From ccdf009d81a67a6719ff7b2106c483a18f13115f Mon Sep 17 00:00:00 2001 From: Igor Tsimbalist Date: Sat, 21 Oct 2017 23:16:32 +0200 Subject: [PATCH] Add x86 CET documentation. gcc/doc/ * extend.texi: Add x86 specific to 'nocf_check' attribute. List CET intrinsics. * invoke.texi: Add -mcet, -mibt, -mshstk options. Add x86 specific to -fcf-protection option. From-SVN: r253978 --- gcc/ChangeLog | 7 +++++++ gcc/doc/extend.texi | 19 +++++++++++++++++++ gcc/doc/invoke.texi | 41 ++++++++++++++++++++++++++++++++++++++--- 3 files changed, 64 insertions(+), 3 deletions(-) diff --git a/gcc/ChangeLog b/gcc/ChangeLog index 98f7cce0023..3ada30edc3d 100644 --- a/gcc/ChangeLog +++ b/gcc/ChangeLog @@ -1,3 +1,10 @@ +2017-10-21 Igor Tsimbalist + + * extend.texi: Add x86 specific to 'nocf_check' attribute. + List CET intrinsics. + * invoke.texi: Add -mcet, -mibt, -mshstk options. Add x86 + specific to -fcf-protection option. + 2017-10-21 Igor Tsimbalist * common/config/i386/i386-common.c (OPTION_MASK_ISA_IBT_SET): New. diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi index 71d638f05c0..b1b9c29d185 100644 --- a/gcc/doc/extend.texi +++ b/gcc/doc/extend.texi @@ -21519,6 +21519,25 @@ void __builtin_ia32_wrpkru (unsigned int) unsigned int __builtin_ia32_rdpkru () @end smallexample +The following built-in functions are available when @option{-mcet} is used. +They are used to support Intel Control-flow Enforcment Technology (CET). +Each built-in function generates the machine instruction that is part of the +function's name. +@smallexample +unsigned int __builtin_ia32_rdsspd (unsigned int) +unsigned long long __builtin_ia32_rdsspq (unsigned long long) +void __builtin_ia32_incsspd (unsigned int) +void __builtin_ia32_incsspq (unsigned long long) +void __builtin_ia32_saveprevssp(void); +void __builtin_ia32_rstorssp(void *); +void __builtin_ia32_wrssd(unsigned int, void *); +void __builtin_ia32_wrssq(unsigned long long, void *); +void __builtin_ia32_wrussd(unsigned int, void *); +void __builtin_ia32_wrussq(unsigned long long, void *); +void __builtin_ia32_setssbsy(void); +void __builtin_ia32_clrssbsy(void *); +@end smallexample + @node x86 transactional memory intrinsics @subsection x86 Transactional Memory Intrinsics diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index 7b1a697d5bb..c3128649f4c 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -1204,6 +1204,7 @@ See RS/6000 and PowerPC Options. -msse4a -m3dnow -m3dnowa -mpopcnt -mabm -mbmi -mtbm -mfma4 -mxop @gol -mlzcnt -mbmi2 -mfxsr -mxsave -mxsaveopt -mrtm -mlwp -mmpx @gol -mmwaitx -mclzero -mpku -mthreads @gol +-mcet -mibt -mshstk @gol -mms-bitfields -mno-align-stringops -minline-all-stringops @gol -minline-stringops-dynamically -mstringop-strategy=@var{alg} @gol -mmemcpy-strategy=@var{strategy} -mmemset-strategy=@var{strategy} @gol @@ -11441,6 +11442,11 @@ You can also use the @code{nocf_check} attribute to identify which functions and calls should be skipped from instrumentation (@pxref{Function Attributes}). +Currently the x86 GNU/Linux target provides an implementation based +on Intel Control-flow Enforcement Technology (CET). Instrumentation +for x86 is controlled by target-specific options @option{-mcet}, +@option{-mibt} and @option{-mshstk} (@pxref{x86 Options}). + @item -fstack-protector @opindex fstack-protector Emit extra code to check for buffer overflows, such as stack smashing @@ -25852,15 +25858,19 @@ preferred alignment to @option{-mpreferred-stack-boundary=2}. @need 200 @itemx -mclzero @opindex mclzero +@need 200 @itemx -mpku @opindex mpku +@need 200 +@itemx -mcet +@opindex mcet These switches enable the use of instructions in the MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, AVX, AVX2, AVX512F, AVX512PF, AVX512ER, AVX512CD, SHA, AES, PCLMUL, FSGSBASE, RDRND, F16C, FMA, SSE4A, FMA4, XOP, LWP, ABM, AVX512VL, AVX512BW, AVX512DQ, AVX512IFMA AVX512VBMI, BMI, BMI2, FXSR, -XSAVE, XSAVEOPT, LZCNT, RTM, MPX, MWAITX, PKU, 3DNow!@: or enhanced 3DNow!@: -extended instruction sets. Each has a corresponding @option{-mno-} option -to disable use of these instructions. +XSAVE, XSAVEOPT, LZCNT, RTM, MPX, MWAITX, PKU, IBT, SHSTK, +3DNow!@: or enhanced 3DNow!@: extended instruction sets. Each has a +corresponding @option{-mno-} option to disable use of these instructions. These extensions are also available as built-in functions: see @ref{x86 Built-in Functions}, for details of the functions enabled and @@ -25880,6 +25890,13 @@ supported architecture, using the appropriate flags. In particular, the file containing the CPU detection code should be compiled without these options. +The @option{-mcet} option turns on the @option{-mibt} and @option{-mshstk} +options. The @option{-mibt} option enables indirect branch tracking support +and the @option{-mshstk} option enables shadow stack support from +Intel Control-flow Enforcement Technology (CET). The compiler also provides +a number of built-in functions for fine-grained control in a CET-based +application. See @xref{x86 Built-in Functions}, for more information. + @item -mdump-tune-features @opindex mdump-tune-features This option instructs GCC to dump the names of the x86 performance @@ -25958,6 +25975,24 @@ see @ref{Other Builtins} for details. This option enables use of the @code{movbe} instruction to implement @code{__builtin_bswap32} and @code{__builtin_bswap64}. +@item -mibt +@opindex mibt +This option tells the compiler to use indirect branch tracking support +(for indirect calls and jumps) from x86 Control-flow Enforcement +Technology (CET). The option has effect only if the +@option{-fcf-protection=full} or @option{-fcf-protection=branch} option +is specified. The option @option{-mibt} is on by default when the +@code{-mcet} option is specified. + +@item -mshstk +@opindex mshstk +This option tells the compiler to use shadow stack support (return +address tracking) from x86 Control-flow Enforcement Technology (CET). +The option has effect only if the @option{-fcf-protection=full} or +@option{-fcf-protection=return} option is specified. The option +@option{-mshstk} is on by default when the @option{-mcet} option is +specified. + @item -mcrc32 @opindex mcrc32 This option enables built-in functions @code{__builtin_ia32_crc32qi}, -- 2.30.2