From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id 435D53858C2C; Sat, 30 Oct 2021 12:22:32 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 435D53858C2C
From: "hjl.tools at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug target/102953] Improvements to CET-IBT and ENDBR generation
Date: Sat, 30 Oct 2021 12:22:32 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: target
X-Bugzilla-Version: 12.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: hjl.tools at gmail dot com
X-Bugzilla-Status: WAITING
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: hjl.tools at gmail dot com
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-102953-4-ZHOxHjmUxu@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-102953-4@http.gcc.gnu.org/bugzilla/>
References: <bug-102953-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Oct 2021 12:22:32 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D102953

--- Comment #22 from H.J. Lu <hjl.tools at gmail dot com> ---
(In reply to Andrew Cooper from comment #21)
> Another possibly-bug, but possibly mis-expectations on my behalf.
>=20
> I've found some code in the depths of Xen which is causing a failure on
> final link due to a missing `__x86_indirect_thunk_nt_rax` symbol.
>=20
>   $ cat fnptr-typeof.c
>   extern void (*fnptrs[])(char);
>=20
>   void foo(int a)
>   {
>       typeof(foo) *bar =3D (void *)fnptrs[0];
>       bar(a);
>   }
>=20
> I realise this  is wildly undefined behaviour, and I will try to address =
it
> in due course.  However, the instruction generation is bizarre.
>=20
> When I compile with -fcf-protection=3Dbranch -mmanual-endbr, I get a plain
> `jmp *fnptrs(%rip)` instruction.  (This is fine.)
>=20
> When I compile with -fcf-check-attribute=3Dno as well, then I get `notrac=
k jmp
> *fnptrs(%rip)`.  I'm not sure why the notrack is warranted here; for all =
GCC
> knows, the target does have a suitable ENDBR64 instruction.
>=20

>>From "info gcc":

     The 'nocf_check' attribute on a type of pointer to function is used
     to inform the compiler that a call through the pointer should not
     be instrumented when compiled with the '-fcf-protection=3Dbranch'
     option.  The compiler assumes that the function's address from the
     pointer is a valid target for a control-flow transfer.  A direct
     function call through a function name is assumed to be a safe call
     thus direct calls are not instrumented by the compiler.

That is why notrack is added.=