From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yw1-x112a.google.com (mail-yw1-x112a.google.com [IPv6:2607:f8b0:4864:20::112a]) by sourceware.org (Postfix) with ESMTPS id DA9B13858D35 for ; Mon, 22 May 2023 08:08:38 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org DA9B13858D35 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-yw1-x112a.google.com with SMTP id 00721157ae682-564dc3dc075so13045457b3.1 for ; Mon, 22 May 2023 01:08:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684742918; x=1687334918; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=UHIVB0Crl4NewYZcKTy5SuMOx3t9xeL2mMklpftNysI=; b=RQeYLfvXlYeZxAR6GQnmRlnRG26Uz+ziv2m1AQEShllxTtSz7DPSrR6HTYr16jDadT SD6FzXyPF8vALMpnhdJ19k1cgtI9v/prcY5YawHL+0A7X6p+1D2XUx1Q/OYS65yWt/X3 DrBhjXagSyO3J8k3YIGTC8achNTbzBZByJHpK6sGn8JDIrk4oBSQl7MG1x3zCLLZcs7F DCdUh5bD5CmkWbSbZY8xyOGeC3jyQ62lB+Hnij9gG/dIhblZBOUyaOcr9eqa/INiYv1/ uP7NfmOqhf7kpzWzcWyg4MnGSwbNgp+iTvkGYd6ui/MR3yzzKXq8dGK86EysB2nHtYZf AWqg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684742918; x=1687334918; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UHIVB0Crl4NewYZcKTy5SuMOx3t9xeL2mMklpftNysI=; b=B++7nrNI+hgxcGuAsUVWKC515gLQn5AwLvZKPsiXdNGiWIb6tHkGa9aXIf6UkNbkkd H692eax+k28jwGnJE3ohkteIUt3OHPKA8l0upNVY2qR0ohuaPLZpI+K+63HEsmOoGjvM dGz4L+bpjobK6D3/NBQQ4K5w/2DeXtmIi4fHzc3Z4PGkqTskXc6P1LuFwrOm2N26hVfk yAa7d5109a+KJWJPWbF75nH3x9ehAVZkGNspIRrjap7yybLfnxpZc5p+GEwEUFO22Nnz WNceU+XZvwf0Sn3ENJ/LDFfoQeB36lpL+r6Ht8tgGkihvPXUiIVgdVGVxFKKsW1Ge8MC 0PQA== X-Gm-Message-State: AC+VfDxVXjqm4oyooO892FHDUrKxYXaoVH3H+oSKRq6iqvkaMe8vsYbm 5hV2NOPYcqZs3JEXFqBiuUjgHZiYMYvPyRLv4Aw= X-Google-Smtp-Source: ACHHUZ6ibq1Q3TJ74CIinITVslD5MMBCU4D/8XxpBTPdUBYUszEoWs+IuWEuvHbNag3CoqK8wxIoY7mGIvfIAa/V7q0= X-Received: by 2002:a0d:d890:0:b0:561:4bcc:464f with SMTP id a138-20020a0dd890000000b005614bcc464fmr11153391ywe.36.1684742918160; Mon, 22 May 2023 01:08:38 -0700 (PDT) MIME-Version: 1.0 References: <20230513092042.3927038-1-hongtao.liu@intel.com> In-Reply-To: <20230513092042.3927038-1-hongtao.liu@intel.com> From: Hongtao Liu Date: Mon, 22 May 2023 16:08:26 +0800 Message-ID: Subject: Re: [PATCH V2] Provide -fcf-protection=branch,return. To: liuhongt Cc: gcc-patches@gcc.gnu.org, hjl.tools@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-7.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: ping. On Sat, May 13, 2023 at 5:20=E2=80=AFPM liuhongt wr= ote: > > > I think this could be simplified if you use either EnumSet or > > EnumBitSet instead in common.opt for `-fcf-protection=3D`. > > Use EnumSet instead of EnumBitSet since CF_FULL is not power of 2. > It is a bit tricky for sets classification, cf_branch and cf_return > should be in different sets, but they both "conflicts" cf_full, > cf_none. And current EnumSet don't handle this well. > > So in the current implementation, only cf_full,cf_none are exclusive > to each other, but they can be combined with any cf_branch, cf_return, > cf_check. It's not perfect, but still an improvement than original > one. > > gcc/ChangeLog: > > * common.opt: (fcf-protection=3D): Add EnumSet attribute to > support combination of params. > > gcc/testsuite/ChangeLog: > > * c-c++-common/fcf-protection-10.c: New test. > * c-c++-common/fcf-protection-11.c: New test. > * c-c++-common/fcf-protection-12.c: New test. > * c-c++-common/fcf-protection-8.c: New test. > * c-c++-common/fcf-protection-9.c: New test. > * gcc.target/i386/pr89701-1.c: New test. > * gcc.target/i386/pr89701-2.c: New test. > * gcc.target/i386/pr89701-3.c: New test. > --- > gcc/common.opt | 12 ++++++------ > gcc/testsuite/c-c++-common/fcf-protection-10.c | 2 ++ > gcc/testsuite/c-c++-common/fcf-protection-11.c | 2 ++ > gcc/testsuite/c-c++-common/fcf-protection-12.c | 2 ++ > gcc/testsuite/c-c++-common/fcf-protection-8.c | 2 ++ > gcc/testsuite/c-c++-common/fcf-protection-9.c | 2 ++ > gcc/testsuite/gcc.target/i386/pr89701-1.c | 4 ++++ > gcc/testsuite/gcc.target/i386/pr89701-2.c | 4 ++++ > gcc/testsuite/gcc.target/i386/pr89701-3.c | 4 ++++ > 9 files changed, 28 insertions(+), 6 deletions(-) > create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-10.c > create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-11.c > create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-12.c > create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-8.c > create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-9.c > create mode 100644 gcc/testsuite/gcc.target/i386/pr89701-1.c > create mode 100644 gcc/testsuite/gcc.target/i386/pr89701-2.c > create mode 100644 gcc/testsuite/gcc.target/i386/pr89701-3.c > > diff --git a/gcc/common.opt b/gcc/common.opt > index a28ca13385a..02f2472959a 100644 > --- a/gcc/common.opt > +++ b/gcc/common.opt > @@ -1886,7 +1886,7 @@ fcf-protection > Common RejectNegative Alias(fcf-protection=3D,full) > > fcf-protection=3D > -Common Joined RejectNegative Enum(cf_protection_level) Var(flag_cf_prote= ction) Init(CF_NONE) > +Common Joined RejectNegative Enum(cf_protection_level) EnumSet Var(flag_= cf_protection) Init(CF_NONE) > -fcf-protection=3D[full|branch|return|none|check] Instrument func= tions with checks to verify jump/call/return control-flow transfer > instructions have valid targets. > > @@ -1894,19 +1894,19 @@ Enum > Name(cf_protection_level) Type(enum cf_protection_level) UnknownError(un= known Control-Flow Protection Level %qs) > > EnumValue > -Enum(cf_protection_level) String(full) Value(CF_FULL) > +Enum(cf_protection_level) String(full) Value(CF_FULL) Set(1) > > EnumValue > -Enum(cf_protection_level) String(branch) Value(CF_BRANCH) > +Enum(cf_protection_level) String(branch) Value(CF_BRANCH) Set(2) > > EnumValue > -Enum(cf_protection_level) String(return) Value(CF_RETURN) > +Enum(cf_protection_level) String(return) Value(CF_RETURN) Set(3) > > EnumValue > -Enum(cf_protection_level) String(check) Value(CF_CHECK) > +Enum(cf_protection_level) String(check) Value(CF_CHECK) Set(4) > > EnumValue > -Enum(cf_protection_level) String(none) Value(CF_NONE) > +Enum(cf_protection_level) String(none) Value(CF_NONE) Set(1) > > finstrument-functions > Common Var(flag_instrument_function_entry_exit,1) > diff --git a/gcc/testsuite/c-c++-common/fcf-protection-10.c b/gcc/testsui= te/c-c++-common/fcf-protection-10.c > new file mode 100644 > index 00000000000..b271d134e52 > --- /dev/null > +++ b/gcc/testsuite/c-c++-common/fcf-protection-10.c > @@ -0,0 +1,2 @@ > +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ > +/* { dg-options "-fcf-protection=3Dbranch,check" } */ > diff --git a/gcc/testsuite/c-c++-common/fcf-protection-11.c b/gcc/testsui= te/c-c++-common/fcf-protection-11.c > new file mode 100644 > index 00000000000..2e566350ccd > --- /dev/null > +++ b/gcc/testsuite/c-c++-common/fcf-protection-11.c > @@ -0,0 +1,2 @@ > +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ > +/* { dg-options "-fcf-protection=3Dbranch,return" } */ > diff --git a/gcc/testsuite/c-c++-common/fcf-protection-12.c b/gcc/testsui= te/c-c++-common/fcf-protection-12.c > new file mode 100644 > index 00000000000..b39c2f8e25d > --- /dev/null > +++ b/gcc/testsuite/c-c++-common/fcf-protection-12.c > @@ -0,0 +1,2 @@ > +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ > +/* { dg-options "-fcf-protection=3Dreturn,branch" } */ > diff --git a/gcc/testsuite/c-c++-common/fcf-protection-8.c b/gcc/testsuit= e/c-c++-common/fcf-protection-8.c > new file mode 100644 > index 00000000000..3b97095a92c > --- /dev/null > +++ b/gcc/testsuite/c-c++-common/fcf-protection-8.c > @@ -0,0 +1,2 @@ > +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ > +/* { dg-options "-fcf-protection=3Dbranch,none" } */ > diff --git a/gcc/testsuite/c-c++-common/fcf-protection-9.c b/gcc/testsuit= e/c-c++-common/fcf-protection-9.c > new file mode 100644 > index 00000000000..6a37e749fcb > --- /dev/null > +++ b/gcc/testsuite/c-c++-common/fcf-protection-9.c > @@ -0,0 +1,2 @@ > +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ > +/* { dg-options "-fcf-protection=3Dbranch,full" } */ > diff --git a/gcc/testsuite/gcc.target/i386/pr89701-1.c b/gcc/testsuite/gc= c.target/i386/pr89701-1.c > new file mode 100644 > index 00000000000..1879c9ab4d8 > --- /dev/null > +++ b/gcc/testsuite/gcc.target/i386/pr89701-1.c > @@ -0,0 +1,4 @@ > +/* { dg-do compile { target *-*-linux* } } */ > +/* { dg-options "-fcf-protection=3Dbranch,return" } */ > +/* { dg-final { scan-assembler-times ".note.gnu.property" 1 } } */ > +/* { dg-final { scan-assembler-times ".long 0x3" 1 } } */ > diff --git a/gcc/testsuite/gcc.target/i386/pr89701-2.c b/gcc/testsuite/gc= c.target/i386/pr89701-2.c > new file mode 100644 > index 00000000000..d5100575028 > --- /dev/null > +++ b/gcc/testsuite/gcc.target/i386/pr89701-2.c > @@ -0,0 +1,4 @@ > +/* { dg-do compile { target *-*-linux* } } */ > +/* { dg-options "-fcf-protection=3Dreturn,branch" } */ > +/* { dg-final { scan-assembler-times ".note.gnu.property" 1 } } */ > +/* { dg-final { scan-assembler-times ".long 0x3" 1 } } */ > diff --git a/gcc/testsuite/gcc.target/i386/pr89701-3.c b/gcc/testsuite/gc= c.target/i386/pr89701-3.c > new file mode 100644 > index 00000000000..88afb546fbf > --- /dev/null > +++ b/gcc/testsuite/gcc.target/i386/pr89701-3.c > @@ -0,0 +1,4 @@ > +/* { dg-do compile { target *-*-linux* } } */ > +/* { dg-options "-fcf-protection=3Dreturn,none" } */ > +/* { dg-final { scan-assembler-times ".note.gnu.property" 1 } } */ > +/* { dg-final { scan-assembler-times ".long 0x2" 1 } } */ > -- > 2.39.1.388.g2fc9e9ca3c > --=20 BR, Hongtao