)
/* GNU_PROPERTY_X86_FEATURE_1_SHSTK. */
feature_1 |= 0x2;
def_or_undef (parse_in, "__RDPID__");
if (isa_flag & OPTION_MASK_ISA_GFNI)
def_or_undef (parse_in, "__GFNI__");
- if (isa_flag2 & OPTION_MASK_ISA_IBT)
+ if ((isa_flag2 & OPTION_MASK_ISA_IBT)
+ || (flag_cf_protection & CF_BRANCH))
{
def_or_undef (parse_in, "__IBT__");
if (flag_cf_protection != CF_NONE)
def_or_undef (parse_in, "__CET__");
}
- if (isa_flag & OPTION_MASK_ISA_SHSTK)
+ if ((isa_flag & OPTION_MASK_ISA_SHSTK)
+ || (flag_cf_protection & CF_RETURN))
{
def_or_undef (parse_in, "__SHSTK__");
if (flag_cf_protection != CF_NONE)
/* opt_pass methods: */
virtual bool gate (function *)
{
- return ((flag_cf_protection & CF_BRANCH) && TARGET_IBT);
+ return ((flag_cf_protection & CF_BRANCH));
}
virtual unsigned int execute (function *)
target_option_default_node = target_option_current_node
= build_target_option_node (opts);
- /* Do not support control flow instrumentation if CET is not enabled. */
- cf_protection_level cf_protection
- = (cf_protection_level) (opts->x_flag_cf_protection & ~CF_SET);
- if (cf_protection != CF_NONE)
- {
- switch (cf_protection)
- {
- case CF_BRANCH:
- if (! TARGET_IBT_P (opts->x_ix86_isa_flags2))
- {
- error ("%<-fcf-protection=branch%> requires Intel CET "
- "support. Use -mcet or -mibt option to enable CET");
- flag_cf_protection = CF_NONE;
- return false;
- }
- break;
- case CF_RETURN:
- if (! TARGET_SHSTK_P (opts->x_ix86_isa_flags))
- {
- error ("%<-fcf-protection=return%> requires Intel CET "
- "support. Use -mcet or -mshstk option to enable CET");
- flag_cf_protection = CF_NONE;
- return false;
- }
- break;
- case CF_FULL:
- if ( ! TARGET_IBT_P (opts->x_ix86_isa_flags2)
- || ! TARGET_SHSTK_P (opts->x_ix86_isa_flags))
- {
- error ("%<-fcf-protection=full%> requires Intel CET "
- "support. Use -mcet or both of -mibt and "
- "-mshstk options to enable CET");
- flag_cf_protection = CF_NONE;
- return false;
- }
- break;
- default:
- gcc_unreachable ();
- }
-
- opts->x_flag_cf_protection =
- (cf_protection_level) (cf_protection | CF_SET);
- }
+ if (opts->x_flag_cf_protection != CF_NONE)
+ opts->x_flag_cf_protection =
+ (cf_protection_level) (opts->x_flag_cf_protection | CF_SET);
if (ix86_tune_features [X86_TUNE_AVOID_128FMA_CHAINS])
maybe_set_param_value (PARAM_AVOID_FMA_MAX_BITS, 128,
rtx mem, fnaddr;
int opcode;
int offset = 0;
- bool need_endbr = (flag_cf_protection & CF_BRANCH) && TARGET_IBT;
+ bool need_endbr = (flag_cf_protection & CF_BRANCH);
fnaddr = XEXP (DECL_RTL (fndecl), 0);
emit_note (NOTE_INSN_PROLOGUE_END);
/* CET is enabled, insert EB instruction. */
- if ((flag_cf_protection & CF_BRANCH) && TARGET_IBT)
+ if ((flag_cf_protection & CF_BRANCH))
emit_insn (gen_nop_endbr ());
/* If VCALL_OFFSET, we'll need THIS in a register. Might as well
static bool
ix86_notrack_prefixed_insn_p (rtx insn)
{
- if (!insn || !((flag_cf_protection & CF_BRANCH) && TARGET_IBT))
+ if (!insn || !((flag_cf_protection & CF_BRANCH)))
return false;
if (CALL_P (insn))
(define_insn "rdssp<mode>"
[(set (match_operand:SWI48x 0 "register_operand" "=r")
(unspec_volatile:SWI48x [(const_int 0)] UNSPECV_NOP_RDSSP))]
- "TARGET_SHSTK"
+ "TARGET_SHSTK || (flag_cf_protection & CF_RETURN)"
"xor{l}\t%k0, %k0\n\trdssp<mskmodesuffix>\t%0"
[(set_attr "length" "6")
(set_attr "type" "other")])
(define_insn "incssp<mode>"
[(unspec_volatile [(match_operand:SWI48x 0 "register_operand" "r")]
UNSPECV_INCSSP)]
- "TARGET_SHSTK"
+ "TARGET_SHSTK || (flag_cf_protection & CF_RETURN)"
"incssp<mskmodesuffix>\t%0"
[(set_attr "length" "4")
(set_attr "type" "other")])
(define_insn "nop_endbr"
[(unspec_volatile [(const_int 0)] UNSPECV_NOP_ENDBR)]
- "TARGET_IBT"
+ "TARGET_IBT || (flag_cf_protection & CF_BRANCH)"
"*
{ return (TARGET_64BIT)? \"endbr64\" : \"endbr32\"; }"
[(set_attr "length" "4")
mcet
Target Report Var(flag_cet) Init(0)
-Support Control-flow Enforcement Technology (CET) built-in functions
-and code generation.
+Support Control-flow Enforcement Technology (CET) built-in functions.
mibt
Target Report Mask(ISA_IBT) Var(ix86_isa_flags2) Save
-Specifically enables an indirect branch tracking feature from Control-flow
-Enforcement Technology (CET).
+Specifically enable indirect branch tracking built-in functions from
+Control-flow Enforcement Technology (CET).
mshstk
Target Report Mask(ISA_SHSTK) Var(ix86_isa_flags) Save
-Specifically enables an shadow stack support feature from Control-flow
+Specifically enable shadow stack built-in functions from Control-flow
Enforcement Technology (CET).
mcet-switch
(@pxref{Function Attributes}).
Currently the x86 GNU/Linux target provides an implementation based
-on Intel Control-flow Enforcement Technology (CET). Instrumentation
-for x86 is controlled by target-specific options @option{-mcet},
-@option{-mibt} and @option{-mshstk} (@pxref{x86 Options}).
+on Intel Control-flow Enforcement Technology (CET).
@item -fstack-protector
@opindex fstack-protector
these options.
The @option{-mcet} option turns on the @option{-mibt} and @option{-mshstk}
-options. The @option{-mibt} option enables indirect branch tracking support
-and the @option{-mshstk} option enables shadow stack support from
-Intel Control-flow Enforcement Technology (CET). The compiler also provides
-a number of built-in functions for fine-grained control in a CET-based
-application. See @xref{x86 Built-in Functions}, for more information.
+options. The compiler provides a number of built-in functions for
+fine-grained control in a CET-based application. See
+@xref{x86 Built-in Functions}, for more information.
@item -mdump-tune-features
@opindex mdump-tune-features
@item -mibt
@opindex mibt
-This option tells the compiler to use indirect branch tracking support
-(for indirect calls and jumps) from x86 Control-flow Enforcement
-Technology (CET). The option has effect only if the
-@option{-fcf-protection=full} or @option{-fcf-protection=branch} option
-is specified. The option @option{-mibt} is on by default when the
-@code{-mcet} option is specified.
+This option enables indirect branch tracking built-in functions from
+x86 Control-flow Enforcement Technology (CET). The option
+@option{-mibt} is on by default when the @code{-mcet} option is
+specified.
@item -mshstk
@opindex mshstk
-This option tells the compiler to use shadow stack support (return
-address tracking) from x86 Control-flow Enforcement Technology (CET).
-The option has effect only if the @option{-fcf-protection=full} or
-@option{-fcf-protection=return} option is specified. The option
+This option enables shadow stack built-in functions from x86
+Control-flow Enforcement Technology (CET). The option
@option{-mshstk} is on by default when the @option{-mcet} option is
specified.
+2018-04-19 H.J. Lu <hongjiu.lu@intel.com>
+
+ PR target/85417
+ * c-c++-common/attr-nocf-check-1.c: Compile with
+ -fcf-protection=none.
+ * c-c++-common/attr-nocf-check-3.c: Likewise.
+ * gcc.dg/march-generic.c: Likewise.
+ * gcc.target/i386/align-limit.c: Likewise.
+ * gcc.target/i386/cet-notrack-icf-1.c: Likewise.
+ * gcc.target/i386/cet-notrack-icf-3.c: Likewise.
+ * gcc.target/i386/cet-property-2.c: Likewise.
+ * gcc.target/i386/ret-thunk-26.c: Likewise.
+ * c-c++-common/fcf-protection-1.c: Remove dg-error for x86
+ targets.
+ * c-c++-common/fcf-protection-2.c: Likewise.
+ * c-c++-common/fcf-protection-3.c: Likewise.
+ * c-c++-common/fcf-protection-5.c: Likewise.
+ * c-c++-common/fcf-protection-6.c: Likewise.
+ * c-c++-common/fcf-protection-7.c: Likewise.
+ * gcc.target/i386/cet-label-3.c: New test.
+ * gcc.target/i386/cet-property-3.c: Likewise.
+ * gcc.target/i386/cet-sjlj-7.c: Likewise.
+ * gcc.target/i386/pr85417-1.c: Likewise.
+ * gcc.target/i386/indirect-thunk-attr-7.c: Also expect
+ __x86_indirect_thunk_nt_(r|e)ax
+ * gcc.target/i386/indirect-thunk-extern-7.c: Likewise.
+ * gcc.target/i386/pr85403.c: Remove dg-error,
+
2018-04-19 Sebastian Peryt <sebastian.peryt@intel.com>
* gcc.target/i386/movdir-1.c: New test.
/* { dg-do compile } */
+/* { dg-additional-options "-fcf-protection=none" } */
int func (int) __attribute__ ((nocf_check)); /* { dg-warning "'nocf_check' attribute ignored" } */
int (*fptr) (int) __attribute__ ((nocf_check)); /* { dg-warning "'nocf_check' attribute ignored" } */
/* { dg-do compile } */
+/* { dg-additional-options "-fcf-protection=none" } */
int foo (void) __attribute__ ((nocf_check)); /* { dg-warning "'nocf_check' attribute ignored" } */
void (*foo1) (void) __attribute__((nocf_check)); /* { dg-warning "'nocf_check' attribute ignored" } */
/* { dg-do compile } */
/* { dg-options "-fcf-protection=full" } */
-/* { dg-error "'-fcf-protection=full' requires Intel CET.*-mcet.*-mibt and -mshstk option" "" { target { "i?86-*-* x86_64-*-*" } } 0 } */
/* { dg-error "'-fcf-protection=full' is not supported for this target" "" { target { ! "i?86-*-* x86_64-*-*" } } 0 } */
/* { dg-do compile } */
/* { dg-options "-fcf-protection=branch" } */
-/* { dg-error "'-fcf-protection=branch' requires Intel CET.*-mcet or -mibt option" "" { target { "i?86-*-* x86_64-*-*" } } 0 } */
/* { dg-error "'-fcf-protection=branch' is not supported for this target" "" { target { ! "i?86-*-* x86_64-*-*" } } 0 } */
/* { dg-do compile } */
/* { dg-options "-fcf-protection=return" } */
-/* { dg-error "'-fcf-protection=return' requires Intel CET.*-mcet or -mshstk option" "" { target { "i?86-*-* x86_64-*-*" } } 0 } */
/* { dg-error "'-fcf-protection=return' is not supported for this target" "" { target { ! "i?86-*-* x86_64-*-*" } } 0 } */
/* { dg-do compile } */
/* { dg-options "-fcf-protection" } */
-/* { dg-error "'-fcf-protection=full' requires Intel CET.*-mcet.*-mibt and -mshstk option" "" { target { "i?86-*-* x86_64-*-*" } } 0 } */
/* { dg-error "'-fcf-protection=full' is not supported for this target" "" { target { ! "i?86-*-* x86_64-*-*" } } 0 } */
/* { dg-do compile } */
/* { dg-options "-fcf-protection=branch" } */
-/* { dg-additional-options "-mshstk" { target { i?86-*-* x86_64-*-* } } } */
-/* { dg-error "'-fcf-protection=branch' requires Intel CET.*-mcet or -mibt option" "" { target { "i?86-*-* x86_64-*-*" } } 0 } */
/* { dg-error "'-fcf-protection=branch' is not supported for this target" "" { target { ! "i?86-*-* x86_64-*-*" } } 0 } */
/* { dg-do compile } */
/* { dg-options "-fcf-protection=return" } */
-/* { dg-additional-options "-mibt" { target { i?86-*-* x86_64-*-* } } } */
-/* { dg-error "'-fcf-protection=return' requires Intel CET.*-mcet or -mshstk option" "" { target { "i?86-*-* x86_64-*-*" } } 0 } */
/* { dg-error "'-fcf-protection=return' is not supported for this target" "" { target { ! "i?86-*-* x86_64-*-*" } } 0 } */
/* { dg-do compile { target i?86-*-* x86_64-*-* } } */
/* { dg-skip-if "" { *-*-* } { "-march=*" } { "" } } */
-/* { dg-options "-march=generic" } */
+/* { dg-options "-march=generic -fcf-protection=none" } */
/* { dg-error "'generic' CPU can be used only for '-mtune=' switch" "" { target *-*-* } 0 } */
/* { dg-bogus "march" "" { target *-*-* } 0 } */
int i;
/* { dg-do compile } */
-/* { dg-options "-O2 -falign-functions=64 -flimit-function-alignment -march=amdfam10" } */
+/* { dg-options "-O2 -falign-functions=64 -flimit-function-alignment -march=amdfam10 -fcf-protection=none" } */
/* { dg-final { scan-assembler ".p2align 6,,1" } } */
/* { dg-final { scan-assembler-not ".p2align 6,,63" } } */
--- /dev/null
+/* Verify that -fcf-protection works without -mcet. */
+/* { dg-do compile } */
+/* { dg-options "-O -fcf-protection" } */
+/* { dg-final { scan-assembler-times "endbr32" 3 { target ia32 } } } */
+/* { dg-final { scan-assembler-times "endbr64" 3 { target { ! ia32 } } } } */
+
+int func (int arg)
+{
+ static void *array[] = { &&foo, &&bar };
+
+ goto *array[arg];
+foo:
+ return arg*111;
+bar:
+ return arg*777;
+}
/* Verify nocf_check functions are not ICF optimized. */
/* { dg-do compile } */
-/* { dg-options "-O2" } */
+/* { dg-options "-O2 -fcf-protection=none" } */
/* { dg-final { scan-assembler-not "endbr" } } */
/* { dg-final { scan-assembler-not "fn3:" } } */
/* { dg-final { scan-assembler "set\[ \t]+fn2,fn1" } } */
/* Verify nocf_check function calls are not ICF optimized. */
/* { dg-do compile } */
-/* { dg-options "-O2" } */
+/* { dg-options "-O2 -fcf-protection=none" } */
/* { dg-final { scan-assembler-not "endbr" } } */
/* { dg-final { scan-assembler-not "fn2:" } } */
/* { dg-final { scan-assembler "set\[ \t]+fn2,fn1" } } */
/* { dg-do compile } */
-/* { dg-options "-mcet" } */
+/* { dg-options "-mcet -fcf-protection=none" } */
/* { dg-final { scan-assembler-not ".note.gnu.property" } } */
extern void foo (void);
--- /dev/null
+/* { dg-do compile { target *-*-linux* } } */
+/* { dg-options "-fcf-protection" } */
+/* { dg-final { scan-assembler ".note.gnu.property" } } */
+
+extern void foo (void);
+
+void
+bar (void)
+{
+ foo ();
+}
--- /dev/null
+/* { dg-do compile } */
+/* { dg-options "-O -fcf-protection" } */
+/* { dg-final { scan-assembler-times "endbr32" 2 { target ia32 } } } */
+/* { dg-final { scan-assembler-times "endbr64" 2 { target { ! ia32 } } } } */
+/* { dg-final { scan-assembler-times "call _?setjmp" 1 } } */
+/* { dg-final { scan-assembler-times "call longjmp" 1 } } */
+
+#include <stdio.h>
+#include <setjmp.h>
+
+jmp_buf buf;
+static int bar (int);
+
+__attribute__ ((noinline, noclone))
+static int
+foo (int i)
+{
+ int j = i * 11;
+
+ if (!setjmp (buf))
+ {
+ j += 33;
+ printf ("After setjmp: j = %d\n", j);
+ bar (j);
+ }
+
+ return j + i;
+}
+
+__attribute__ ((noinline, noclone))
+static int
+bar (int i)
+{
+ int j = i;
+
+ j -= 111;
+ printf ("In longjmp: j = %d\n", j);
+ longjmp (buf, 1);
+
+ return j;
+}
+
+int
+main ()
+{
+ foo (10);
+ return 0;
+}
}
/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target *-*-linux* } } } */
-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk(_nt|)_(r|e)ax" } } */
/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
}
/* { dg-final { scan-assembler "mov(?:l|q)\[ \t\]*\.L\[0-9\]+\\(,%" { target *-*-linux* } } } */
-/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk_(r|e)ax" } } */
+/* { dg-final { scan-assembler "jmp\[ \t\]*__x86_indirect_thunk(_nt|)_(r|e)ax" } } */
/* { dg-final { scan-assembler-not {\t(lfence|pause)} } } */
/* { dg-final { scan-assembler-not "jmp\[ \t\]*\.LIND" } } */
/* { dg-final { scan-assembler-not "call\[ \t\]*\.LIND" } } */
foo ()
{
return -2;
-} /* { dg-error "requires Intel CET support" } */
+}
--- /dev/null
+/* { dg-do compile } */
+/* { dg-require-ifunc "" } */
+/* { dg-options "-O3 -fcf-protection" } */
+/* { dg-final { scan-assembler "vpshufb" } } */
+/* { dg-final { scan-assembler "punpcklbw" } } */
+
+__attribute__((target_clones("arch=core-avx2","arch=slm","default")))
+void
+foo(char *in, char *out, int size)
+{
+ int i;
+ for(i = 0; i < size; i++)
+ {
+ out[2 * i] = in[i];
+ out[2 * i + 1] = in[i];
+ }
+}
/* PR target/r84530 */
/* { dg-do run } */
-/* { dg-options "-Os -mfunction-return=thunk" } */
+/* { dg-options "-Os -mfunction-return=thunk -fcf-protection=none" } */
struct S { int i; };
__attribute__((const, noinline, noclone))