From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 120213 invoked by alias); 12 Oct 2017 15:10:43 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 120204 invoked by uid 89); 12 Oct 2017 15:10:43 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-6.9 required=5.0 tests=BAYES_00,GIT_PATCH_2,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=cet, transfers, integrity, malware X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 12 Oct 2017 15:10:42 +0000 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 6F90A5F2987; Thu, 12 Oct 2017 15:10:40 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 6F90A5F2987 Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=law@redhat.com Received: from localhost.localdomain (ovpn-112-4.rdu2.redhat.com [10.10.112.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 47B1F60C9F; Thu, 12 Oct 2017 15:10:39 +0000 (UTC) Subject: Re: 0001-Part-1.-Add-generic-part-for-Intel-CET-enabling To: "Tsimbalist, Igor V" , "gcc-patches@gcc.gnu.org" Cc: "richard.guenther@gmail.com" References: <8ae1434e-5c90-b129-1968-e2fe325d9005@redhat.com> <2c5b868b-2344-7d9a-af45-b499b946c2bc@redhat.com> From: Jeff Law Message-ID: <7740ef7b-9935-aa4a-54d2-d15dbb901429@redhat.com> Date: Thu, 12 Oct 2017 15:15:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2017-10/txt/msg00766.txt.bz2 On 10/12/2017 02:12 AM, Tsimbalist, Igor V wrote: >> Seems reasonable. As a result something like >> check_missing_nocf_check_attribute is going to just go away along with the >> code in *-typeck.c which called it, right? If so that seems like a nice cleanup. > Yes, you are right. > > Updated patch is attached. > > > High-level design. > ------------------ > > A proposal is to introduce a target independent flag > -fcf-protection=[none|branch|return|full] with a semantic to > instrument a code to control validness or integrity of control-flow > transfers using jump and call instructions. The main goal is to detect > and block a possible malware execution through transfer the execution > to unknown target address. Implementation could be either software or > target based. Any target platforms can provide their implementation > for instrumentation under this option. > > When the -fcf-protection flag is set each implementation has > to check if a support exists for a target platform and report an error > if no support is found. > > The compiler should instrument any control-flow transfer points in a > program (ex. call/jmp/ret) as well as any landing pads, which are > targets of control-flow transfers. > > A new 'nocf_check' attribute is introduced to provide hand tuning > support. The attribute directs the compiler to skip a call to a > function and a function's landing pad from instrumentation. The > attribute can be used for function and pointer to function types, > otherwise it will be ignored. The attribute is saved in a type and > propagated to a GIMPLE call statement and later to a call instruction. > > Currently all platforms except i386 will report the error and do no > instrumentation. i386 will provide the implementation based on a > specification published by Intel for a new technology called > Control-flow Enforcement Technology (CET). > > gcc/c-family/ > * c-attribs.c (handle_nocf_check_attribute): New function. > (c_common_attribute_table): Add 'nocf_check' handling. > > gcc/c/ > * gimple-parser.c: Add second argument NULL to > gimple_build_call_from_tree. > > gcc/ > * attrib.c (comp_type_attributes): Check nocf_check attribute. > * cfgexpand.c (expand_call_stmt): Set REG_CALL_NOCF_CHECK for > call insn. > * combine.c (distribute_notes): Add REG_CALL_NOCF_CHECK handling. > * common.opt: Add fcf-protection flag. > * emit-rtl.c (try_split): Add REG_CALL_NOCF_CHECK handling. > * flag-types.h: Add enum cf_protection_level. > * gimple.c (gimple_build_call_from_tree): Add second parameter. > Add 'nocf_check' attribute propagation to gimple call. > * gimple.h (gf_mask): Add GF_CALL_NOCF_CHECK. > (gimple_build_call_from_tree): Update prototype. > (gimple_call_nocf_check_p): New function. > (gimple_call_set_nocf_check): Likewise. > * gimplify.c: Add second argument to gimple_build_call_from_tree. > * ipa-icf.c: Add nocf_check attribute in statement hash. > * recog.c (peep2_attempt): Add REG_CALL_NOCF_CHECK handling. > * reg-notes.def: Add REG_NOTE (CALL_NOCF_CHECK). > * toplev.c (process_options): Add flag_cf_protection handling. OK. Sorry about the long delays. jeff