From 051da74259d5ebbfaa5b363dd09dbe16a955d8a1 Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Tue, 12 May 2020 09:17:34 -0700 Subject: [PATCH] libcpp: Enable Intel CET on Intel CET enabled host for jit Since on Intel CET enabled host, dlopen in Intel CET enabled applications fails on shared libraries which aren't Intel CET enabled, compile with -fcf-protection on Intel CET enabled host when jit is enabled to enable Intel CET on libgccjit. * Makefile.in (CET_HOST_FLAGS): New. (COMPILER): Add $(CET_HOST_FLAGS). * configure.ac: Add GCC_CET_HOST_FLAGS(CET_HOST_FLAGS) and AC_SUBST(CET_HOST_FLAGS). Clear CET_HOST_FLAGS if jit isn't enabled. * aclocal.m4: Regenerated. * configure: Likewise. --- libcpp/ChangeLog | 10 +++ libcpp/Makefile.in | 6 +- libcpp/aclocal.m4 | 2 + libcpp/configure | 153 ++++++++++++++++++++++++++++++++++++++++++++ libcpp/configure.ac | 11 ++++ 5 files changed, 180 insertions(+), 2 deletions(-) diff --git a/libcpp/ChangeLog b/libcpp/ChangeLog index a1b78bb7194..f6b7c01af97 100644 --- a/libcpp/ChangeLog +++ b/libcpp/ChangeLog @@ -1,3 +1,13 @@ +2020-05-12 H.J. Lu + + * Makefile.in (CET_HOST_FLAGS): New. + (COMPILER): Add $(CET_HOST_FLAGS). + * configure.ac: Add GCC_CET_HOST_FLAGS(CET_HOST_FLAGS) and + AC_SUBST(CET_HOST_FLAGS). Clear CET_HOST_FLAGS if jit isn't + enabled. + * aclocal.m4: Regenerated. + * configure: Likewise. + 2020-05-08 Nathan Sidwell Reimplement directives only processing, support raw literals. diff --git a/libcpp/Makefile.in b/libcpp/Makefile.in index 3d9ca0baaf6..ebbca07f542 100644 --- a/libcpp/Makefile.in +++ b/libcpp/Makefile.in @@ -58,6 +58,7 @@ CXXDEPMODE = @CXXDEPMODE@ DEPDIR = @DEPDIR@ NOEXCEPTION_FLAGS = @noexception_flags@ PICFLAG = @PICFLAG@ +CET_HOST_FLAGS = @CET_HOST_FLAGS@ datarootdir = @datarootdir@ datadir = @datadir@ @@ -73,9 +74,10 @@ depcomp = $(SHELL) $(srcdir)/../depcomp INCLUDES = -I$(srcdir) -I. -I$(srcdir)/../include @INCINTL@ \ -I$(srcdir)/include -ALL_CFLAGS = $(CFLAGS) $(WARN_CFLAGS) $(INCLUDES) $(CPPFLAGS) $(PICFLAG) +ALL_CFLAGS = $(CFLAGS) $(WARN_CFLAGS) $(INCLUDES) $(CPPFLAGS) $(PICFLAG) \ + $(CET_HOST_FLAGS) ALL_CXXFLAGS = $(CXXFLAGS) $(WARN_CXXFLAGS) $(NOEXCEPTION_FLAGS) $(INCLUDES) \ - $(CPPFLAGS) $(PICFLAG) + $(CPPFLAGS) $(PICFLAG) $(CET_HOST_FLAGS) # The name of the compiler to use. COMPILER = $(CXX) diff --git a/libcpp/aclocal.m4 b/libcpp/aclocal.m4 index 46bb65a228d..70c3eff750b 100644 --- a/libcpp/aclocal.m4 +++ b/libcpp/aclocal.m4 @@ -13,8 +13,10 @@ m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) m4_include([../config/acx.m4]) +m4_include([../config/cet.m4]) m4_include([../config/codeset.m4]) m4_include([../config/depstand.m4]) +m4_include([../config/enable.m4]) m4_include([../config/gettext-sister.m4]) m4_include([../config/iconv.m4]) m4_include([../config/lead-dot.m4]) diff --git a/libcpp/configure b/libcpp/configure index 11da199083b..64bbf545791 100755 --- a/libcpp/configure +++ b/libcpp/configure @@ -623,6 +623,7 @@ ac_includes_default="\ #endif" ac_subst_vars='LTLIBOBJS +CET_HOST_FLAGS PICFLAG MAINT USED_CATALOGS @@ -735,6 +736,7 @@ enable_maintainer_mode enable_checking enable_canonical_system_headers enable_host_shared +enable_cet enable_valgrind_annotations ' ac_precious_vars='build_alias @@ -1375,6 +1377,7 @@ Optional Features: --enable-canonical-system-headers enable or disable system headers canonicalization --enable-host-shared build host code as shared libraries + --enable-cet enable Intel CET in host libraries [default=auto] --enable-valgrind-annotations enable valgrind runtime interaction @@ -7443,6 +7446,156 @@ fi +# Enable Intel CET on Intel CET enabled host if jit is enabled. + # Check whether --enable-cet was given. +if test "${enable_cet+set}" = set; then : + enableval=$enable_cet; + case "$enableval" in + yes|no|auto) ;; + *) as_fn_error $? "Unknown argument to enable/disable cet" "$LINENO" 5 ;; + esac + +else + enable_cet=auto +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for CET support" >&5 +$as_echo_n "checking for CET support... " >&6; } + +case "$host" in + i[34567]86-*-linux* | x86_64-*-linux*) + may_have_cet=yes + save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -fcf-protection" + case "$enable_cet" in + auto) + # Check if target supports multi-byte NOPs + # and if assembler supports CET insn. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + +#if !defined(__SSE2__) +#error target does not support multi-byte NOPs +#else +asm ("setssbsy"); +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + enable_cet=yes +else + enable_cet=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + yes) + # Check if assembler supports CET. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +asm ("setssbsy"); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + esac + CFLAGS="$save_CFLAGS" + ;; + *) + may_have_cet=no + enable_cet=no + ;; +esac + +if test x$may_have_cet = xyes; then + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -Wl,-z,ibt,-z,shstk" + if test "$cross_compiling" = yes; then : + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run test program while cross compiling +See \`config.log' for more details" "$LINENO" 5; } +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +static void +foo (void) +{ +} + +static void +__attribute__ ((noinline, noclone)) +xxx (void (*f) (void)) +{ + f (); +} + +static void +__attribute__ ((noinline, noclone)) +bar (void) +{ + xxx (foo); +} + +int +main () +{ + bar (); + return 0; +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + have_cet=no +else + have_cet=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + LDFLAGS="$save_LDFLAGS" + if test x$enable_cet = xno -a x$have_cet = xyes; then + as_fn_error $? "Intel CET must be enabled on Intel CET enabled host" "$LINENO" 5 + fi +fi +if test x$enable_cet = xyes; then + CET_HOST_FLAGS="-fcf-protection" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + +case x$enable_languages in +*jit*) + ;; +*) + CET_HOST_FLAGS= + ;; +esac + + # Check whether --enable-valgrind-annotations was given. if test "${enable_valgrind_annotations+set}" = set; then : enableval=$enable_valgrind_annotations; diff --git a/libcpp/configure.ac b/libcpp/configure.ac index 1779562a3a7..540efeb4629 100644 --- a/libcpp/configure.ac +++ b/libcpp/configure.ac @@ -206,6 +206,17 @@ AC_ARG_ENABLE(host-shared, [PICFLAG=-fPIC], [PICFLAG=]) AC_SUBST(PICFLAG) +# Enable Intel CET on Intel CET enabled host if jit is enabled. +GCC_CET_HOST_FLAGS(CET_HOST_FLAGS) +case x$enable_languages in +*jit*) + ;; +*) + CET_HOST_FLAGS= + ;; +esac +AC_SUBST(CET_HOST_FLAGS) + AC_ARG_ENABLE(valgrind-annotations, [AS_HELP_STRING([--enable-valgrind-annotations], [enable valgrind runtime interaction])], [], -- 2.30.2