From 6514899f3110f618f60066dca796c327ef20e9fa Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Tue, 27 Mar 2018 17:18:51 +0000 Subject: [PATCH] i386: Insert ENDBR to trampoline for -fcf-protection=branch -mibt When -fcf-protection=branch -mibt are used, we need to insert ENDBR to trampoline. TRAMPOLINE_SIZE is creased by 4 bytes to accommodate 4-byte ENDBR instruction. gcc/ PR target/85044 * config/i386/i386.c (ix86_trampoline_init): Insert ENDBR for -fcf-protection=branch -mibt. * config/i386/i386.h (TRAMPOLINE_SIZE): Increased by 4 bytes. gcc/testsuite/ PR target/85044 * gcc.target/i386/pr85044.c: New test. From-SVN: r258897 --- gcc/ChangeLog | 7 +++++++ gcc/config/i386/i386.c | 17 +++++++++++++++++ gcc/config/i386/i386.h | 2 +- gcc/testsuite/ChangeLog | 5 +++++ gcc/testsuite/gcc.target/i386/pr85044.c | 24 ++++++++++++++++++++++++ 5 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 gcc/testsuite/gcc.target/i386/pr85044.c diff --git a/gcc/ChangeLog b/gcc/ChangeLog index ff3afb208c5..a07d2ff7838 100644 --- a/gcc/ChangeLog +++ b/gcc/ChangeLog @@ -1,3 +1,10 @@ +2018-03-27 H.J. Lu + + PR target/85044 + * config/i386/i386.c (ix86_trampoline_init): Insert ENDBR for + -fcf-protection=branch -mibt. + * config/i386/i386.h (TRAMPOLINE_SIZE): Increased by 4 bytes. + 2018-03-27 Ramana Radhakrishnan PR target/81863 diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c index 3b264318f50..b4f6aec1434 100644 --- a/gcc/config/i386/i386.c +++ b/gcc/config/i386/i386.c @@ -30411,6 +30411,7 @@ ix86_trampoline_init (rtx m_tramp, tree fndecl, rtx chain_value) rtx mem, fnaddr; int opcode; int offset = 0; + bool need_endbr = (flag_cf_protection & CF_BRANCH) && TARGET_IBT; fnaddr = XEXP (DECL_RTL (fndecl), 0); @@ -30418,6 +30419,14 @@ ix86_trampoline_init (rtx m_tramp, tree fndecl, rtx chain_value) { int size; + if (need_endbr) + { + /* Insert ENDBR64. */ + mem = adjust_address (m_tramp, SImode, offset); + emit_move_insn (mem, gen_int_mode (0xfa1e0ff3, SImode)); + offset += 4; + } + /* Load the function address to r11. Try to load address using the shorter movl instead of movabs. We may want to support movq for kernel mode, but kernel does not use trampolines at @@ -30495,6 +30504,14 @@ ix86_trampoline_init (rtx m_tramp, tree fndecl, rtx chain_value) else opcode = 0x68; + if (need_endbr) + { + /* Insert ENDBR32. */ + mem = adjust_address (m_tramp, SImode, offset); + emit_move_insn (mem, gen_int_mode (0xfb1e0ff3, SImode)); + offset += 4; + } + mem = adjust_address (m_tramp, QImode, offset); emit_move_insn (mem, gen_int_mode (opcode, QImode)); diff --git a/gcc/config/i386/i386.h b/gcc/config/i386/i386.h index 7f4b04f421d..c7f9b4551b3 100644 --- a/gcc/config/i386/i386.h +++ b/gcc/config/i386/i386.h @@ -1716,7 +1716,7 @@ typedef struct ix86_args { /* Length in units of the trampoline for entering a nested function. */ -#define TRAMPOLINE_SIZE (TARGET_64BIT ? 24 : 10) +#define TRAMPOLINE_SIZE (TARGET_64BIT ? 28 : 14) /* Definitions for register eliminations. diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog index a87d8a1779c..be9044d644e 100644 --- a/gcc/testsuite/ChangeLog +++ b/gcc/testsuite/ChangeLog @@ -1,3 +1,8 @@ +2018-03-27 H.J. Lu + + PR target/85044 + * gcc.target/i386/pr85044.c: New test. + 2018-03-27 Martin Sebor PR testsuite/83462 diff --git a/gcc/testsuite/gcc.target/i386/pr85044.c b/gcc/testsuite/gcc.target/i386/pr85044.c new file mode 100644 index 00000000000..332f582d79b --- /dev/null +++ b/gcc/testsuite/gcc.target/i386/pr85044.c @@ -0,0 +1,24 @@ +/* { dg-do run { target cet } } */ +/* { dg-options "-O2 -fcf-protection=branch -mibt" } */ + +void callme (void (*callback) (void)); + +int +main (void) +{ + int ok = 0; + void callback (void) { ok = 1; } + + callme (&callback); + + if (!ok) + __builtin_abort (); + return 0; +} + +__attribute__((noinline, noclone)) +void +callme (void (*callback) (void)) +{ + (*callback) (); +} -- 2.30.2