From: Nick Clifton <nickc@redhat.com>
To: hjl.tools@gmail.com
Cc: gcc-patches@gcc.gnu.org
Subject: RFA: PR 84154: Fix checking -mibt and -mshstk options for control flow protection
Date: Mon, 05 Feb 2018 15:15:00 -0000 [thread overview]
Message-ID: <87k1vra2oh.fsf@redhat.com> (raw)
Hi H.J.
Attached is a potential patch for PR 84145:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84145
The problem was that the code to check that the --mibt and/or -mshstk
options have been correctly enabled for control flow protection did
not take into account that the wrong option might have been enabled.
So the patch inverts the test, looking at the value of
flag_cf_protection first and then checking to see if the needed x86
specific options have been enabled. This gives results like this:
% gcc -c main.c
% gcc -c main.c -fcf-protection=full
cc1: error: '-fcf-protection=full' requires CET support on this target. Use -mcet or both of -mibt and -mshstk options to enable CET
% gcc -c main.c -fcf-protection=full -mcet
% gcc -c main.c -fcf-protection=full -mibt
cc1: error: '-fcf-protection=full' requires CET support on this target. Use -mcet or both of -mibt and -mshstk options to enable CET
% gcc -c main.c -fcf-protection=full -mibt -mshstk
% gcc -c main.c -fcf-protection=branch
cc1: error: '-fcf-protection=branch' requires CET support on this target. Use -mcet or -mibt to enable CET
% gcc -c main.c -fcf-protection=branch -mcet
% gcc -c main.c -fcf-protection=branch -mibt
% gcc -c main.c -fcf-protection=branch -mshstk
cc1: error: '-fcf-protection=branch' requires CET support on this target. Use -mcet or -mibt to enable CET
% gcc -c main.c -fcf-protection=return
cc1: error: '-fcf-protection=return' requires CET support on this target. Use -mcet or -mshstk to enable CET
% gcc -c main.c -fcf-protection=return -mcet
% gcc -c main.c -fcf-protection=return -mibt
cc1: error: '-fcf-protection=return' requires CET support on this target. Use -mcet or -mshstk to enable CET
% gcc -c main.c -fcf-protection=return -mshstk
%
What do you think ? Is the patch OK for the mainline ?
Cheers
Nick
gcc/ChangeLog
2018-02-05 Nick Clifton <nickc@redhat.com>
PR 84145
* config/i386/i386.c (ix86_option_override_internal): Rework
checks for -fcf-protection and -mibt/-mshstk.
Index: gcc/config/i386/i386.c
===================================================================
--- gcc/config/i386/i386.c (revision 257389)
+++ gcc/config/i386/i386.c (working copy)
@@ -4915,30 +4915,43 @@
/* Do not support control flow instrumentation if CET is not enabled. */
if (opts->x_flag_cf_protection != CF_NONE)
{
- if (!(TARGET_IBT_P (opts->x_ix86_isa_flags2)
- || TARGET_SHSTK_P (opts->x_ix86_isa_flags)))
+ switch (flag_cf_protection)
{
- if (flag_cf_protection == CF_FULL)
+ case CF_NONE:
+ break;
+ case CF_BRANCH:
+ if (! TARGET_IBT_P (opts->x_ix86_isa_flags2))
{
- error ("%<-fcf-protection=full%> requires CET support "
- "on this target. Use -mcet or one of -mibt, "
- "-mshstk options to enable CET");
+ error ("%<-fcf-protection=branch%> requires CET support "
+ "on this target. Use -mcet or -mibt to enable CET");
+ flag_cf_protection = CF_NONE;
+ return false;
}
- else if (flag_cf_protection == CF_BRANCH)
+ break;
+ case CF_RETURN:
+ if (! TARGET_SHSTK_P (opts->x_ix86_isa_flags))
{
- error ("%<-fcf-protection=branch%> requires CET support "
- "on this target. Use -mcet or one of -mibt, "
- "-mshstk options to enable CET");
+ error ("%<-fcf-protection=return%> requires CET support "
+ "on this target. Use -mcet or -mshstk to enable CET");
+ flag_cf_protection = CF_NONE;
+ return false;
}
- else if (flag_cf_protection == CF_RETURN)
+ break;
+ case CF_FULL:
+ if ( ! TARGET_IBT_P (opts->x_ix86_isa_flags2)
+ || ! TARGET_SHSTK_P (opts->x_ix86_isa_flags))
{
- error ("%<-fcf-protection=return%> requires CET support "
- "on this target. Use -mcet or one of -mibt, "
+ error ("%<-fcf-protection=full%> requires CET support "
+ "on this target. Use -mcet or both of -mibt and "
"-mshstk options to enable CET");
+ flag_cf_protection = CF_NONE;
+ return false;
}
- flag_cf_protection = CF_NONE;
- return false;
+ break;
+ default:
+ gcc_unreachable ();
}
+
opts->x_flag_cf_protection =
(cf_protection_level) (opts->x_flag_cf_protection | CF_SET);
}
next reply other threads:[~2018-02-05 15:15 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-05 15:15 Nick Clifton [this message]
2018-02-06 11:14 ` Tsimbalist, Igor V
2018-02-06 12:16 ` Nick Clifton
2018-02-06 14:08 ` Tsimbalist, Igor V
2018-02-06 14:35 ` Uros Bizjak
2018-02-06 22:50 ` Rainer Orth
2018-02-06 23:27 ` Tsimbalist, Igor V
2018-02-06 23:46 ` Paolo Carlini
2018-02-07 0:02 ` Tsimbalist, Igor V
2018-02-07 0:08 ` Paolo Carlini
2018-02-07 8:54 ` Jakub Jelinek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k1vra2oh.fsf@redhat.com \
--to=nickc@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=hjl.tools@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).