* [PATCH] Require CET support only for the final GCC build @ 2020-07-15 14:47 H.J. Lu 2020-07-15 15:20 ` Richard Biener 0 siblings, 1 reply; 17+ messages in thread From: H.J. Lu @ 2020-07-15 14:47 UTC (permalink / raw) To: gcc-patches; +Cc: Richard Biener With --enable-cet, require CET support only for the final GCC build. Don't enable CET without CET support in stage1 nor for build support. config/ PR bootstrap/96202 * cet.m4 (GCC_CET_HOST_FLAGS): Don't enable CET without CET support in stage1 nor for build support. gcc/ PR bootstrap/96202 * configure: Regenerated. libbacktrace/ PR bootstrap/96202 * configure: Regenerated. libcc1/ PR bootstrap/96202 * configure: Regenerated. libcpp/ PR bootstrap/96202 * configure: Regenerated. libdecnumber/ PR bootstrap/96202 * configure: Regenerated. libiberty/ PR bootstrap/96202 * configure: Regenerated. lto-plugin/ PR bootstrap/96202 * configure: Regenerated. --- config/cet.m4 | 22 +++++++++++++++++----- gcc/configure | 30 ++++++++++++++++++++++-------- libbacktrace/configure | 22 +++++++++++++++++----- libcc1/configure | 20 ++++++++++++++++---- libcpp/configure | 20 ++++++++++++++++---- libdecnumber/configure | 20 ++++++++++++++++---- libiberty/configure | 20 ++++++++++++++++---- lto-plugin/configure | 24 ++++++++++++++++++------ 8 files changed, 138 insertions(+), 40 deletions(-) diff --git a/config/cet.m4 b/config/cet.m4 index 911fbd46475..265756e4c81 100644 --- a/config/cet.m4 +++ b/config/cet.m4 @@ -13,7 +13,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET insn. cet_save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fcf-protection" AC_COMPILE_IFELSE( @@ -70,7 +70,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [], @@ -85,13 +85,25 @@ asm ("setssbsy"); [enable_cet=no]) ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [], [asm ("setssbsy");])], - [], - [AC_MSG_ERROR([assembler with CET support is required for --enable-cet])]) + [support_cet=yes], + [support_cet=no]) + if test $support_cet = "no"; then + if test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + AC_MSG_ERROR([compiler and assembler with CET support are required for --enable-cet]) + else + # Don't enable CET without CET support in stage1 nor for + # build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" diff --git a/gcc/configure b/gcc/configure index f224679ed3e..6d06220eb2c 100755 --- a/gcc/configure +++ b/gcc/configure @@ -785,10 +785,10 @@ manext LIBICONV_DEP LTLIBICONV LIBICONV -ZSTD_LIB -ZSTD_INCLUDE ZSTD_LDFLAGS ZSTD_CPPFLAGS +ZSTD_LIB +ZSTD_INCLUDE DL_LIB LDEXP_LIB EXTRA_GCC_LIBS @@ -9978,6 +9978,8 @@ ZSTD_LIB= ZSTD_CPPFLAGS= ZSTD_LDFLAGS= + + # Check whether --with-zstd was given. if test "${with_zstd+set}" = set; then : withval=$with_zstd; @@ -19021,7 +19023,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 19022 "configure" +#line 19026 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -19127,7 +19129,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 19128 "configure" +#line 19132 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -30792,7 +30794,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -30818,7 +30820,7 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -30831,11 +30833,23 @@ asm ("setssbsy"); } _ACEOF if ac_fn_cxx_try_compile "$LINENO"; then : - + support_cet=yes else - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 + support_cet=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $support_cet = "no"; then + if test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 + else + # Don't enable CET without CET support in stage1 nor for + # build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" diff --git a/libbacktrace/configure b/libbacktrace/configure index 37c38e7ac5b..e23ffc18edb 100755 --- a/libbacktrace/configure +++ b/libbacktrace/configure @@ -12169,7 +12169,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET insn. cet_save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fcf-protection" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -12409,7 +12409,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -12435,7 +12435,7 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -12448,11 +12448,23 @@ asm ("setssbsy"); } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - + support_cet=yes else - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 + support_cet=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $support_cet = "no"; then + if test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 + else + # Don't enable CET without CET support in stage1 nor for + # build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" diff --git a/libcc1/configure b/libcc1/configure index 37dbeac4908..896181ac703 100755 --- a/libcc1/configure +++ b/libcc1/configure @@ -14565,7 +14565,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -14591,7 +14591,7 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -14604,11 +14604,23 @@ asm ("setssbsy"); } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - + support_cet=yes else - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 + support_cet=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $support_cet = "no"; then + if test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 + else + # Don't enable CET without CET support in stage1 nor for + # build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" diff --git a/libcpp/configure b/libcpp/configure index 3329e20c392..b5ccd57a629 100755 --- a/libcpp/configure +++ b/libcpp/configure @@ -7564,7 +7564,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7590,7 +7590,7 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7603,11 +7603,23 @@ asm ("setssbsy"); } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - + support_cet=yes else - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 + support_cet=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $support_cet = "no"; then + if test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 + else + # Don't enable CET without CET support in stage1 nor for + # build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" diff --git a/libdecnumber/configure b/libdecnumber/configure index df6fdcfbc7f..94ee3357498 100755 --- a/libdecnumber/configure +++ b/libdecnumber/configure @@ -5217,7 +5217,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5243,7 +5243,7 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5256,11 +5256,23 @@ asm ("setssbsy"); } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - + support_cet=yes else - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 + support_cet=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $support_cet = "no"; then + if test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 + else + # Don't enable CET without CET support in stage1 nor for + # build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" diff --git a/libiberty/configure b/libiberty/configure index 1f8e23f0d23..4cd6cfe3291 100755 --- a/libiberty/configure +++ b/libiberty/configure @@ -5291,7 +5291,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5317,7 +5317,7 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5330,11 +5330,23 @@ asm ("setssbsy"); } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - + support_cet=yes else - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 + support_cet=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $support_cet = "no"; then + if test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 + else + # Don't enable CET without CET support in stage1 nor for + # build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" diff --git a/lto-plugin/configure b/lto-plugin/configure index 69f6fce05c5..1666e87eedd 100755 --- a/lto-plugin/configure +++ b/lto-plugin/configure @@ -5687,7 +5687,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5713,7 +5713,7 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5726,11 +5726,23 @@ asm ("setssbsy"); } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - + support_cet=yes else - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 + support_cet=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $support_cet = "no"; then + if test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 + else + # Don't enable CET without CET support in stage1 nor for + # build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" @@ -11947,7 +11959,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11950 "configure" +#line 11962 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12053,7 +12065,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12056 "configure" +#line 12068 "configure" #include "confdefs.h" #if HAVE_DLFCN_H -- 2.26.2 ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-15 14:47 [PATCH] Require CET support only for the final GCC build H.J. Lu @ 2020-07-15 15:20 ` Richard Biener 2020-07-15 15:26 ` H.J. Lu 2020-07-15 17:16 ` Joseph Myers 0 siblings, 2 replies; 17+ messages in thread From: Richard Biener @ 2020-07-15 15:20 UTC (permalink / raw) To: H.J. Lu; +Cc: gcc-patches, Joseph S. Myers On Wed, 15 Jul 2020, H.J. Lu wrote: > With --enable-cet, require CET support only for the final GCC build. > Don't enable CET without CET support in stage1 nor for build support. I wonder if we want to do sth less fragile than testing for ../stage_current - for example the toplevel make could export sth special through POSTSTAGE1_FLAGS_TO_PASS? But note one of the issues is that when not cross-compiling we're using a single libiberty for target and host objects (likewise for libstdc++ I guess). When cross-compiling say powerpc -> x86_64 we should already build stage1 libiberty used for target objects by the stage1 compiler and thus CET enabled. Note that for PR96202 it's host objects (gen*) that we get complaints for - the host objects should never get CET enabled. That said, giving configury an idea whether it configures for the host, the target or the build would be required here - Joseph, is there an existing mechanism for example libiberty can use here? Thanks, Richard. > config/ > > PR bootstrap/96202 > * cet.m4 (GCC_CET_HOST_FLAGS): Don't enable CET without CET > support in stage1 nor for build support. > > gcc/ > > PR bootstrap/96202 > * configure: Regenerated. > > libbacktrace/ > > PR bootstrap/96202 > * configure: Regenerated. > > libcc1/ > > PR bootstrap/96202 > * configure: Regenerated. > > libcpp/ > > PR bootstrap/96202 > * configure: Regenerated. > > libdecnumber/ > > PR bootstrap/96202 > * configure: Regenerated. > > libiberty/ > > PR bootstrap/96202 > * configure: Regenerated. > > lto-plugin/ > > PR bootstrap/96202 > * configure: Regenerated. > --- > config/cet.m4 | 22 +++++++++++++++++----- > gcc/configure | 30 ++++++++++++++++++++++-------- > libbacktrace/configure | 22 +++++++++++++++++----- > libcc1/configure | 20 ++++++++++++++++---- > libcpp/configure | 20 ++++++++++++++++---- > libdecnumber/configure | 20 ++++++++++++++++---- > libiberty/configure | 20 ++++++++++++++++---- > lto-plugin/configure | 24 ++++++++++++++++++------ > 8 files changed, 138 insertions(+), 40 deletions(-) > > diff --git a/config/cet.m4 b/config/cet.m4 > index 911fbd46475..265756e4c81 100644 > --- a/config/cet.m4 > +++ b/config/cet.m4 > @@ -13,7 +13,7 @@ case "$host" in > case "$enable_cet" in > auto) > # Check if target supports multi-byte NOPs > - # and if assembler supports CET insn. > + # and if compiler and assembler support CET insn. > cet_save_CFLAGS="$CFLAGS" > CFLAGS="$CFLAGS -fcf-protection" > AC_COMPILE_IFELSE( > @@ -70,7 +70,7 @@ case "$host" in > case "$enable_cet" in > auto) > # Check if target supports multi-byte NOPs > - # and if assembler supports CET insn. > + # and if compiler and assembler support CET. > AC_COMPILE_IFELSE( > [AC_LANG_PROGRAM( > [], > @@ -85,13 +85,25 @@ asm ("setssbsy"); > [enable_cet=no]) > ;; > yes) > - # Check if assembler supports CET. > + # Check if compiler and assembler support CET. > AC_COMPILE_IFELSE( > [AC_LANG_PROGRAM( > [], > [asm ("setssbsy");])], > - [], > - [AC_MSG_ERROR([assembler with CET support is required for --enable-cet])]) > + [support_cet=yes], > + [support_cet=no]) > + if test $support_cet = "no"; then > + if test -z "${with_build_subdir}" \ > + && (test ! -f ../stage_current \ > + || test `cat ../stage_current` != "stage1"); then > + # Require CET support only for the final GCC build. > + AC_MSG_ERROR([compiler and assembler with CET support are required for --enable-cet]) > + else > + # Don't enable CET without CET support in stage1 nor for > + # build support. > + enable_cet=no > + fi > + fi > ;; > esac > CFLAGS="$cet_save_CFLAGS" > diff --git a/gcc/configure b/gcc/configure > index f224679ed3e..6d06220eb2c 100755 > --- a/gcc/configure > +++ b/gcc/configure > @@ -785,10 +785,10 @@ manext > LIBICONV_DEP > LTLIBICONV > LIBICONV > -ZSTD_LIB > -ZSTD_INCLUDE > ZSTD_LDFLAGS > ZSTD_CPPFLAGS > +ZSTD_LIB > +ZSTD_INCLUDE > DL_LIB > LDEXP_LIB > EXTRA_GCC_LIBS > @@ -9978,6 +9978,8 @@ ZSTD_LIB= > ZSTD_CPPFLAGS= > ZSTD_LDFLAGS= > > + > + > # Check whether --with-zstd was given. > if test "${with_zstd+set}" = set; then : > withval=$with_zstd; > @@ -19021,7 +19023,7 @@ else > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > lt_status=$lt_dlunknown > cat > conftest.$ac_ext <<_LT_EOF > -#line 19022 "configure" > +#line 19026 "configure" > #include "confdefs.h" > > #if HAVE_DLFCN_H > @@ -19127,7 +19129,7 @@ else > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > lt_status=$lt_dlunknown > cat > conftest.$ac_ext <<_LT_EOF > -#line 19128 "configure" > +#line 19132 "configure" > #include "confdefs.h" > > #if HAVE_DLFCN_H > @@ -30792,7 +30794,7 @@ case "$host" in > case "$enable_cet" in > auto) > # Check if target supports multi-byte NOPs > - # and if assembler supports CET insn. > + # and if compiler and assembler support CET. > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > /* end confdefs.h. */ > > @@ -30818,7 +30820,7 @@ fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > ;; > yes) > - # Check if assembler supports CET. > + # Check if compiler and assembler support CET. > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > /* end confdefs.h. */ > > @@ -30831,11 +30833,23 @@ asm ("setssbsy"); > } > _ACEOF > if ac_fn_cxx_try_compile "$LINENO"; then : > - > + support_cet=yes > else > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > + support_cet=no > fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > + if test $support_cet = "no"; then > + if test -z "${with_build_subdir}" \ > + && (test ! -f ../stage_current \ > + || test `cat ../stage_current` != "stage1"); then > + # Require CET support only for the final GCC build. > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > + else > + # Don't enable CET without CET support in stage1 nor for > + # build support. > + enable_cet=no > + fi > + fi > ;; > esac > CFLAGS="$cet_save_CFLAGS" > diff --git a/libbacktrace/configure b/libbacktrace/configure > index 37c38e7ac5b..e23ffc18edb 100755 > --- a/libbacktrace/configure > +++ b/libbacktrace/configure > @@ -12169,7 +12169,7 @@ case "$host" in > case "$enable_cet" in > auto) > # Check if target supports multi-byte NOPs > - # and if assembler supports CET insn. > + # and if compiler and assembler support CET insn. > cet_save_CFLAGS="$CFLAGS" > CFLAGS="$CFLAGS -fcf-protection" > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > @@ -12409,7 +12409,7 @@ case "$host" in > case "$enable_cet" in > auto) > # Check if target supports multi-byte NOPs > - # and if assembler supports CET insn. > + # and if compiler and assembler support CET. > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > /* end confdefs.h. */ > > @@ -12435,7 +12435,7 @@ fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > ;; > yes) > - # Check if assembler supports CET. > + # Check if compiler and assembler support CET. > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > /* end confdefs.h. */ > > @@ -12448,11 +12448,23 @@ asm ("setssbsy"); > } > _ACEOF > if ac_fn_c_try_compile "$LINENO"; then : > - > + support_cet=yes > else > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > + support_cet=no > fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > + if test $support_cet = "no"; then > + if test -z "${with_build_subdir}" \ > + && (test ! -f ../stage_current \ > + || test `cat ../stage_current` != "stage1"); then > + # Require CET support only for the final GCC build. > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > + else > + # Don't enable CET without CET support in stage1 nor for > + # build support. > + enable_cet=no > + fi > + fi > ;; > esac > CFLAGS="$cet_save_CFLAGS" > diff --git a/libcc1/configure b/libcc1/configure > index 37dbeac4908..896181ac703 100755 > --- a/libcc1/configure > +++ b/libcc1/configure > @@ -14565,7 +14565,7 @@ case "$host" in > case "$enable_cet" in > auto) > # Check if target supports multi-byte NOPs > - # and if assembler supports CET insn. > + # and if compiler and assembler support CET. > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > /* end confdefs.h. */ > > @@ -14591,7 +14591,7 @@ fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > ;; > yes) > - # Check if assembler supports CET. > + # Check if compiler and assembler support CET. > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > /* end confdefs.h. */ > > @@ -14604,11 +14604,23 @@ asm ("setssbsy"); > } > _ACEOF > if ac_fn_c_try_compile "$LINENO"; then : > - > + support_cet=yes > else > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > + support_cet=no > fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > + if test $support_cet = "no"; then > + if test -z "${with_build_subdir}" \ > + && (test ! -f ../stage_current \ > + || test `cat ../stage_current` != "stage1"); then > + # Require CET support only for the final GCC build. > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > + else > + # Don't enable CET without CET support in stage1 nor for > + # build support. > + enable_cet=no > + fi > + fi > ;; > esac > CFLAGS="$cet_save_CFLAGS" > diff --git a/libcpp/configure b/libcpp/configure > index 3329e20c392..b5ccd57a629 100755 > --- a/libcpp/configure > +++ b/libcpp/configure > @@ -7564,7 +7564,7 @@ case "$host" in > case "$enable_cet" in > auto) > # Check if target supports multi-byte NOPs > - # and if assembler supports CET insn. > + # and if compiler and assembler support CET. > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > /* end confdefs.h. */ > > @@ -7590,7 +7590,7 @@ fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > ;; > yes) > - # Check if assembler supports CET. > + # Check if compiler and assembler support CET. > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > /* end confdefs.h. */ > > @@ -7603,11 +7603,23 @@ asm ("setssbsy"); > } > _ACEOF > if ac_fn_c_try_compile "$LINENO"; then : > - > + support_cet=yes > else > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > + support_cet=no > fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > + if test $support_cet = "no"; then > + if test -z "${with_build_subdir}" \ > + && (test ! -f ../stage_current \ > + || test `cat ../stage_current` != "stage1"); then > + # Require CET support only for the final GCC build. > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > + else > + # Don't enable CET without CET support in stage1 nor for > + # build support. > + enable_cet=no > + fi > + fi > ;; > esac > CFLAGS="$cet_save_CFLAGS" > diff --git a/libdecnumber/configure b/libdecnumber/configure > index df6fdcfbc7f..94ee3357498 100755 > --- a/libdecnumber/configure > +++ b/libdecnumber/configure > @@ -5217,7 +5217,7 @@ case "$host" in > case "$enable_cet" in > auto) > # Check if target supports multi-byte NOPs > - # and if assembler supports CET insn. > + # and if compiler and assembler support CET. > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > /* end confdefs.h. */ > > @@ -5243,7 +5243,7 @@ fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > ;; > yes) > - # Check if assembler supports CET. > + # Check if compiler and assembler support CET. > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > /* end confdefs.h. */ > > @@ -5256,11 +5256,23 @@ asm ("setssbsy"); > } > _ACEOF > if ac_fn_c_try_compile "$LINENO"; then : > - > + support_cet=yes > else > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > + support_cet=no > fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > + if test $support_cet = "no"; then > + if test -z "${with_build_subdir}" \ > + && (test ! -f ../stage_current \ > + || test `cat ../stage_current` != "stage1"); then > + # Require CET support only for the final GCC build. > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > + else > + # Don't enable CET without CET support in stage1 nor for > + # build support. > + enable_cet=no > + fi > + fi > ;; > esac > CFLAGS="$cet_save_CFLAGS" > diff --git a/libiberty/configure b/libiberty/configure > index 1f8e23f0d23..4cd6cfe3291 100755 > --- a/libiberty/configure > +++ b/libiberty/configure > @@ -5291,7 +5291,7 @@ case "$host" in > case "$enable_cet" in > auto) > # Check if target supports multi-byte NOPs > - # and if assembler supports CET insn. > + # and if compiler and assembler support CET. > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > /* end confdefs.h. */ > > @@ -5317,7 +5317,7 @@ fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > ;; > yes) > - # Check if assembler supports CET. > + # Check if compiler and assembler support CET. > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > /* end confdefs.h. */ > > @@ -5330,11 +5330,23 @@ asm ("setssbsy"); > } > _ACEOF > if ac_fn_c_try_compile "$LINENO"; then : > - > + support_cet=yes > else > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > + support_cet=no > fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > + if test $support_cet = "no"; then > + if test -z "${with_build_subdir}" \ > + && (test ! -f ../stage_current \ > + || test `cat ../stage_current` != "stage1"); then > + # Require CET support only for the final GCC build. > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > + else > + # Don't enable CET without CET support in stage1 nor for > + # build support. > + enable_cet=no > + fi > + fi > ;; > esac > CFLAGS="$cet_save_CFLAGS" > diff --git a/lto-plugin/configure b/lto-plugin/configure > index 69f6fce05c5..1666e87eedd 100755 > --- a/lto-plugin/configure > +++ b/lto-plugin/configure > @@ -5687,7 +5687,7 @@ case "$host" in > case "$enable_cet" in > auto) > # Check if target supports multi-byte NOPs > - # and if assembler supports CET insn. > + # and if compiler and assembler support CET. > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > /* end confdefs.h. */ > > @@ -5713,7 +5713,7 @@ fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > ;; > yes) > - # Check if assembler supports CET. > + # Check if compiler and assembler support CET. > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > /* end confdefs.h. */ > > @@ -5726,11 +5726,23 @@ asm ("setssbsy"); > } > _ACEOF > if ac_fn_c_try_compile "$LINENO"; then : > - > + support_cet=yes > else > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > + support_cet=no > fi > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > + if test $support_cet = "no"; then > + if test -z "${with_build_subdir}" \ > + && (test ! -f ../stage_current \ > + || test `cat ../stage_current` != "stage1"); then > + # Require CET support only for the final GCC build. > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > + else > + # Don't enable CET without CET support in stage1 nor for > + # build support. > + enable_cet=no > + fi > + fi > ;; > esac > CFLAGS="$cet_save_CFLAGS" > @@ -11947,7 +11959,7 @@ else > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > lt_status=$lt_dlunknown > cat > conftest.$ac_ext <<_LT_EOF > -#line 11950 "configure" > +#line 11962 "configure" > #include "confdefs.h" > > #if HAVE_DLFCN_H > @@ -12053,7 +12065,7 @@ else > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > lt_status=$lt_dlunknown > cat > conftest.$ac_ext <<_LT_EOF > -#line 12056 "configure" > +#line 12068 "configure" > #include "confdefs.h" > > #if HAVE_DLFCN_H > -- Richard Biener <rguenther@suse.de> SUSE Software Solutions Germany GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany; GF: Felix Imendörffer; HRB 36809 (AG Nuernberg) ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-15 15:20 ` Richard Biener @ 2020-07-15 15:26 ` H.J. Lu 2020-07-17 7:03 ` Richard Biener 2020-07-15 17:16 ` Joseph Myers 1 sibling, 1 reply; 17+ messages in thread From: H.J. Lu @ 2020-07-15 15:26 UTC (permalink / raw) To: Richard Biener; +Cc: GCC Patches, Joseph S. Myers On Wed, Jul 15, 2020 at 8:20 AM Richard Biener <rguenther@suse.de> wrote: > > On Wed, 15 Jul 2020, H.J. Lu wrote: > > > With --enable-cet, require CET support only for the final GCC build. > > Don't enable CET without CET support in stage1 nor for build support. > > I wonder if we want to do sth less fragile than testing > for ../stage_current - for example the toplevel make could > export sth special through POSTSTAGE1_FLAGS_TO_PASS? That would be nice. > But note one of the issues is that when not cross-compiling we're > using a single libiberty for target and host objects (likewise It shouldn't be a problem. > for libstdc++ I guess). When cross-compiling say powerpc -> x86_64 > we should already build stage1 libiberty used for target objects > by the stage1 compiler and thus CET enabled. > > Note that for PR96202 it's host objects (gen*) that we get complaints > for - the host objects should never get CET enabled. We must enable CET in lto-plugin on CET enabled hosts even if CET isn't enabled in GCC run-time. Otherwise, ld can't dlopen lto-plugin. > That said, giving configury an idea whether it configures for > the host, the target or the build would be required here - Joseph, > is there an existing mechanism for example libiberty can use > here? > > Thanks, > Richard. > > > config/ > > > > PR bootstrap/96202 > > * cet.m4 (GCC_CET_HOST_FLAGS): Don't enable CET without CET > > support in stage1 nor for build support. > > > > gcc/ > > > > PR bootstrap/96202 > > * configure: Regenerated. > > > > libbacktrace/ > > > > PR bootstrap/96202 > > * configure: Regenerated. > > > > libcc1/ > > > > PR bootstrap/96202 > > * configure: Regenerated. > > > > libcpp/ > > > > PR bootstrap/96202 > > * configure: Regenerated. > > > > libdecnumber/ > > > > PR bootstrap/96202 > > * configure: Regenerated. > > > > libiberty/ > > > > PR bootstrap/96202 > > * configure: Regenerated. > > > > lto-plugin/ > > > > PR bootstrap/96202 > > * configure: Regenerated. > > --- > > config/cet.m4 | 22 +++++++++++++++++----- > > gcc/configure | 30 ++++++++++++++++++++++-------- > > libbacktrace/configure | 22 +++++++++++++++++----- > > libcc1/configure | 20 ++++++++++++++++---- > > libcpp/configure | 20 ++++++++++++++++---- > > libdecnumber/configure | 20 ++++++++++++++++---- > > libiberty/configure | 20 ++++++++++++++++---- > > lto-plugin/configure | 24 ++++++++++++++++++------ > > 8 files changed, 138 insertions(+), 40 deletions(-) > > > > diff --git a/config/cet.m4 b/config/cet.m4 > > index 911fbd46475..265756e4c81 100644 > > --- a/config/cet.m4 > > +++ b/config/cet.m4 > > @@ -13,7 +13,7 @@ case "$host" in > > case "$enable_cet" in > > auto) > > # Check if target supports multi-byte NOPs > > - # and if assembler supports CET insn. > > + # and if compiler and assembler support CET insn. > > cet_save_CFLAGS="$CFLAGS" > > CFLAGS="$CFLAGS -fcf-protection" > > AC_COMPILE_IFELSE( > > @@ -70,7 +70,7 @@ case "$host" in > > case "$enable_cet" in > > auto) > > # Check if target supports multi-byte NOPs > > - # and if assembler supports CET insn. > > + # and if compiler and assembler support CET. > > AC_COMPILE_IFELSE( > > [AC_LANG_PROGRAM( > > [], > > @@ -85,13 +85,25 @@ asm ("setssbsy"); > > [enable_cet=no]) > > ;; > > yes) > > - # Check if assembler supports CET. > > + # Check if compiler and assembler support CET. > > AC_COMPILE_IFELSE( > > [AC_LANG_PROGRAM( > > [], > > [asm ("setssbsy");])], > > - [], > > - [AC_MSG_ERROR([assembler with CET support is required for --enable-cet])]) > > + [support_cet=yes], > > + [support_cet=no]) > > + if test $support_cet = "no"; then > > + if test -z "${with_build_subdir}" \ > > + && (test ! -f ../stage_current \ > > + || test `cat ../stage_current` != "stage1"); then > > + # Require CET support only for the final GCC build. > > + AC_MSG_ERROR([compiler and assembler with CET support are required for --enable-cet]) > > + else > > + # Don't enable CET without CET support in stage1 nor for > > + # build support. > > + enable_cet=no > > + fi > > + fi > > ;; > > esac > > CFLAGS="$cet_save_CFLAGS" > > diff --git a/gcc/configure b/gcc/configure > > index f224679ed3e..6d06220eb2c 100755 > > --- a/gcc/configure > > +++ b/gcc/configure > > @@ -785,10 +785,10 @@ manext > > LIBICONV_DEP > > LTLIBICONV > > LIBICONV > > -ZSTD_LIB > > -ZSTD_INCLUDE > > ZSTD_LDFLAGS > > ZSTD_CPPFLAGS > > +ZSTD_LIB > > +ZSTD_INCLUDE > > DL_LIB > > LDEXP_LIB > > EXTRA_GCC_LIBS > > @@ -9978,6 +9978,8 @@ ZSTD_LIB= > > ZSTD_CPPFLAGS= > > ZSTD_LDFLAGS= > > > > + > > + > > # Check whether --with-zstd was given. > > if test "${with_zstd+set}" = set; then : > > withval=$with_zstd; > > @@ -19021,7 +19023,7 @@ else > > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > > lt_status=$lt_dlunknown > > cat > conftest.$ac_ext <<_LT_EOF > > -#line 19022 "configure" > > +#line 19026 "configure" > > #include "confdefs.h" > > > > #if HAVE_DLFCN_H > > @@ -19127,7 +19129,7 @@ else > > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > > lt_status=$lt_dlunknown > > cat > conftest.$ac_ext <<_LT_EOF > > -#line 19128 "configure" > > +#line 19132 "configure" > > #include "confdefs.h" > > > > #if HAVE_DLFCN_H > > @@ -30792,7 +30794,7 @@ case "$host" in > > case "$enable_cet" in > > auto) > > # Check if target supports multi-byte NOPs > > - # and if assembler supports CET insn. > > + # and if compiler and assembler support CET. > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > /* end confdefs.h. */ > > > > @@ -30818,7 +30820,7 @@ fi > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > ;; > > yes) > > - # Check if assembler supports CET. > > + # Check if compiler and assembler support CET. > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > /* end confdefs.h. */ > > > > @@ -30831,11 +30833,23 @@ asm ("setssbsy"); > > } > > _ACEOF > > if ac_fn_cxx_try_compile "$LINENO"; then : > > - > > + support_cet=yes > > else > > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > > + support_cet=no > > fi > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > + if test $support_cet = "no"; then > > + if test -z "${with_build_subdir}" \ > > + && (test ! -f ../stage_current \ > > + || test `cat ../stage_current` != "stage1"); then > > + # Require CET support only for the final GCC build. > > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > > + else > > + # Don't enable CET without CET support in stage1 nor for > > + # build support. > > + enable_cet=no > > + fi > > + fi > > ;; > > esac > > CFLAGS="$cet_save_CFLAGS" > > diff --git a/libbacktrace/configure b/libbacktrace/configure > > index 37c38e7ac5b..e23ffc18edb 100755 > > --- a/libbacktrace/configure > > +++ b/libbacktrace/configure > > @@ -12169,7 +12169,7 @@ case "$host" in > > case "$enable_cet" in > > auto) > > # Check if target supports multi-byte NOPs > > - # and if assembler supports CET insn. > > + # and if compiler and assembler support CET insn. > > cet_save_CFLAGS="$CFLAGS" > > CFLAGS="$CFLAGS -fcf-protection" > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > @@ -12409,7 +12409,7 @@ case "$host" in > > case "$enable_cet" in > > auto) > > # Check if target supports multi-byte NOPs > > - # and if assembler supports CET insn. > > + # and if compiler and assembler support CET. > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > /* end confdefs.h. */ > > > > @@ -12435,7 +12435,7 @@ fi > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > ;; > > yes) > > - # Check if assembler supports CET. > > + # Check if compiler and assembler support CET. > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > /* end confdefs.h. */ > > > > @@ -12448,11 +12448,23 @@ asm ("setssbsy"); > > } > > _ACEOF > > if ac_fn_c_try_compile "$LINENO"; then : > > - > > + support_cet=yes > > else > > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > > + support_cet=no > > fi > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > + if test $support_cet = "no"; then > > + if test -z "${with_build_subdir}" \ > > + && (test ! -f ../stage_current \ > > + || test `cat ../stage_current` != "stage1"); then > > + # Require CET support only for the final GCC build. > > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > > + else > > + # Don't enable CET without CET support in stage1 nor for > > + # build support. > > + enable_cet=no > > + fi > > + fi > > ;; > > esac > > CFLAGS="$cet_save_CFLAGS" > > diff --git a/libcc1/configure b/libcc1/configure > > index 37dbeac4908..896181ac703 100755 > > --- a/libcc1/configure > > +++ b/libcc1/configure > > @@ -14565,7 +14565,7 @@ case "$host" in > > case "$enable_cet" in > > auto) > > # Check if target supports multi-byte NOPs > > - # and if assembler supports CET insn. > > + # and if compiler and assembler support CET. > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > /* end confdefs.h. */ > > > > @@ -14591,7 +14591,7 @@ fi > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > ;; > > yes) > > - # Check if assembler supports CET. > > + # Check if compiler and assembler support CET. > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > /* end confdefs.h. */ > > > > @@ -14604,11 +14604,23 @@ asm ("setssbsy"); > > } > > _ACEOF > > if ac_fn_c_try_compile "$LINENO"; then : > > - > > + support_cet=yes > > else > > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > > + support_cet=no > > fi > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > + if test $support_cet = "no"; then > > + if test -z "${with_build_subdir}" \ > > + && (test ! -f ../stage_current \ > > + || test `cat ../stage_current` != "stage1"); then > > + # Require CET support only for the final GCC build. > > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > > + else > > + # Don't enable CET without CET support in stage1 nor for > > + # build support. > > + enable_cet=no > > + fi > > + fi > > ;; > > esac > > CFLAGS="$cet_save_CFLAGS" > > diff --git a/libcpp/configure b/libcpp/configure > > index 3329e20c392..b5ccd57a629 100755 > > --- a/libcpp/configure > > +++ b/libcpp/configure > > @@ -7564,7 +7564,7 @@ case "$host" in > > case "$enable_cet" in > > auto) > > # Check if target supports multi-byte NOPs > > - # and if assembler supports CET insn. > > + # and if compiler and assembler support CET. > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > /* end confdefs.h. */ > > > > @@ -7590,7 +7590,7 @@ fi > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > ;; > > yes) > > - # Check if assembler supports CET. > > + # Check if compiler and assembler support CET. > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > /* end confdefs.h. */ > > > > @@ -7603,11 +7603,23 @@ asm ("setssbsy"); > > } > > _ACEOF > > if ac_fn_c_try_compile "$LINENO"; then : > > - > > + support_cet=yes > > else > > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > > + support_cet=no > > fi > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > + if test $support_cet = "no"; then > > + if test -z "${with_build_subdir}" \ > > + && (test ! -f ../stage_current \ > > + || test `cat ../stage_current` != "stage1"); then > > + # Require CET support only for the final GCC build. > > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > > + else > > + # Don't enable CET without CET support in stage1 nor for > > + # build support. > > + enable_cet=no > > + fi > > + fi > > ;; > > esac > > CFLAGS="$cet_save_CFLAGS" > > diff --git a/libdecnumber/configure b/libdecnumber/configure > > index df6fdcfbc7f..94ee3357498 100755 > > --- a/libdecnumber/configure > > +++ b/libdecnumber/configure > > @@ -5217,7 +5217,7 @@ case "$host" in > > case "$enable_cet" in > > auto) > > # Check if target supports multi-byte NOPs > > - # and if assembler supports CET insn. > > + # and if compiler and assembler support CET. > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > /* end confdefs.h. */ > > > > @@ -5243,7 +5243,7 @@ fi > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > ;; > > yes) > > - # Check if assembler supports CET. > > + # Check if compiler and assembler support CET. > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > /* end confdefs.h. */ > > > > @@ -5256,11 +5256,23 @@ asm ("setssbsy"); > > } > > _ACEOF > > if ac_fn_c_try_compile "$LINENO"; then : > > - > > + support_cet=yes > > else > > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > > + support_cet=no > > fi > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > + if test $support_cet = "no"; then > > + if test -z "${with_build_subdir}" \ > > + && (test ! -f ../stage_current \ > > + || test `cat ../stage_current` != "stage1"); then > > + # Require CET support only for the final GCC build. > > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > > + else > > + # Don't enable CET without CET support in stage1 nor for > > + # build support. > > + enable_cet=no > > + fi > > + fi > > ;; > > esac > > CFLAGS="$cet_save_CFLAGS" > > diff --git a/libiberty/configure b/libiberty/configure > > index 1f8e23f0d23..4cd6cfe3291 100755 > > --- a/libiberty/configure > > +++ b/libiberty/configure > > @@ -5291,7 +5291,7 @@ case "$host" in > > case "$enable_cet" in > > auto) > > # Check if target supports multi-byte NOPs > > - # and if assembler supports CET insn. > > + # and if compiler and assembler support CET. > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > /* end confdefs.h. */ > > > > @@ -5317,7 +5317,7 @@ fi > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > ;; > > yes) > > - # Check if assembler supports CET. > > + # Check if compiler and assembler support CET. > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > /* end confdefs.h. */ > > > > @@ -5330,11 +5330,23 @@ asm ("setssbsy"); > > } > > _ACEOF > > if ac_fn_c_try_compile "$LINENO"; then : > > - > > + support_cet=yes > > else > > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > > + support_cet=no > > fi > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > + if test $support_cet = "no"; then > > + if test -z "${with_build_subdir}" \ > > + && (test ! -f ../stage_current \ > > + || test `cat ../stage_current` != "stage1"); then > > + # Require CET support only for the final GCC build. > > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > > + else > > + # Don't enable CET without CET support in stage1 nor for > > + # build support. > > + enable_cet=no > > + fi > > + fi > > ;; > > esac > > CFLAGS="$cet_save_CFLAGS" > > diff --git a/lto-plugin/configure b/lto-plugin/configure > > index 69f6fce05c5..1666e87eedd 100755 > > --- a/lto-plugin/configure > > +++ b/lto-plugin/configure > > @@ -5687,7 +5687,7 @@ case "$host" in > > case "$enable_cet" in > > auto) > > # Check if target supports multi-byte NOPs > > - # and if assembler supports CET insn. > > + # and if compiler and assembler support CET. > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > /* end confdefs.h. */ > > > > @@ -5713,7 +5713,7 @@ fi > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > ;; > > yes) > > - # Check if assembler supports CET. > > + # Check if compiler and assembler support CET. > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > /* end confdefs.h. */ > > > > @@ -5726,11 +5726,23 @@ asm ("setssbsy"); > > } > > _ACEOF > > if ac_fn_c_try_compile "$LINENO"; then : > > - > > + support_cet=yes > > else > > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > > + support_cet=no > > fi > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > + if test $support_cet = "no"; then > > + if test -z "${with_build_subdir}" \ > > + && (test ! -f ../stage_current \ > > + || test `cat ../stage_current` != "stage1"); then > > + # Require CET support only for the final GCC build. > > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > > + else > > + # Don't enable CET without CET support in stage1 nor for > > + # build support. > > + enable_cet=no > > + fi > > + fi > > ;; > > esac > > CFLAGS="$cet_save_CFLAGS" > > @@ -11947,7 +11959,7 @@ else > > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > > lt_status=$lt_dlunknown > > cat > conftest.$ac_ext <<_LT_EOF > > -#line 11950 "configure" > > +#line 11962 "configure" > > #include "confdefs.h" > > > > #if HAVE_DLFCN_H > > @@ -12053,7 +12065,7 @@ else > > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > > lt_status=$lt_dlunknown > > cat > conftest.$ac_ext <<_LT_EOF > > -#line 12056 "configure" > > +#line 12068 "configure" > > #include "confdefs.h" > > > > #if HAVE_DLFCN_H > > > > -- > Richard Biener <rguenther@suse.de> > SUSE Software Solutions Germany GmbH, Maxfeldstrasse 5, 90409 Nuernberg, > Germany; GF: Felix Imendörffer; HRB 36809 (AG Nuernberg) -- H.J. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-15 15:26 ` H.J. Lu @ 2020-07-17 7:03 ` Richard Biener 2020-07-17 12:41 ` H.J. Lu 0 siblings, 1 reply; 17+ messages in thread From: Richard Biener @ 2020-07-17 7:03 UTC (permalink / raw) To: H.J. Lu; +Cc: GCC Patches, Joseph S. Myers On Wed, 15 Jul 2020, H.J. Lu wrote: > On Wed, Jul 15, 2020 at 8:20 AM Richard Biener <rguenther@suse.de> wrote: > > > > On Wed, 15 Jul 2020, H.J. Lu wrote: > > > > > With --enable-cet, require CET support only for the final GCC build. > > > Don't enable CET without CET support in stage1 nor for build support. > > > > I wonder if we want to do sth less fragile than testing > > for ../stage_current - for example the toplevel make could > > export sth special through POSTSTAGE1_FLAGS_TO_PASS? > > That would be nice. > > > But note one of the issues is that when not cross-compiling we're > > using a single libiberty for target and host objects (likewise > > It shouldn't be a problem. > > > for libstdc++ I guess). When cross-compiling say powerpc -> x86_64 > > we should already build stage1 libiberty used for target objects > > by the stage1 compiler and thus CET enabled. > > > > Note that for PR96202 it's host objects (gen*) that we get complaints > > for - the host objects should never get CET enabled. > > We must enable CET in lto-plugin on CET enabled hosts even if > CET isn't enabled in GCC run-time. Otherwise, ld can't dlopen > lto-plugin. But then don't we also need to enable CET for _all_ host objects? Note libiberty for the build also seems instrumented leading to LTO link fail when building gen* - so you probably mean that lto-plugin for the _build_ needs to be CET enabled? But then gen* would need such CET enablement, too? In any case we might want to try to disentangle CET enablement for the build/host from that of the target? > > That said, giving configury an idea whether it configures for > > the host, the target or the build would be required here - Joseph, > > is there an existing mechanism for example libiberty can use > > here? > > > > Thanks, > > Richard. > > > > > config/ > > > > > > PR bootstrap/96202 > > > * cet.m4 (GCC_CET_HOST_FLAGS): Don't enable CET without CET > > > support in stage1 nor for build support. > > > > > > gcc/ > > > > > > PR bootstrap/96202 > > > * configure: Regenerated. > > > > > > libbacktrace/ > > > > > > PR bootstrap/96202 > > > * configure: Regenerated. > > > > > > libcc1/ > > > > > > PR bootstrap/96202 > > > * configure: Regenerated. > > > > > > libcpp/ > > > > > > PR bootstrap/96202 > > > * configure: Regenerated. > > > > > > libdecnumber/ > > > > > > PR bootstrap/96202 > > > * configure: Regenerated. > > > > > > libiberty/ > > > > > > PR bootstrap/96202 > > > * configure: Regenerated. > > > > > > lto-plugin/ > > > > > > PR bootstrap/96202 > > > * configure: Regenerated. > > > --- > > > config/cet.m4 | 22 +++++++++++++++++----- > > > gcc/configure | 30 ++++++++++++++++++++++-------- > > > libbacktrace/configure | 22 +++++++++++++++++----- > > > libcc1/configure | 20 ++++++++++++++++---- > > > libcpp/configure | 20 ++++++++++++++++---- > > > libdecnumber/configure | 20 ++++++++++++++++---- > > > libiberty/configure | 20 ++++++++++++++++---- > > > lto-plugin/configure | 24 ++++++++++++++++++------ > > > 8 files changed, 138 insertions(+), 40 deletions(-) > > > > > > diff --git a/config/cet.m4 b/config/cet.m4 > > > index 911fbd46475..265756e4c81 100644 > > > --- a/config/cet.m4 > > > +++ b/config/cet.m4 > > > @@ -13,7 +13,7 @@ case "$host" in > > > case "$enable_cet" in > > > auto) > > > # Check if target supports multi-byte NOPs > > > - # and if assembler supports CET insn. > > > + # and if compiler and assembler support CET insn. > > > cet_save_CFLAGS="$CFLAGS" > > > CFLAGS="$CFLAGS -fcf-protection" > > > AC_COMPILE_IFELSE( > > > @@ -70,7 +70,7 @@ case "$host" in > > > case "$enable_cet" in > > > auto) > > > # Check if target supports multi-byte NOPs > > > - # and if assembler supports CET insn. > > > + # and if compiler and assembler support CET. > > > AC_COMPILE_IFELSE( > > > [AC_LANG_PROGRAM( > > > [], > > > @@ -85,13 +85,25 @@ asm ("setssbsy"); > > > [enable_cet=no]) > > > ;; > > > yes) > > > - # Check if assembler supports CET. > > > + # Check if compiler and assembler support CET. > > > AC_COMPILE_IFELSE( > > > [AC_LANG_PROGRAM( > > > [], > > > [asm ("setssbsy");])], > > > - [], > > > - [AC_MSG_ERROR([assembler with CET support is required for --enable-cet])]) > > > + [support_cet=yes], > > > + [support_cet=no]) > > > + if test $support_cet = "no"; then > > > + if test -z "${with_build_subdir}" \ > > > + && (test ! -f ../stage_current \ > > > + || test `cat ../stage_current` != "stage1"); then > > > + # Require CET support only for the final GCC build. > > > + AC_MSG_ERROR([compiler and assembler with CET support are required for --enable-cet]) > > > + else > > > + # Don't enable CET without CET support in stage1 nor for > > > + # build support. > > > + enable_cet=no > > > + fi > > > + fi > > > ;; > > > esac > > > CFLAGS="$cet_save_CFLAGS" > > > diff --git a/gcc/configure b/gcc/configure > > > index f224679ed3e..6d06220eb2c 100755 > > > --- a/gcc/configure > > > +++ b/gcc/configure > > > @@ -785,10 +785,10 @@ manext > > > LIBICONV_DEP > > > LTLIBICONV > > > LIBICONV > > > -ZSTD_LIB > > > -ZSTD_INCLUDE > > > ZSTD_LDFLAGS > > > ZSTD_CPPFLAGS > > > +ZSTD_LIB > > > +ZSTD_INCLUDE > > > DL_LIB > > > LDEXP_LIB > > > EXTRA_GCC_LIBS > > > @@ -9978,6 +9978,8 @@ ZSTD_LIB= > > > ZSTD_CPPFLAGS= > > > ZSTD_LDFLAGS= > > > > > > + > > > + > > > # Check whether --with-zstd was given. > > > if test "${with_zstd+set}" = set; then : > > > withval=$with_zstd; > > > @@ -19021,7 +19023,7 @@ else > > > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > > > lt_status=$lt_dlunknown > > > cat > conftest.$ac_ext <<_LT_EOF > > > -#line 19022 "configure" > > > +#line 19026 "configure" > > > #include "confdefs.h" > > > > > > #if HAVE_DLFCN_H > > > @@ -19127,7 +19129,7 @@ else > > > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > > > lt_status=$lt_dlunknown > > > cat > conftest.$ac_ext <<_LT_EOF > > > -#line 19128 "configure" > > > +#line 19132 "configure" > > > #include "confdefs.h" > > > > > > #if HAVE_DLFCN_H > > > @@ -30792,7 +30794,7 @@ case "$host" in > > > case "$enable_cet" in > > > auto) > > > # Check if target supports multi-byte NOPs > > > - # and if assembler supports CET insn. > > > + # and if compiler and assembler support CET. > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > /* end confdefs.h. */ > > > > > > @@ -30818,7 +30820,7 @@ fi > > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > > ;; > > > yes) > > > - # Check if assembler supports CET. > > > + # Check if compiler and assembler support CET. > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > /* end confdefs.h. */ > > > > > > @@ -30831,11 +30833,23 @@ asm ("setssbsy"); > > > } > > > _ACEOF > > > if ac_fn_cxx_try_compile "$LINENO"; then : > > > - > > > + support_cet=yes > > > else > > > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > > > + support_cet=no > > > fi > > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > > + if test $support_cet = "no"; then > > > + if test -z "${with_build_subdir}" \ > > > + && (test ! -f ../stage_current \ > > > + || test `cat ../stage_current` != "stage1"); then > > > + # Require CET support only for the final GCC build. > > > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > > > + else > > > + # Don't enable CET without CET support in stage1 nor for > > > + # build support. > > > + enable_cet=no > > > + fi > > > + fi > > > ;; > > > esac > > > CFLAGS="$cet_save_CFLAGS" > > > diff --git a/libbacktrace/configure b/libbacktrace/configure > > > index 37c38e7ac5b..e23ffc18edb 100755 > > > --- a/libbacktrace/configure > > > +++ b/libbacktrace/configure > > > @@ -12169,7 +12169,7 @@ case "$host" in > > > case "$enable_cet" in > > > auto) > > > # Check if target supports multi-byte NOPs > > > - # and if assembler supports CET insn. > > > + # and if compiler and assembler support CET insn. > > > cet_save_CFLAGS="$CFLAGS" > > > CFLAGS="$CFLAGS -fcf-protection" > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > @@ -12409,7 +12409,7 @@ case "$host" in > > > case "$enable_cet" in > > > auto) > > > # Check if target supports multi-byte NOPs > > > - # and if assembler supports CET insn. > > > + # and if compiler and assembler support CET. > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > /* end confdefs.h. */ > > > > > > @@ -12435,7 +12435,7 @@ fi > > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > > ;; > > > yes) > > > - # Check if assembler supports CET. > > > + # Check if compiler and assembler support CET. > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > /* end confdefs.h. */ > > > > > > @@ -12448,11 +12448,23 @@ asm ("setssbsy"); > > > } > > > _ACEOF > > > if ac_fn_c_try_compile "$LINENO"; then : > > > - > > > + support_cet=yes > > > else > > > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > > > + support_cet=no > > > fi > > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > > + if test $support_cet = "no"; then > > > + if test -z "${with_build_subdir}" \ > > > + && (test ! -f ../stage_current \ > > > + || test `cat ../stage_current` != "stage1"); then > > > + # Require CET support only for the final GCC build. > > > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > > > + else > > > + # Don't enable CET without CET support in stage1 nor for > > > + # build support. > > > + enable_cet=no > > > + fi > > > + fi > > > ;; > > > esac > > > CFLAGS="$cet_save_CFLAGS" > > > diff --git a/libcc1/configure b/libcc1/configure > > > index 37dbeac4908..896181ac703 100755 > > > --- a/libcc1/configure > > > +++ b/libcc1/configure > > > @@ -14565,7 +14565,7 @@ case "$host" in > > > case "$enable_cet" in > > > auto) > > > # Check if target supports multi-byte NOPs > > > - # and if assembler supports CET insn. > > > + # and if compiler and assembler support CET. > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > /* end confdefs.h. */ > > > > > > @@ -14591,7 +14591,7 @@ fi > > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > > ;; > > > yes) > > > - # Check if assembler supports CET. > > > + # Check if compiler and assembler support CET. > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > /* end confdefs.h. */ > > > > > > @@ -14604,11 +14604,23 @@ asm ("setssbsy"); > > > } > > > _ACEOF > > > if ac_fn_c_try_compile "$LINENO"; then : > > > - > > > + support_cet=yes > > > else > > > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > > > + support_cet=no > > > fi > > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > > + if test $support_cet = "no"; then > > > + if test -z "${with_build_subdir}" \ > > > + && (test ! -f ../stage_current \ > > > + || test `cat ../stage_current` != "stage1"); then > > > + # Require CET support only for the final GCC build. > > > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > > > + else > > > + # Don't enable CET without CET support in stage1 nor for > > > + # build support. > > > + enable_cet=no > > > + fi > > > + fi > > > ;; > > > esac > > > CFLAGS="$cet_save_CFLAGS" > > > diff --git a/libcpp/configure b/libcpp/configure > > > index 3329e20c392..b5ccd57a629 100755 > > > --- a/libcpp/configure > > > +++ b/libcpp/configure > > > @@ -7564,7 +7564,7 @@ case "$host" in > > > case "$enable_cet" in > > > auto) > > > # Check if target supports multi-byte NOPs > > > - # and if assembler supports CET insn. > > > + # and if compiler and assembler support CET. > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > /* end confdefs.h. */ > > > > > > @@ -7590,7 +7590,7 @@ fi > > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > > ;; > > > yes) > > > - # Check if assembler supports CET. > > > + # Check if compiler and assembler support CET. > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > /* end confdefs.h. */ > > > > > > @@ -7603,11 +7603,23 @@ asm ("setssbsy"); > > > } > > > _ACEOF > > > if ac_fn_c_try_compile "$LINENO"; then : > > > - > > > + support_cet=yes > > > else > > > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > > > + support_cet=no > > > fi > > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > > + if test $support_cet = "no"; then > > > + if test -z "${with_build_subdir}" \ > > > + && (test ! -f ../stage_current \ > > > + || test `cat ../stage_current` != "stage1"); then > > > + # Require CET support only for the final GCC build. > > > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > > > + else > > > + # Don't enable CET without CET support in stage1 nor for > > > + # build support. > > > + enable_cet=no > > > + fi > > > + fi > > > ;; > > > esac > > > CFLAGS="$cet_save_CFLAGS" > > > diff --git a/libdecnumber/configure b/libdecnumber/configure > > > index df6fdcfbc7f..94ee3357498 100755 > > > --- a/libdecnumber/configure > > > +++ b/libdecnumber/configure > > > @@ -5217,7 +5217,7 @@ case "$host" in > > > case "$enable_cet" in > > > auto) > > > # Check if target supports multi-byte NOPs > > > - # and if assembler supports CET insn. > > > + # and if compiler and assembler support CET. > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > /* end confdefs.h. */ > > > > > > @@ -5243,7 +5243,7 @@ fi > > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > > ;; > > > yes) > > > - # Check if assembler supports CET. > > > + # Check if compiler and assembler support CET. > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > /* end confdefs.h. */ > > > > > > @@ -5256,11 +5256,23 @@ asm ("setssbsy"); > > > } > > > _ACEOF > > > if ac_fn_c_try_compile "$LINENO"; then : > > > - > > > + support_cet=yes > > > else > > > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > > > + support_cet=no > > > fi > > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > > + if test $support_cet = "no"; then > > > + if test -z "${with_build_subdir}" \ > > > + && (test ! -f ../stage_current \ > > > + || test `cat ../stage_current` != "stage1"); then > > > + # Require CET support only for the final GCC build. > > > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > > > + else > > > + # Don't enable CET without CET support in stage1 nor for > > > + # build support. > > > + enable_cet=no > > > + fi > > > + fi > > > ;; > > > esac > > > CFLAGS="$cet_save_CFLAGS" > > > diff --git a/libiberty/configure b/libiberty/configure > > > index 1f8e23f0d23..4cd6cfe3291 100755 > > > --- a/libiberty/configure > > > +++ b/libiberty/configure > > > @@ -5291,7 +5291,7 @@ case "$host" in > > > case "$enable_cet" in > > > auto) > > > # Check if target supports multi-byte NOPs > > > - # and if assembler supports CET insn. > > > + # and if compiler and assembler support CET. > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > /* end confdefs.h. */ > > > > > > @@ -5317,7 +5317,7 @@ fi > > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > > ;; > > > yes) > > > - # Check if assembler supports CET. > > > + # Check if compiler and assembler support CET. > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > /* end confdefs.h. */ > > > > > > @@ -5330,11 +5330,23 @@ asm ("setssbsy"); > > > } > > > _ACEOF > > > if ac_fn_c_try_compile "$LINENO"; then : > > > - > > > + support_cet=yes > > > else > > > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > > > + support_cet=no > > > fi > > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > > + if test $support_cet = "no"; then > > > + if test -z "${with_build_subdir}" \ > > > + && (test ! -f ../stage_current \ > > > + || test `cat ../stage_current` != "stage1"); then > > > + # Require CET support only for the final GCC build. > > > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > > > + else > > > + # Don't enable CET without CET support in stage1 nor for > > > + # build support. > > > + enable_cet=no > > > + fi > > > + fi > > > ;; > > > esac > > > CFLAGS="$cet_save_CFLAGS" > > > diff --git a/lto-plugin/configure b/lto-plugin/configure > > > index 69f6fce05c5..1666e87eedd 100755 > > > --- a/lto-plugin/configure > > > +++ b/lto-plugin/configure > > > @@ -5687,7 +5687,7 @@ case "$host" in > > > case "$enable_cet" in > > > auto) > > > # Check if target supports multi-byte NOPs > > > - # and if assembler supports CET insn. > > > + # and if compiler and assembler support CET. > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > /* end confdefs.h. */ > > > > > > @@ -5713,7 +5713,7 @@ fi > > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > > ;; > > > yes) > > > - # Check if assembler supports CET. > > > + # Check if compiler and assembler support CET. > > > cat confdefs.h - <<_ACEOF >conftest.$ac_ext > > > /* end confdefs.h. */ > > > > > > @@ -5726,11 +5726,23 @@ asm ("setssbsy"); > > > } > > > _ACEOF > > > if ac_fn_c_try_compile "$LINENO"; then : > > > - > > > + support_cet=yes > > > else > > > - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 > > > + support_cet=no > > > fi > > > rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext > > > + if test $support_cet = "no"; then > > > + if test -z "${with_build_subdir}" \ > > > + && (test ! -f ../stage_current \ > > > + || test `cat ../stage_current` != "stage1"); then > > > + # Require CET support only for the final GCC build. > > > + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 > > > + else > > > + # Don't enable CET without CET support in stage1 nor for > > > + # build support. > > > + enable_cet=no > > > + fi > > > + fi > > > ;; > > > esac > > > CFLAGS="$cet_save_CFLAGS" > > > @@ -11947,7 +11959,7 @@ else > > > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > > > lt_status=$lt_dlunknown > > > cat > conftest.$ac_ext <<_LT_EOF > > > -#line 11950 "configure" > > > +#line 11962 "configure" > > > #include "confdefs.h" > > > > > > #if HAVE_DLFCN_H > > > @@ -12053,7 +12065,7 @@ else > > > lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 > > > lt_status=$lt_dlunknown > > > cat > conftest.$ac_ext <<_LT_EOF > > > -#line 12056 "configure" > > > +#line 12068 "configure" > > > #include "confdefs.h" > > > > > > #if HAVE_DLFCN_H > > > > > > > -- > > Richard Biener <rguenther@suse.de> > > SUSE Software Solutions Germany GmbH, Maxfeldstrasse 5, 90409 Nuernberg, > > Germany; GF: Felix Imendörffer; HRB 36809 (AG Nuernberg) > > > > -- Richard Biener <rguenther@suse.de> SUSE Software Solutions Germany GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany; GF: Felix Imendörffer; HRB 36809 (AG Nuernberg) ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-17 7:03 ` Richard Biener @ 2020-07-17 12:41 ` H.J. Lu 0 siblings, 0 replies; 17+ messages in thread From: H.J. Lu @ 2020-07-17 12:41 UTC (permalink / raw) To: Richard Biener; +Cc: GCC Patches, Joseph S. Myers On Fri, Jul 17, 2020 at 12:03 AM Richard Biener <rguenther@suse.de> wrote: > > On Wed, 15 Jul 2020, H.J. Lu wrote: > > > On Wed, Jul 15, 2020 at 8:20 AM Richard Biener <rguenther@suse.de> wrote: > > > > > > On Wed, 15 Jul 2020, H.J. Lu wrote: > > > > > > > With --enable-cet, require CET support only for the final GCC build. > > > > Don't enable CET without CET support in stage1 nor for build support. > > > > > > I wonder if we want to do sth less fragile than testing > > > for ../stage_current - for example the toplevel make could > > > export sth special through POSTSTAGE1_FLAGS_TO_PASS? > > > > That would be nice. > > > > > But note one of the issues is that when not cross-compiling we're > > > using a single libiberty for target and host objects (likewise > > > > It shouldn't be a problem. > > > > > for libstdc++ I guess). When cross-compiling say powerpc -> x86_64 > > > we should already build stage1 libiberty used for target objects > > > by the stage1 compiler and thus CET enabled. > > > > > > Note that for PR96202 it's host objects (gen*) that we get complaints > > > for - the host objects should never get CET enabled. > > > > We must enable CET in lto-plugin on CET enabled hosts even if > > CET isn't enabled in GCC run-time. Otherwise, ld can't dlopen > > lto-plugin. > > But then don't we also need to enable CET for _all_ host objects? No. We only need those which may be dlopened on CET enabled hosts. > Note libiberty for the build also seems instrumented leading to > LTO link fail when building gen* - so you probably mean that > lto-plugin for the _build_ needs to be CET enabled? But then Yes, for CET enabled build and CET enabled host. > gen* would need such CET enablement, too? Will gen* be dlopened? > In any case we might want to try to disentangle CET enablement > for the build/host from that of the target? > > > > That said, giving configury an idea whether it configures for > > > the host, the target or the build would be required here - Joseph, > > > is there an existing mechanism for example libiberty can use > > > here? > > > -- H.J. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-15 15:20 ` Richard Biener 2020-07-15 15:26 ` H.J. Lu @ 2020-07-15 17:16 ` Joseph Myers 2020-07-17 7:08 ` Richard Biener 1 sibling, 1 reply; 17+ messages in thread From: Joseph Myers @ 2020-07-15 17:16 UTC (permalink / raw) To: Richard Biener; +Cc: H.J. Lu, gcc-patches On Wed, 15 Jul 2020, Richard Biener wrote: > But note one of the issues is that when not cross-compiling we're > using a single libiberty for target and host objects (likewise There shouldn't be a target libiberty, since commit 8499116aa30a46993deff5acf73985df6b16fb8b (re PR regression/47836 (Some Cross Compiler can't build target-libiberty or target-zlib), Wed Jun 22 19:40:45 2011 +0000). If something is causing target libiberty to be built, that's a bug that should be fixed. > That said, giving configury an idea whether it configures for > the host, the target or the build would be required here - Joseph, > is there an existing mechanism for example libiberty can use > here? Makefile.def has some settings specific to host or build, e.g. build_modules= { module= libcpp; extra_configure_flags='--disable-nls am_cv_func_iconv=no';}; or host_modules= { module= libiberty; bootstrap=true; extra_configure_flags='@extra_host_libiberty_configure_flags@';}; -- Joseph S. Myers joseph@codesourcery.com ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-15 17:16 ` Joseph Myers @ 2020-07-17 7:08 ` Richard Biener 2020-07-17 12:42 ` H.J. Lu 0 siblings, 1 reply; 17+ messages in thread From: Richard Biener @ 2020-07-17 7:08 UTC (permalink / raw) To: Joseph Myers; +Cc: H.J. Lu, gcc-patches On Wed, 15 Jul 2020, Joseph Myers wrote: > On Wed, 15 Jul 2020, Richard Biener wrote: > > > But note one of the issues is that when not cross-compiling we're > > using a single libiberty for target and host objects (likewise > > There shouldn't be a target libiberty, since commit > 8499116aa30a46993deff5acf73985df6b16fb8b (re PR regression/47836 (Some > Cross Compiler can't build target-libiberty or target-zlib), Wed Jun 22 > 19:40:45 2011 +0000). If something is causing target libiberty to be > built, that's a bug that should be fixed. > > > That said, giving configury an idea whether it configures for > > the host, the target or the build would be required here - Joseph, > > is there an existing mechanism for example libiberty can use > > here? > > Makefile.def has some settings specific to host or build, e.g. > > build_modules= { module= libcpp; > extra_configure_flags='--disable-nls am_cv_func_iconv=no';}; > > or > > host_modules= { module= libiberty; bootstrap=true; > extra_configure_flags='@extra_host_libiberty_configure_flags@';}; Ah, OK. Looks like we should be able to add a @extra_target_cet_configure_flags@, funnel that to the target_modules and keep CET disabled by default in the modules configury. Similarly (if HJ is correct) we'd need to add @extra_{host,build}_cet_configure_flags@ for the purpose of lto-plugin which only has a host module (and for bootstrap host == build, so it's shared there but we still have separate libiberties for host/build...) Richard. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-17 7:08 ` Richard Biener @ 2020-07-17 12:42 ` H.J. Lu 2020-07-17 13:27 ` Richard Biener 0 siblings, 1 reply; 17+ messages in thread From: H.J. Lu @ 2020-07-17 12:42 UTC (permalink / raw) To: Richard Biener; +Cc: Joseph Myers, GCC Patches On Fri, Jul 17, 2020 at 12:08 AM Richard Biener <rguenther@suse.de> wrote: > > On Wed, 15 Jul 2020, Joseph Myers wrote: > > > On Wed, 15 Jul 2020, Richard Biener wrote: > > > > > But note one of the issues is that when not cross-compiling we're > > > using a single libiberty for target and host objects (likewise > > > > There shouldn't be a target libiberty, since commit > > 8499116aa30a46993deff5acf73985df6b16fb8b (re PR regression/47836 (Some > > Cross Compiler can't build target-libiberty or target-zlib), Wed Jun 22 > > 19:40:45 2011 +0000). If something is causing target libiberty to be > > built, that's a bug that should be fixed. > > > > > That said, giving configury an idea whether it configures for > > > the host, the target or the build would be required here - Joseph, > > > is there an existing mechanism for example libiberty can use > > > here? > > > > Makefile.def has some settings specific to host or build, e.g. > > > > build_modules= { module= libcpp; > > extra_configure_flags='--disable-nls am_cv_func_iconv=no';}; > > > > or > > > > host_modules= { module= libiberty; bootstrap=true; > > extra_configure_flags='@extra_host_libiberty_configure_flags@';}; > > Ah, OK. Looks like we should be able to add a > @extra_target_cet_configure_flags@, funnel that to the target_modules > and keep CET disabled by default in the modules configury. > > Similarly (if HJ is correct) we'd need to add > @extra_{host,build}_cet_configure_flags@ for the purpose of lto-plugin > which only has a host module (and for bootstrap host == build, so it's > shared there but we still have separate libiberties for host/build...) > We need -fcf-protection only on object files which will be dlopened on CET enabled build and host. -- H.J. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-17 12:42 ` H.J. Lu @ 2020-07-17 13:27 ` Richard Biener 2020-07-17 13:46 ` H.J. Lu 0 siblings, 1 reply; 17+ messages in thread From: Richard Biener @ 2020-07-17 13:27 UTC (permalink / raw) To: H.J. Lu; +Cc: Joseph Myers, GCC Patches On Fri, 17 Jul 2020, H.J. Lu wrote: > On Fri, Jul 17, 2020 at 12:08 AM Richard Biener <rguenther@suse.de> wrote: > > > > On Wed, 15 Jul 2020, Joseph Myers wrote: > > > > > On Wed, 15 Jul 2020, Richard Biener wrote: > > > > > > > But note one of the issues is that when not cross-compiling we're > > > > using a single libiberty for target and host objects (likewise > > > > > > There shouldn't be a target libiberty, since commit > > > 8499116aa30a46993deff5acf73985df6b16fb8b (re PR regression/47836 (Some > > > Cross Compiler can't build target-libiberty or target-zlib), Wed Jun 22 > > > 19:40:45 2011 +0000). If something is causing target libiberty to be > > > built, that's a bug that should be fixed. > > > > > > > That said, giving configury an idea whether it configures for > > > > the host, the target or the build would be required here - Joseph, > > > > is there an existing mechanism for example libiberty can use > > > > here? > > > > > > Makefile.def has some settings specific to host or build, e.g. > > > > > > build_modules= { module= libcpp; > > > extra_configure_flags='--disable-nls am_cv_func_iconv=no';}; > > > > > > or > > > > > > host_modules= { module= libiberty; bootstrap=true; > > > extra_configure_flags='@extra_host_libiberty_configure_flags@';}; > > > > Ah, OK. Looks like we should be able to add a > > @extra_target_cet_configure_flags@, funnel that to the target_modules > > and keep CET disabled by default in the modules configury. > > > > Similarly (if HJ is correct) we'd need to add > > @extra_{host,build}_cet_configure_flags@ for the purpose of lto-plugin > > which only has a host module (and for bootstrap host == build, so it's > > shared there but we still have separate libiberties for host/build...) > > > > We need -fcf-protection only on object files which will be dlopened on > CET enabled build and host. Why is there a distinction between dlopen and execution? IIRC ld falls back to non-CET operation when dlopening a non-CET shared object? But OK, so if we'll allow mixing CET and non-CET objects for the gen* link, simply dropping CET enablement, I guess it will work as it did before. Richard. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-17 13:27 ` Richard Biener @ 2020-07-17 13:46 ` H.J. Lu 2020-07-29 11:01 ` Richard Biener 0 siblings, 1 reply; 17+ messages in thread From: H.J. Lu @ 2020-07-17 13:46 UTC (permalink / raw) To: Richard Biener; +Cc: Joseph Myers, GCC Patches On Fri, Jul 17, 2020 at 6:27 AM Richard Biener <rguenther@suse.de> wrote: > > On Fri, 17 Jul 2020, H.J. Lu wrote: > > > On Fri, Jul 17, 2020 at 12:08 AM Richard Biener <rguenther@suse.de> wrote: > > > > > > On Wed, 15 Jul 2020, Joseph Myers wrote: > > > > > > > On Wed, 15 Jul 2020, Richard Biener wrote: > > > > > > > > > But note one of the issues is that when not cross-compiling we're > > > > > using a single libiberty for target and host objects (likewise > > > > > > > > There shouldn't be a target libiberty, since commit > > > > 8499116aa30a46993deff5acf73985df6b16fb8b (re PR regression/47836 (Some > > > > Cross Compiler can't build target-libiberty or target-zlib), Wed Jun 22 > > > > 19:40:45 2011 +0000). If something is causing target libiberty to be > > > > built, that's a bug that should be fixed. > > > > > > > > > That said, giving configury an idea whether it configures for > > > > > the host, the target or the build would be required here - Joseph, > > > > > is there an existing mechanism for example libiberty can use > > > > > here? > > > > > > > > Makefile.def has some settings specific to host or build, e.g. > > > > > > > > build_modules= { module= libcpp; > > > > extra_configure_flags='--disable-nls am_cv_func_iconv=no';}; > > > > > > > > or > > > > > > > > host_modules= { module= libiberty; bootstrap=true; > > > > extra_configure_flags='@extra_host_libiberty_configure_flags@';}; > > > > > > Ah, OK. Looks like we should be able to add a > > > @extra_target_cet_configure_flags@, funnel that to the target_modules > > > and keep CET disabled by default in the modules configury. > > > > > > Similarly (if HJ is correct) we'd need to add > > > @extra_{host,build}_cet_configure_flags@ for the purpose of lto-plugin > > > which only has a host module (and for bootstrap host == build, so it's > > > shared there but we still have separate libiberties for host/build...) > > > > > > > We need -fcf-protection only on object files which will be dlopened on > > CET enabled build and host. > > Why is there a distinction between dlopen and execution? IIRC > ld falls back to non-CET operation when dlopening a non-CET shared object? BTW, ld.so refuses to dlopen a legacy shared object after CET has been enabled. This behavior can be controlled when configuring glibc: '--enable-cet' '--enable-cet=permissive' Enable Intel Control-flow Enforcement Technology (CET) support. When the GNU C Library is built with '--enable-cet' or '--enable-cet=permissive', the resulting library is protected with indirect branch tracking (IBT) and shadow stack (SHSTK). When CET is enabled, the GNU C Library is compatible with all existing executables and shared libraries. This feature is currently supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or later. Note that when CET is enabled, the GNU C Library requires CPUs capable of multi-byte NOPs, like x86-64 processors as well as Intel Pentium Pro or newer. With '--enable-cet', it is an error to dlopen a non CET enabled shared library in CET enabled application. With '--enable-cet=permissive', CET is disabled when dlopening a non CET enabled shared library in CET enabled application. > But OK, so if we'll allow mixing CET and non-CET objects for the > gen* link, simply dropping CET enablement, I guess it will work > as it did before. > > Richard. -- H.J. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-17 13:46 ` H.J. Lu @ 2020-07-29 11:01 ` Richard Biener 2020-07-29 11:46 ` H.J. Lu 2020-07-29 11:46 ` Richard Biener 0 siblings, 2 replies; 17+ messages in thread From: Richard Biener @ 2020-07-29 11:01 UTC (permalink / raw) To: H.J. Lu; +Cc: Richard Biener, GCC Patches, Joseph Myers On Fri, Jul 17, 2020 at 5:32 PM H.J. Lu via Gcc-patches <gcc-patches@gcc.gnu.org> wrote: > > On Fri, Jul 17, 2020 at 6:27 AM Richard Biener <rguenther@suse.de> wrote: > > > > On Fri, 17 Jul 2020, H.J. Lu wrote: > > > > > On Fri, Jul 17, 2020 at 12:08 AM Richard Biener <rguenther@suse.de> wrote: > > > > > > > > On Wed, 15 Jul 2020, Joseph Myers wrote: > > > > > > > > > On Wed, 15 Jul 2020, Richard Biener wrote: > > > > > > > > > > > But note one of the issues is that when not cross-compiling we're > > > > > > using a single libiberty for target and host objects (likewise > > > > > > > > > > There shouldn't be a target libiberty, since commit > > > > > 8499116aa30a46993deff5acf73985df6b16fb8b (re PR regression/47836 (Some > > > > > Cross Compiler can't build target-libiberty or target-zlib), Wed Jun 22 > > > > > 19:40:45 2011 +0000). If something is causing target libiberty to be > > > > > built, that's a bug that should be fixed. > > > > > > > > > > > That said, giving configury an idea whether it configures for > > > > > > the host, the target or the build would be required here - Joseph, > > > > > > is there an existing mechanism for example libiberty can use > > > > > > here? > > > > > > > > > > Makefile.def has some settings specific to host or build, e.g. > > > > > > > > > > build_modules= { module= libcpp; > > > > > extra_configure_flags='--disable-nls am_cv_func_iconv=no';}; > > > > > > > > > > or > > > > > > > > > > host_modules= { module= libiberty; bootstrap=true; > > > > > extra_configure_flags='@extra_host_libiberty_configure_flags@';}; > > > > > > > > Ah, OK. Looks like we should be able to add a > > > > @extra_target_cet_configure_flags@, funnel that to the target_modules > > > > and keep CET disabled by default in the modules configury. > > > > > > > > Similarly (if HJ is correct) we'd need to add > > > > @extra_{host,build}_cet_configure_flags@ for the purpose of lto-plugin > > > > which only has a host module (and for bootstrap host == build, so it's > > > > shared there but we still have separate libiberties for host/build...) > > > > > > > > > > We need -fcf-protection only on object files which will be dlopened on > > > CET enabled build and host. > > > > Why is there a distinction between dlopen and execution? IIRC > > ld falls back to non-CET operation when dlopening a non-CET shared object? > > BTW, ld.so refuses to dlopen a legacy shared object after CET has been enabled. > This behavior can be controlled when configuring glibc: > > '--enable-cet' > '--enable-cet=permissive' > Enable Intel Control-flow Enforcement Technology (CET) support. > When the GNU C Library is built with '--enable-cet' or > '--enable-cet=permissive', the resulting library is protected with > indirect branch tracking (IBT) and shadow stack (SHSTK). When CET > is enabled, the GNU C Library is compatible with all existing > executables and shared libraries. This feature is currently > supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or > later. Note that when CET is enabled, the GNU C Library requires > CPUs capable of multi-byte NOPs, like x86-64 processors as well as > Intel Pentium Pro or newer. With '--enable-cet', it is an error to > dlopen a non CET enabled shared library in CET enabled application. > With '--enable-cet=permissive', CET is disabled when dlopening a > non CET enabled shared library in CET enabled application. So getting back to this one of the issues is that --enable-cet is used for both GCC_CET_FLAGS and GCC_CET_HOST_FLAGS where for the host flag part I'd use --enable-cet=auto but for the target library part I definitely want to know if --enable-cet cannot be honored. Your current patch would still prohibit a non-bootstrap build with a host compiler not supporting CET and requesting CET enabled target libraries, thus ../configure --enable-cet --disable-bootstrap would fail. Shouldn't we - for the host part - simply treat 'yes' equal to 'auto'? If not, then we should have --enable-cet-host. Which would be somewhat misleading since cc1 isn't built CET enabled, just lto-plugin.so is, so better --enable-lto-plugin-cet? Thus I'd go with the simpler of both: diff --git a/config/cet.m4 b/config/cet.m4 index d9608699cd5..fb4e4275413 100644 --- a/config/cet.m4 +++ b/config/cet.m4 @@ -64,7 +64,7 @@ case "$host" in save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fcf-protection" case "$enable_cet" in - auto) + auto|yes) # Check if target supports multi-byte NOPs # and if assembler supports CET insn. AC_COMPILE_IFELSE( @@ -80,15 +80,6 @@ asm ("setssbsy"); [enable_cet=yes], [enable_cet=no]) ;; - yes) - # Check if assembler supports CET. - AC_COMPILE_IFELSE( - [AC_LANG_PROGRAM( - [], - [asm ("setssbsy");])], - [], - [AC_MSG_ERROR([assembler with CET support is required for --enable-cet])]) - ;; esac CFLAGS="$save_CFLAGS" ;; is that OK with you? Thanks, Richard. > > But OK, so if we'll allow mixing CET and non-CET objects for the > > gen* link, simply dropping CET enablement, I guess it will work > > as it did before. > > > > Richard. > > > > -- > H.J. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-29 11:01 ` Richard Biener @ 2020-07-29 11:46 ` H.J. Lu 2020-07-29 12:17 ` Richard Biener 2020-07-29 11:46 ` Richard Biener 1 sibling, 1 reply; 17+ messages in thread From: H.J. Lu @ 2020-07-29 11:46 UTC (permalink / raw) To: Richard Biener; +Cc: Richard Biener, GCC Patches, Joseph Myers [-- Attachment #1: Type: text/plain, Size: 5470 bytes --] On Wed, Jul 29, 2020 at 4:01 AM Richard Biener <richard.guenther@gmail.com> wrote: > > On Fri, Jul 17, 2020 at 5:32 PM H.J. Lu via Gcc-patches > <gcc-patches@gcc.gnu.org> wrote: > > > > On Fri, Jul 17, 2020 at 6:27 AM Richard Biener <rguenther@suse.de> wrote: > > > > > > On Fri, 17 Jul 2020, H.J. Lu wrote: > > > > > > > On Fri, Jul 17, 2020 at 12:08 AM Richard Biener <rguenther@suse.de> wrote: > > > > > > > > > > On Wed, 15 Jul 2020, Joseph Myers wrote: > > > > > > > > > > > On Wed, 15 Jul 2020, Richard Biener wrote: > > > > > > > > > > > > > But note one of the issues is that when not cross-compiling we're > > > > > > > using a single libiberty for target and host objects (likewise > > > > > > > > > > > > There shouldn't be a target libiberty, since commit > > > > > > 8499116aa30a46993deff5acf73985df6b16fb8b (re PR regression/47836 (Some > > > > > > Cross Compiler can't build target-libiberty or target-zlib), Wed Jun 22 > > > > > > 19:40:45 2011 +0000). If something is causing target libiberty to be > > > > > > built, that's a bug that should be fixed. > > > > > > > > > > > > > That said, giving configury an idea whether it configures for > > > > > > > the host, the target or the build would be required here - Joseph, > > > > > > > is there an existing mechanism for example libiberty can use > > > > > > > here? > > > > > > > > > > > > Makefile.def has some settings specific to host or build, e.g. > > > > > > > > > > > > build_modules= { module= libcpp; > > > > > > extra_configure_flags='--disable-nls am_cv_func_iconv=no';}; > > > > > > > > > > > > or > > > > > > > > > > > > host_modules= { module= libiberty; bootstrap=true; > > > > > > extra_configure_flags='@extra_host_libiberty_configure_flags@';}; > > > > > > > > > > Ah, OK. Looks like we should be able to add a > > > > > @extra_target_cet_configure_flags@, funnel that to the target_modules > > > > > and keep CET disabled by default in the modules configury. > > > > > > > > > > Similarly (if HJ is correct) we'd need to add > > > > > @extra_{host,build}_cet_configure_flags@ for the purpose of lto-plugin > > > > > which only has a host module (and for bootstrap host == build, so it's > > > > > shared there but we still have separate libiberties for host/build...) > > > > > > > > > > > > > We need -fcf-protection only on object files which will be dlopened on > > > > CET enabled build and host. > > > > > > Why is there a distinction between dlopen and execution? IIRC > > > ld falls back to non-CET operation when dlopening a non-CET shared object? > > > > BTW, ld.so refuses to dlopen a legacy shared object after CET has been enabled. > > This behavior can be controlled when configuring glibc: > > > > '--enable-cet' > > '--enable-cet=permissive' > > Enable Intel Control-flow Enforcement Technology (CET) support. > > When the GNU C Library is built with '--enable-cet' or > > '--enable-cet=permissive', the resulting library is protected with > > indirect branch tracking (IBT) and shadow stack (SHSTK). When CET > > is enabled, the GNU C Library is compatible with all existing > > executables and shared libraries. This feature is currently > > supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or > > later. Note that when CET is enabled, the GNU C Library requires > > CPUs capable of multi-byte NOPs, like x86-64 processors as well as > > Intel Pentium Pro or newer. With '--enable-cet', it is an error to > > dlopen a non CET enabled shared library in CET enabled application. > > With '--enable-cet=permissive', CET is disabled when dlopening a > > non CET enabled shared library in CET enabled application. > > So getting back to this one of the issues is that --enable-cet is used > for both GCC_CET_FLAGS and GCC_CET_HOST_FLAGS where > for the host flag part I'd use --enable-cet=auto but for the target library > part I definitely want to know if --enable-cet cannot be honored. > > Your current patch would still prohibit a non-bootstrap build with a host > compiler not supporting CET and requesting CET enabled target libraries, > thus > > ../configure --enable-cet --disable-bootstrap > > would fail. Shouldn't we - for the host part - simply treat 'yes' equal > to 'auto'? If not, then we should have --enable-cet-host. Which would > be somewhat misleading since cc1 isn't built CET enabled, just > lto-plugin.so is, so better --enable-lto-plugin-cet? > > Thus I'd go with the simpler of both: > > diff --git a/config/cet.m4 b/config/cet.m4 > index d9608699cd5..fb4e4275413 100644 > --- a/config/cet.m4 > +++ b/config/cet.m4 > @@ -64,7 +64,7 @@ case "$host" in > save_CFLAGS="$CFLAGS" > CFLAGS="$CFLAGS -fcf-protection" > case "$enable_cet" in > - auto) > + auto|yes) > # Check if target supports multi-byte NOPs > # and if assembler supports CET insn. > AC_COMPILE_IFELSE( > @@ -80,15 +80,6 @@ asm ("setssbsy"); > [enable_cet=yes], > [enable_cet=no]) > ;; > - yes) > - # Check if assembler supports CET. > - AC_COMPILE_IFELSE( > - [AC_LANG_PROGRAM( > - [], > - [asm ("setssbsy");])], > - [], > - [AC_MSG_ERROR([assembler with CET support is required for > --enable-cet])]) > - ;; > esac > CFLAGS="$save_CFLAGS" > ;; > > is that OK with you? > How about this one instead? -- H.J. [-- Attachment #2: 0001-Require-CET-support-only-for-the-final-GCC-build.patch --] [-- Type: text/x-patch, Size: 15617 bytes --] From 31ae1d29b8e972c6166f008e04535ff4143a12c1 Mon Sep 17 00:00:00 2001 From: "H.J. Lu" <hjl.tools@gmail.com> Date: Wed, 15 Jul 2020 06:16:01 -0700 Subject: [PATCH] Require CET support only for the final GCC build With --enable-cet, require CET support only for the final GCC build. Don't enable CET without CET support for non-bootstrap build, in stage1 nor for build support. config/ PR bootstrap/96202 * cet.m4 (GCC_CET_HOST_FLAGS): Don't enable CET without CET support in stage1 nor for build support. gcc/ PR bootstrap/96202 * configure: Regenerated. libbacktrace/ PR bootstrap/96202 * configure: Regenerated. libcc1/ PR bootstrap/96202 * configure: Regenerated. libcpp/ PR bootstrap/96202 * configure: Regenerated. libdecnumber/ PR bootstrap/96202 * configure: Regenerated. libiberty/ PR bootstrap/96202 * configure: Regenerated. lto-plugin/ PR bootstrap/96202 * configure: Regenerated. --- config/cet.m4 | 23 ++++++++++++++++++----- gcc/configure | 31 +++++++++++++++++++++++-------- libbacktrace/configure | 23 ++++++++++++++++++----- libcc1/configure | 21 +++++++++++++++++---- libcpp/configure | 21 +++++++++++++++++---- libdecnumber/configure | 21 +++++++++++++++++---- libiberty/configure | 21 +++++++++++++++++---- lto-plugin/configure | 25 +++++++++++++++++++------ 8 files changed, 146 insertions(+), 40 deletions(-) diff --git a/config/cet.m4 b/config/cet.m4 index 911fbd46475..c67fb4f35b6 100644 --- a/config/cet.m4 +++ b/config/cet.m4 @@ -13,7 +13,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET insn. cet_save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fcf-protection" AC_COMPILE_IFELSE( @@ -70,7 +70,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [], @@ -85,13 +85,26 @@ asm ("setssbsy"); [enable_cet=no]) ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. AC_COMPILE_IFELSE( [AC_LANG_PROGRAM( [], [asm ("setssbsy");])], - [], - [AC_MSG_ERROR([assembler with CET support is required for --enable-cet])]) + [support_cet=yes], + [support_cet=no]) + if test $support_cet = "no"; then + if test x$enable_bootstrap != xno \ + && test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + AC_MSG_ERROR([compiler and assembler with CET support are required for --enable-cet]) + else + # Don't enable CET without CET support for non-bootstrap + # build, in stage1 nor for build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" diff --git a/gcc/configure b/gcc/configure index 5c31c13f208..21ce66d97e0 100755 --- a/gcc/configure +++ b/gcc/configure @@ -785,10 +785,10 @@ manext LIBICONV_DEP LTLIBICONV LIBICONV -ZSTD_LIB -ZSTD_INCLUDE ZSTD_LDFLAGS ZSTD_CPPFLAGS +ZSTD_LIB +ZSTD_INCLUDE DL_LIB LDEXP_LIB EXTRA_GCC_LIBS @@ -9978,6 +9978,8 @@ ZSTD_LIB= ZSTD_CPPFLAGS= ZSTD_LDFLAGS= + + # Check whether --with-zstd was given. if test "${with_zstd+set}" = set; then : withval=$with_zstd; @@ -19021,7 +19023,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 19022 "configure" +#line 19026 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -19127,7 +19129,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 19128 "configure" +#line 19132 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -30786,7 +30788,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -30812,7 +30814,7 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -30825,11 +30827,24 @@ asm ("setssbsy"); } _ACEOF if ac_fn_cxx_try_compile "$LINENO"; then : - + support_cet=yes else - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 + support_cet=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $support_cet = "no"; then + if test x$enable_bootstrap != xno \ + && test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 + else + # Don't enable CET without CET support for non-bootstrap + # build, in stage1 nor for build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" diff --git a/libbacktrace/configure b/libbacktrace/configure index 37c38e7ac5b..d4b3523e10e 100755 --- a/libbacktrace/configure +++ b/libbacktrace/configure @@ -12169,7 +12169,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET insn. cet_save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fcf-protection" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -12409,7 +12409,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -12435,7 +12435,7 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -12448,11 +12448,24 @@ asm ("setssbsy"); } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - + support_cet=yes else - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 + support_cet=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $support_cet = "no"; then + if test x$enable_bootstrap != xno \ + && test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 + else + # Don't enable CET without CET support for non-bootstrap + # build, in stage1 nor for build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" diff --git a/libcc1/configure b/libcc1/configure index 37dbeac4908..3610219ba65 100755 --- a/libcc1/configure +++ b/libcc1/configure @@ -14565,7 +14565,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -14591,7 +14591,7 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -14604,11 +14604,24 @@ asm ("setssbsy"); } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - + support_cet=yes else - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 + support_cet=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $support_cet = "no"; then + if test x$enable_bootstrap != xno \ + && test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 + else + # Don't enable CET without CET support for non-bootstrap + # build, in stage1 nor for build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" diff --git a/libcpp/configure b/libcpp/configure index 3329e20c392..7e28606f605 100755 --- a/libcpp/configure +++ b/libcpp/configure @@ -7564,7 +7564,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7590,7 +7590,7 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7603,11 +7603,24 @@ asm ("setssbsy"); } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - + support_cet=yes else - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 + support_cet=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $support_cet = "no"; then + if test x$enable_bootstrap != xno \ + && test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 + else + # Don't enable CET without CET support for non-bootstrap + # build, in stage1 nor for build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" diff --git a/libdecnumber/configure b/libdecnumber/configure index df6fdcfbc7f..6b62f8ba665 100755 --- a/libdecnumber/configure +++ b/libdecnumber/configure @@ -5217,7 +5217,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5243,7 +5243,7 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5256,11 +5256,24 @@ asm ("setssbsy"); } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - + support_cet=yes else - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 + support_cet=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $support_cet = "no"; then + if test x$enable_bootstrap != xno \ + && test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 + else + # Don't enable CET without CET support for non-bootstrap + # build, in stage1 nor for build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" diff --git a/libiberty/configure b/libiberty/configure index 1f8e23f0d23..ff93c9ee9a6 100755 --- a/libiberty/configure +++ b/libiberty/configure @@ -5291,7 +5291,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5317,7 +5317,7 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5330,11 +5330,24 @@ asm ("setssbsy"); } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - + support_cet=yes else - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 + support_cet=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $support_cet = "no"; then + if test x$enable_bootstrap != xno \ + && test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 + else + # Don't enable CET without CET support for non-bootstrap + # build, in stage1 nor for build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" diff --git a/lto-plugin/configure b/lto-plugin/configure index 69f6fce05c5..c1dd0cdd147 100755 --- a/lto-plugin/configure +++ b/lto-plugin/configure @@ -5687,7 +5687,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5713,7 +5713,7 @@ fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ;; yes) - # Check if assembler supports CET. + # Check if compiler and assembler support CET. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5726,11 +5726,24 @@ asm ("setssbsy"); } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - + support_cet=yes else - as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5 + support_cet=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $support_cet = "no"; then + if test x$enable_bootstrap != xno \ + && test -z "${with_build_subdir}" \ + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then + # Require CET support only for the final GCC build. + as_fn_error $? "compiler and assembler with CET support are required for --enable-cet" "$LINENO" 5 + else + # Don't enable CET without CET support for non-bootstrap + # build, in stage1 nor for build support. + enable_cet=no + fi + fi ;; esac CFLAGS="$cet_save_CFLAGS" @@ -11947,7 +11960,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11950 "configure" +#line 11963 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -12053,7 +12066,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 12056 "configure" +#line 12069 "configure" #include "confdefs.h" #if HAVE_DLFCN_H -- 2.26.2 ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-29 11:46 ` H.J. Lu @ 2020-07-29 12:17 ` Richard Biener 2020-07-29 13:26 ` Richard Biener 0 siblings, 1 reply; 17+ messages in thread From: Richard Biener @ 2020-07-29 12:17 UTC (permalink / raw) To: H.J. Lu; +Cc: Richard Biener, GCC Patches, Joseph Myers On Wed, 29 Jul 2020, H.J. Lu wrote: > On Wed, Jul 29, 2020 at 4:01 AM Richard Biener > <richard.guenther@gmail.com> wrote: > > > > On Fri, Jul 17, 2020 at 5:32 PM H.J. Lu via Gcc-patches > > <gcc-patches@gcc.gnu.org> wrote: > > > > > > On Fri, Jul 17, 2020 at 6:27 AM Richard Biener <rguenther@suse.de> wrote: > > > > > > > > On Fri, 17 Jul 2020, H.J. Lu wrote: > > > > > > > > > On Fri, Jul 17, 2020 at 12:08 AM Richard Biener <rguenther@suse.de> wrote: > > > > > > > > > > > > On Wed, 15 Jul 2020, Joseph Myers wrote: > > > > > > > > > > > > > On Wed, 15 Jul 2020, Richard Biener wrote: > > > > > > > > > > > > > > > But note one of the issues is that when not cross-compiling we're > > > > > > > > using a single libiberty for target and host objects (likewise > > > > > > > > > > > > > > There shouldn't be a target libiberty, since commit > > > > > > > 8499116aa30a46993deff5acf73985df6b16fb8b (re PR regression/47836 (Some > > > > > > > Cross Compiler can't build target-libiberty or target-zlib), Wed Jun 22 > > > > > > > 19:40:45 2011 +0000). If something is causing target libiberty to be > > > > > > > built, that's a bug that should be fixed. > > > > > > > > > > > > > > > That said, giving configury an idea whether it configures for > > > > > > > > the host, the target or the build would be required here - Joseph, > > > > > > > > is there an existing mechanism for example libiberty can use > > > > > > > > here? > > > > > > > > > > > > > > Makefile.def has some settings specific to host or build, e.g. > > > > > > > > > > > > > > build_modules= { module= libcpp; > > > > > > > extra_configure_flags='--disable-nls am_cv_func_iconv=no';}; > > > > > > > > > > > > > > or > > > > > > > > > > > > > > host_modules= { module= libiberty; bootstrap=true; > > > > > > > extra_configure_flags='@extra_host_libiberty_configure_flags@';}; > > > > > > > > > > > > Ah, OK. Looks like we should be able to add a > > > > > > @extra_target_cet_configure_flags@, funnel that to the target_modules > > > > > > and keep CET disabled by default in the modules configury. > > > > > > > > > > > > Similarly (if HJ is correct) we'd need to add > > > > > > @extra_{host,build}_cet_configure_flags@ for the purpose of lto-plugin > > > > > > which only has a host module (and for bootstrap host == build, so it's > > > > > > shared there but we still have separate libiberties for host/build...) > > > > > > > > > > > > > > > > We need -fcf-protection only on object files which will be dlopened on > > > > > CET enabled build and host. > > > > > > > > Why is there a distinction between dlopen and execution? IIRC > > > > ld falls back to non-CET operation when dlopening a non-CET shared object? > > > > > > BTW, ld.so refuses to dlopen a legacy shared object after CET has been enabled. > > > This behavior can be controlled when configuring glibc: > > > > > > '--enable-cet' > > > '--enable-cet=permissive' > > > Enable Intel Control-flow Enforcement Technology (CET) support. > > > When the GNU C Library is built with '--enable-cet' or > > > '--enable-cet=permissive', the resulting library is protected with > > > indirect branch tracking (IBT) and shadow stack (SHSTK). When CET > > > is enabled, the GNU C Library is compatible with all existing > > > executables and shared libraries. This feature is currently > > > supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or > > > later. Note that when CET is enabled, the GNU C Library requires > > > CPUs capable of multi-byte NOPs, like x86-64 processors as well as > > > Intel Pentium Pro or newer. With '--enable-cet', it is an error to > > > dlopen a non CET enabled shared library in CET enabled application. > > > With '--enable-cet=permissive', CET is disabled when dlopening a > > > non CET enabled shared library in CET enabled application. > > > > So getting back to this one of the issues is that --enable-cet is used > > for both GCC_CET_FLAGS and GCC_CET_HOST_FLAGS where > > for the host flag part I'd use --enable-cet=auto but for the target library > > part I definitely want to know if --enable-cet cannot be honored. > > > > Your current patch would still prohibit a non-bootstrap build with a host > > compiler not supporting CET and requesting CET enabled target libraries, > > thus > > > > ../configure --enable-cet --disable-bootstrap > > > > would fail. Shouldn't we - for the host part - simply treat 'yes' equal > > to 'auto'? If not, then we should have --enable-cet-host. Which would > > be somewhat misleading since cc1 isn't built CET enabled, just > > lto-plugin.so is, so better --enable-lto-plugin-cet? > > > > Thus I'd go with the simpler of both: > > > > diff --git a/config/cet.m4 b/config/cet.m4 > > index d9608699cd5..fb4e4275413 100644 > > --- a/config/cet.m4 > > +++ b/config/cet.m4 > > @@ -64,7 +64,7 @@ case "$host" in > > save_CFLAGS="$CFLAGS" > > CFLAGS="$CFLAGS -fcf-protection" > > case "$enable_cet" in > > - auto) > > + auto|yes) > > # Check if target supports multi-byte NOPs > > # and if assembler supports CET insn. > > AC_COMPILE_IFELSE( > > @@ -80,15 +80,6 @@ asm ("setssbsy"); > > [enable_cet=yes], > > [enable_cet=no]) > > ;; > > - yes) > > - # Check if assembler supports CET. > > - AC_COMPILE_IFELSE( > > - [AC_LANG_PROGRAM( > > - [], > > - [asm ("setssbsy");])], > > - [], > > - [AC_MSG_ERROR([assembler with CET support is required for > > --enable-cet])]) > > - ;; > > esac > > CFLAGS="$save_CFLAGS" > > ;; > > > > is that OK with you? > > > > How about this one instead? It still has + && (test ! -f ../stage_current \ + || test `cat ../stage_current` != "stage1"); then which I find ugly since it depends on directory layout. Thinking about the LTO plugin issue again I wonder in which case we end up using the stage1 lto-plugin? Shouldn't stage2-gcc use the stage2 lto-plugin which should pass the CET test? Thus, a extra_stage1_configure_flags=--disable-cet for the libiberty and lto-plugin modules should work, too, with Makefile.tpl getting taught about this via [+ IF extra_stage[+id+]_configure_flags +] \ [+extra_stage[+id+]_configure_flags+][+ ENDIF extra_stage[+id+]_configure_flags +] where it hopefully supports nested [+ +], otherwise some IF id == 1 and expanding [+extra_stage1_configure_flags+] only. For the non-bootstrap case there's another place where extra_configure_flags is expanded which we might run into with --disable-bootstrap (not sure). The other idea was to make sth like POSTSTAGE1 available in the environment so your test above can check for that instead. There's already POSTSTAGE1_FLAGS_TO_PAS and STAGE1_FLAGS_TO_PASS (extra arguments to make), adding POSTSTAGE1=1 to POSTSTAGE1_FLAGS_TO_PASS might be enough. Richard. -- Richard Biener <rguenther@suse.de> SUSE Software Solutions Germany GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany; GF: Felix Imendörffer; HRB 36809 (AG Nuernberg) ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-29 12:17 ` Richard Biener @ 2020-07-29 13:26 ` Richard Biener 2020-07-29 19:30 ` Joseph Myers 0 siblings, 1 reply; 17+ messages in thread From: Richard Biener @ 2020-07-29 13:26 UTC (permalink / raw) To: H.J. Lu; +Cc: Richard Biener, GCC Patches, Joseph Myers On Wed, 29 Jul 2020, Richard Biener wrote: > On Wed, 29 Jul 2020, H.J. Lu wrote: > > > On Wed, Jul 29, 2020 at 4:01 AM Richard Biener > > <richard.guenther@gmail.com> wrote: > > > > > > On Fri, Jul 17, 2020 at 5:32 PM H.J. Lu via Gcc-patches > > > <gcc-patches@gcc.gnu.org> wrote: > > > > > > > > On Fri, Jul 17, 2020 at 6:27 AM Richard Biener <rguenther@suse.de> wrote: > > > > > > > > > > On Fri, 17 Jul 2020, H.J. Lu wrote: > > > > > > > > > > > On Fri, Jul 17, 2020 at 12:08 AM Richard Biener <rguenther@suse.de> wrote: > > > > > > > > > > > > > > On Wed, 15 Jul 2020, Joseph Myers wrote: > > > > > > > > > > > > > > > On Wed, 15 Jul 2020, Richard Biener wrote: > > > > > > > > > > > > > > > > > But note one of the issues is that when not cross-compiling we're > > > > > > > > > using a single libiberty for target and host objects (likewise > > > > > > > > > > > > > > > > There shouldn't be a target libiberty, since commit > > > > > > > > 8499116aa30a46993deff5acf73985df6b16fb8b (re PR regression/47836 (Some > > > > > > > > Cross Compiler can't build target-libiberty or target-zlib), Wed Jun 22 > > > > > > > > 19:40:45 2011 +0000). If something is causing target libiberty to be > > > > > > > > built, that's a bug that should be fixed. > > > > > > > > > > > > > > > > > That said, giving configury an idea whether it configures for > > > > > > > > > the host, the target or the build would be required here - Joseph, > > > > > > > > > is there an existing mechanism for example libiberty can use > > > > > > > > > here? > > > > > > > > > > > > > > > > Makefile.def has some settings specific to host or build, e.g. > > > > > > > > > > > > > > > > build_modules= { module= libcpp; > > > > > > > > extra_configure_flags='--disable-nls am_cv_func_iconv=no';}; > > > > > > > > > > > > > > > > or > > > > > > > > > > > > > > > > host_modules= { module= libiberty; bootstrap=true; > > > > > > > > extra_configure_flags='@extra_host_libiberty_configure_flags@';}; > > > > > > > > > > > > > > Ah, OK. Looks like we should be able to add a > > > > > > > @extra_target_cet_configure_flags@, funnel that to the target_modules > > > > > > > and keep CET disabled by default in the modules configury. > > > > > > > > > > > > > > Similarly (if HJ is correct) we'd need to add > > > > > > > @extra_{host,build}_cet_configure_flags@ for the purpose of lto-plugin > > > > > > > which only has a host module (and for bootstrap host == build, so it's > > > > > > > shared there but we still have separate libiberties for host/build...) > > > > > > > > > > > > > > > > > > > We need -fcf-protection only on object files which will be dlopened on > > > > > > CET enabled build and host. > > > > > > > > > > Why is there a distinction between dlopen and execution? IIRC > > > > > ld falls back to non-CET operation when dlopening a non-CET shared object? > > > > > > > > BTW, ld.so refuses to dlopen a legacy shared object after CET has been enabled. > > > > This behavior can be controlled when configuring glibc: > > > > > > > > '--enable-cet' > > > > '--enable-cet=permissive' > > > > Enable Intel Control-flow Enforcement Technology (CET) support. > > > > When the GNU C Library is built with '--enable-cet' or > > > > '--enable-cet=permissive', the resulting library is protected with > > > > indirect branch tracking (IBT) and shadow stack (SHSTK). When CET > > > > is enabled, the GNU C Library is compatible with all existing > > > > executables and shared libraries. This feature is currently > > > > supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or > > > > later. Note that when CET is enabled, the GNU C Library requires > > > > CPUs capable of multi-byte NOPs, like x86-64 processors as well as > > > > Intel Pentium Pro or newer. With '--enable-cet', it is an error to > > > > dlopen a non CET enabled shared library in CET enabled application. > > > > With '--enable-cet=permissive', CET is disabled when dlopening a > > > > non CET enabled shared library in CET enabled application. > > > > > > So getting back to this one of the issues is that --enable-cet is used > > > for both GCC_CET_FLAGS and GCC_CET_HOST_FLAGS where > > > for the host flag part I'd use --enable-cet=auto but for the target library > > > part I definitely want to know if --enable-cet cannot be honored. > > > > > > Your current patch would still prohibit a non-bootstrap build with a host > > > compiler not supporting CET and requesting CET enabled target libraries, > > > thus > > > > > > ../configure --enable-cet --disable-bootstrap > > > > > > would fail. Shouldn't we - for the host part - simply treat 'yes' equal > > > to 'auto'? If not, then we should have --enable-cet-host. Which would > > > be somewhat misleading since cc1 isn't built CET enabled, just > > > lto-plugin.so is, so better --enable-lto-plugin-cet? > > > > > > Thus I'd go with the simpler of both: > > > > > > diff --git a/config/cet.m4 b/config/cet.m4 > > > index d9608699cd5..fb4e4275413 100644 > > > --- a/config/cet.m4 > > > +++ b/config/cet.m4 > > > @@ -64,7 +64,7 @@ case "$host" in > > > save_CFLAGS="$CFLAGS" > > > CFLAGS="$CFLAGS -fcf-protection" > > > case "$enable_cet" in > > > - auto) > > > + auto|yes) > > > # Check if target supports multi-byte NOPs > > > # and if assembler supports CET insn. > > > AC_COMPILE_IFELSE( > > > @@ -80,15 +80,6 @@ asm ("setssbsy"); > > > [enable_cet=yes], > > > [enable_cet=no]) > > > ;; > > > - yes) > > > - # Check if assembler supports CET. > > > - AC_COMPILE_IFELSE( > > > - [AC_LANG_PROGRAM( > > > - [], > > > - [asm ("setssbsy");])], > > > - [], > > > - [AC_MSG_ERROR([assembler with CET support is required for > > > --enable-cet])]) > > > - ;; > > > esac > > > CFLAGS="$save_CFLAGS" > > > ;; > > > > > > is that OK with you? > > > > > > > How about this one instead? > > It still has > > + && (test ! -f ../stage_current \ > + || test `cat ../stage_current` != "stage1"); then > > which I find ugly since it depends on directory layout. > > Thinking about the LTO plugin issue again I wonder in which case > we end up using the stage1 lto-plugin? Shouldn't stage2-gcc > use the stage2 lto-plugin which should pass the CET test? Thus, > a extra_stage1_configure_flags=--disable-cet for the libiberty > and lto-plugin modules should work, too, with Makefile.tpl > getting taught about this via > > [+ IF extra_stage[+id+]_configure_flags +] \ > [+extra_stage[+id+]_configure_flags+][+ ENDIF > extra_stage[+id+]_configure_flags +] > > where it hopefully supports nested [+ +], otherwise some > IF id == 1 and expanding [+extra_stage1_configure_flags+] only. > > For the non-bootstrap case there's another place where > extra_configure_flags is expanded which we might run into > with --disable-bootstrap (not sure). > > The other idea was to make sth like POSTSTAGE1 available > in the environment so your test above can check for that > instead. There's already POSTSTAGE1_FLAGS_TO_PAS and > STAGE1_FLAGS_TO_PASS (extra arguments to make), adding > POSTSTAGE1=1 to POSTSTAGE1_FLAGS_TO_PASS might be enough. I can't get the latter to work without more changes though, the make arguments do not end up in the environment. Note that any workable solution is fine with me, I just don't feel comfortable approving the solution involving ../curr_stage and friends. Joseph, would HJs latest patch be OK technically? Thanks, Richard. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-29 13:26 ` Richard Biener @ 2020-07-29 19:30 ` Joseph Myers 2020-07-30 12:27 ` Richard Biener 0 siblings, 1 reply; 17+ messages in thread From: Joseph Myers @ 2020-07-29 19:30 UTC (permalink / raw) To: Richard Biener; +Cc: H.J. Lu, GCC Patches On Wed, 29 Jul 2020, Richard Biener wrote: > Note that any workable solution is fine with me, I just > don't feel comfortable approving the solution involving > ../curr_stage and friends. Joseph, would HJs latest > patch be OK technically? Yes, I think that's OK. -- Joseph S. Myers joseph@codesourcery.com ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-29 19:30 ` Joseph Myers @ 2020-07-30 12:27 ` Richard Biener 0 siblings, 0 replies; 17+ messages in thread From: Richard Biener @ 2020-07-30 12:27 UTC (permalink / raw) To: Joseph Myers; +Cc: H.J. Lu, GCC Patches On Wed, 29 Jul 2020, Joseph Myers wrote: > On Wed, 29 Jul 2020, Richard Biener wrote: > > > Note that any workable solution is fine with me, I just > > don't feel comfortable approving the solution involving > > ../curr_stage and friends. Joseph, would HJs latest > > patch be OK technically? > > Yes, I think that's OK. Thus the patch is OK then. Thanks HJ, Richard. ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH] Require CET support only for the final GCC build 2020-07-29 11:01 ` Richard Biener 2020-07-29 11:46 ` H.J. Lu @ 2020-07-29 11:46 ` Richard Biener 1 sibling, 0 replies; 17+ messages in thread From: Richard Biener @ 2020-07-29 11:46 UTC (permalink / raw) To: Richard Biener; +Cc: H.J. Lu, GCC Patches, Joseph Myers On Wed, 29 Jul 2020, Richard Biener wrote: > On Fri, Jul 17, 2020 at 5:32 PM H.J. Lu via Gcc-patches > <gcc-patches@gcc.gnu.org> wrote: > > > > On Fri, Jul 17, 2020 at 6:27 AM Richard Biener <rguenther@suse.de> wrote: > > > > > > On Fri, 17 Jul 2020, H.J. Lu wrote: > > > > > > > On Fri, Jul 17, 2020 at 12:08 AM Richard Biener <rguenther@suse.de> wrote: > > > > > > > > > > On Wed, 15 Jul 2020, Joseph Myers wrote: > > > > > > > > > > > On Wed, 15 Jul 2020, Richard Biener wrote: > > > > > > > > > > > > > But note one of the issues is that when not cross-compiling we're > > > > > > > using a single libiberty for target and host objects (likewise > > > > > > > > > > > > There shouldn't be a target libiberty, since commit > > > > > > 8499116aa30a46993deff5acf73985df6b16fb8b (re PR regression/47836 (Some > > > > > > Cross Compiler can't build target-libiberty or target-zlib), Wed Jun 22 > > > > > > 19:40:45 2011 +0000). If something is causing target libiberty to be > > > > > > built, that's a bug that should be fixed. > > > > > > > > > > > > > That said, giving configury an idea whether it configures for > > > > > > > the host, the target or the build would be required here - Joseph, > > > > > > > is there an existing mechanism for example libiberty can use > > > > > > > here? > > > > > > > > > > > > Makefile.def has some settings specific to host or build, e.g. > > > > > > > > > > > > build_modules= { module= libcpp; > > > > > > extra_configure_flags='--disable-nls am_cv_func_iconv=no';}; > > > > > > > > > > > > or > > > > > > > > > > > > host_modules= { module= libiberty; bootstrap=true; > > > > > > extra_configure_flags='@extra_host_libiberty_configure_flags@';}; > > > > > > > > > > Ah, OK. Looks like we should be able to add a > > > > > @extra_target_cet_configure_flags@, funnel that to the target_modules > > > > > and keep CET disabled by default in the modules configury. > > > > > > > > > > Similarly (if HJ is correct) we'd need to add > > > > > @extra_{host,build}_cet_configure_flags@ for the purpose of lto-plugin > > > > > which only has a host module (and for bootstrap host == build, so it's > > > > > shared there but we still have separate libiberties for host/build...) > > > > > > > > > > > > > We need -fcf-protection only on object files which will be dlopened on > > > > CET enabled build and host. > > > > > > Why is there a distinction between dlopen and execution? IIRC > > > ld falls back to non-CET operation when dlopening a non-CET shared object? > > > > BTW, ld.so refuses to dlopen a legacy shared object after CET has been enabled. > > This behavior can be controlled when configuring glibc: > > > > '--enable-cet' > > '--enable-cet=permissive' > > Enable Intel Control-flow Enforcement Technology (CET) support. > > When the GNU C Library is built with '--enable-cet' or > > '--enable-cet=permissive', the resulting library is protected with > > indirect branch tracking (IBT) and shadow stack (SHSTK). When CET > > is enabled, the GNU C Library is compatible with all existing > > executables and shared libraries. This feature is currently > > supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or > > later. Note that when CET is enabled, the GNU C Library requires > > CPUs capable of multi-byte NOPs, like x86-64 processors as well as > > Intel Pentium Pro or newer. With '--enable-cet', it is an error to > > dlopen a non CET enabled shared library in CET enabled application. > > With '--enable-cet=permissive', CET is disabled when dlopening a > > non CET enabled shared library in CET enabled application. > > So getting back to this one of the issues is that --enable-cet is used > for both GCC_CET_FLAGS and GCC_CET_HOST_FLAGS where > for the host flag part I'd use --enable-cet=auto but for the target library > part I definitely want to know if --enable-cet cannot be honored. > > Your current patch would still prohibit a non-bootstrap build with a host > compiler not supporting CET and requesting CET enabled target libraries, > thus > > ../configure --enable-cet --disable-bootstrap > > would fail. Shouldn't we - for the host part - simply treat 'yes' equal > to 'auto'? If not, then we should have --enable-cet-host. Which would > be somewhat misleading since cc1 isn't built CET enabled, just > lto-plugin.so is, so better --enable-lto-plugin-cet? > > Thus I'd go with the simpler of both: > > diff --git a/config/cet.m4 b/config/cet.m4 > index d9608699cd5..fb4e4275413 100644 > --- a/config/cet.m4 > +++ b/config/cet.m4 > @@ -64,7 +64,7 @@ case "$host" in > save_CFLAGS="$CFLAGS" > CFLAGS="$CFLAGS -fcf-protection" > case "$enable_cet" in > - auto) > + auto|yes) > # Check if target supports multi-byte NOPs > # and if assembler supports CET insn. > AC_COMPILE_IFELSE( > @@ -80,15 +80,6 @@ asm ("setssbsy"); > [enable_cet=yes], > [enable_cet=no]) > ;; > - yes) > - # Check if assembler supports CET. > - AC_COMPILE_IFELSE( > - [AC_LANG_PROGRAM( > - [], > - [asm ("setssbsy");])], > - [], > - [AC_MSG_ERROR([assembler with CET support is required for > --enable-cet])]) > - ;; > esac > CFLAGS="$save_CFLAGS" > ;; > > is that OK with you? Verified it fixes bootstrap & non-bootstrap with --enable-cet and a GCC 7 host compiler. I also verified the target libs are built CET enabled (starting with stage1) and that lto-plugin is as well (post stage1 but not when not bootstrapping). Richard. > Thanks, > Richard. > > > > But OK, so if we'll allow mixing CET and non-CET objects for the > > > gen* link, simply dropping CET enablement, I guess it will work > > > as it did before. > > > > > > Richard. > > > > > > > > -- > > H.J. > -- Richard Biener <rguenther@suse.de> SUSE Software Solutions Germany GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany; GF: Felix Imendörffer; HRB 36809 (AG Nuernberg) ^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2020-07-30 12:27 UTC | newest] Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-07-15 14:47 [PATCH] Require CET support only for the final GCC build H.J. Lu 2020-07-15 15:20 ` Richard Biener 2020-07-15 15:26 ` H.J. Lu 2020-07-17 7:03 ` Richard Biener 2020-07-17 12:41 ` H.J. Lu 2020-07-15 17:16 ` Joseph Myers 2020-07-17 7:08 ` Richard Biener 2020-07-17 12:42 ` H.J. Lu 2020-07-17 13:27 ` Richard Biener 2020-07-17 13:46 ` H.J. Lu 2020-07-29 11:01 ` Richard Biener 2020-07-29 11:46 ` H.J. Lu 2020-07-29 12:17 ` Richard Biener 2020-07-29 13:26 ` Richard Biener 2020-07-29 19:30 ` Joseph Myers 2020-07-30 12:27 ` Richard Biener 2020-07-29 11:46 ` Richard Biener
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).