public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed
From: Marek Polacek <polacek@redhat.com>
To: Jakub Jelinek <jakub@redhat.com>
Cc: GCC Patches <gcc-patches@gcc.gnu.org>
Subject: [PATCH v2] target: missing -Whardened with -fcf-protection=none [PR114606]
Date: Fri, 5 Apr 2024 14:37:08 -0400	[thread overview]
Message-ID: <ZhBE1LBmt2m6NZIC@redhat.com> (raw)
In-Reply-To: <ZhBCuEkKmOpSaCN6@tucnak>

On Fri, Apr 05, 2024 at 08:28:08PM +0200, Jakub Jelinek wrote:
> On Fri, Apr 05, 2024 at 02:22:18PM -0400, Marek Polacek wrote:
> > Bootstrapped/regtested on x86_64-pc-linux-gnu, ok for trunk?
> > 
> > -- >8 --
> > -Whardened warns when -fhardened couldn't enable a hardening option
> > because that option was disabled on the command line, e.g.:
> > 
> > $ ./cc1plus -quiet g.C -fhardened -O2 -fstack-protector
> > cc1plus: warning: '-fstack-protector-strong' is not enabled by '-fhardened' because it was specified on the command line [-Whardened]
> > 
> > but it doesn't work as expected with -fcf-protection=none:
> > 
> > $ ./cc1plus -quiet g.C -fhardened -O2 -fcf-protection=none
> > 
> > because we're checking == CF_NONE which doesn't distinguish between nothing
> > and -fcf-protection=none.  I should have used OPTION_SET_P, like below.
> > 
> > 	PR target/114606
> > 
> > gcc/ChangeLog:
> > 
> > 	* config/i386/i386-options.cc (ix86_option_override_internal): Use
> > 	OPTION_SET_P rather than checking == CF_NONE.
> > 
> > gcc/testsuite/ChangeLog:
> > 
> > 	* gcc.target/i386/fhardened-1.c: New test.
> > 	* gcc.target/i386/fhardened-2.c: New test.
> > ---
> >  gcc/config/i386/i386-options.cc             | 2 +-
> >  gcc/testsuite/gcc.target/i386/fhardened-1.c | 8 ++++++++
> >  gcc/testsuite/gcc.target/i386/fhardened-2.c | 8 ++++++++
> >  3 files changed, 17 insertions(+), 1 deletion(-)
> >  create mode 100644 gcc/testsuite/gcc.target/i386/fhardened-1.c
> >  create mode 100644 gcc/testsuite/gcc.target/i386/fhardened-2.c
> > 
> > diff --git a/gcc/config/i386/i386-options.cc b/gcc/config/i386/i386-options.cc
> > index 7896d576977..20c6dc48090 100644
> > --- a/gcc/config/i386/i386-options.cc
> > +++ b/gcc/config/i386/i386-options.cc
> > @@ -3242,7 +3242,7 @@ ix86_option_override_internal (bool main_args_p,
> >       on the command line.  */
> >    if (opts->x_flag_hardened && cf_okay_p)
> >      {
> > -      if (opts->x_flag_cf_protection == CF_NONE)
> > +      if (!OPTION_SET_P (flag_cf_protection))
> 
> This function is passed explicit opts and opts_set arguments, so it
> shouldn't be using flag_something macros nor OPTION_SET_P, as the former
> use global_options.x_flag_something rather than opts->x_flag_something
> and the latter uses global_options_set.x_flag_something.

Ah right, so the other uses of OPTION_SET_P in ix86_option_override_internal
are also wrong?

> So, I think you want to use if (!opts_set->x_flag_cf_protection)
> instead.

Fixed below, thanks.

New tests passed on x86_64-pc-linux-gnu, ok for trunk?

-- >8 --
-Whardened warns when -fhardened couldn't enable a hardening option
because that option was disabled on the command line, e.g.:

$ ./cc1plus -quiet g.C -fhardened -O2 -fstack-protector
cc1plus: warning: '-fstack-protector-strong' is not enabled by '-fhardened' because it was specified on the command line [-Whardened]

but it doesn't work as expected with -fcf-protection=none:

$ ./cc1plus -quiet g.C -fhardened -O2 -fcf-protection=none

because we're checking == CF_NONE which doesn't distinguish between nothing
and -fcf-protection=none.  I should have used opts_set, like below.

	PR target/114606

gcc/ChangeLog:

	* config/i386/i386-options.cc (ix86_option_override_internal): Use
	opts_set rather than checking == CF_NONE.

gcc/testsuite/ChangeLog:

	* gcc.target/i386/fhardened-1.c: New test.
	* gcc.target/i386/fhardened-2.c: New test.
---
 gcc/config/i386/i386-options.cc             | 2 +-
 gcc/testsuite/gcc.target/i386/fhardened-1.c | 8 ++++++++
 gcc/testsuite/gcc.target/i386/fhardened-2.c | 8 ++++++++
 3 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 gcc/testsuite/gcc.target/i386/fhardened-1.c
 create mode 100644 gcc/testsuite/gcc.target/i386/fhardened-2.c

diff --git a/gcc/config/i386/i386-options.cc b/gcc/config/i386/i386-options.cc
index 7896d576977..68a2e1c6910 100644
--- a/gcc/config/i386/i386-options.cc
+++ b/gcc/config/i386/i386-options.cc
@@ -3242,7 +3242,7 @@ ix86_option_override_internal (bool main_args_p,
      on the command line.  */
   if (opts->x_flag_hardened && cf_okay_p)
     {
-      if (opts->x_flag_cf_protection == CF_NONE)
+      if (!opts_set->x_flag_cf_protection)
 	opts->x_flag_cf_protection = CF_FULL;
       else if (opts->x_flag_cf_protection != CF_FULL)
 	warning_at (UNKNOWN_LOCATION, OPT_Whardened,
diff --git a/gcc/testsuite/gcc.target/i386/fhardened-1.c b/gcc/testsuite/gcc.target/i386/fhardened-1.c
new file mode 100644
index 00000000000..55d1718ff55
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/fhardened-1.c
@@ -0,0 +1,8 @@
+/* PR target/114606 */
+/* { dg-options "-fhardened -O2 -fcf-protection=none" } */
+
+#ifdef __CET__
+# error "-fcf-protection enabled when it should not be"
+#endif
+
+/* { dg-warning ".-fcf-protection=full. is not enabled by .-fhardened. because it was specified" "" { target *-*-* } 0 } */
diff --git a/gcc/testsuite/gcc.target/i386/fhardened-2.c b/gcc/testsuite/gcc.target/i386/fhardened-2.c
new file mode 100644
index 00000000000..9b8c1381c19
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/fhardened-2.c
@@ -0,0 +1,8 @@
+/* PR target/114606 */
+/* { dg-options "-fhardened -O2" } */
+
+#if __CET__ != 3
+# error "-fcf-protection not enabled"
+#endif
+
+/* { dg-bogus ".-fcf-protection=full. is not enabled by .-fhardened. because it was specified" "" { target *-*-* } 0 } */

base-commit: 75b49c0e9012f5ecef0d32f3f6a0d8da66517576
-- 
2.44.0


  reply	other threads:[~2024-04-05 18:37 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-05 18:22 [PATCH] " Marek Polacek
2024-04-05 18:28 ` Jakub Jelinek
2024-04-05 18:37   ` Marek Polacek [this message]
2024-04-10 17:53     ` [PATCH v2] " Jakub Jelinek

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ZhBE1LBmt2m6NZIC@redhat.com \
    --to=polacek@redhat.com \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=jakub@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).