From: Marek Polacek <polacek@redhat.com>
To: Jakub Jelinek <jakub@redhat.com>
Cc: GCC Patches <gcc-patches@gcc.gnu.org>
Subject: [PATCH v2] target: missing -Whardened with -fcf-protection=none [PR114606]
Date: Fri, 5 Apr 2024 14:37:08 -0400 [thread overview]
Message-ID: <ZhBE1LBmt2m6NZIC@redhat.com> (raw)
In-Reply-To: <ZhBCuEkKmOpSaCN6@tucnak>
On Fri, Apr 05, 2024 at 08:28:08PM +0200, Jakub Jelinek wrote:
> On Fri, Apr 05, 2024 at 02:22:18PM -0400, Marek Polacek wrote:
> > Bootstrapped/regtested on x86_64-pc-linux-gnu, ok for trunk?
> >
> > -- >8 --
> > -Whardened warns when -fhardened couldn't enable a hardening option
> > because that option was disabled on the command line, e.g.:
> >
> > $ ./cc1plus -quiet g.C -fhardened -O2 -fstack-protector
> > cc1plus: warning: '-fstack-protector-strong' is not enabled by '-fhardened' because it was specified on the command line [-Whardened]
> >
> > but it doesn't work as expected with -fcf-protection=none:
> >
> > $ ./cc1plus -quiet g.C -fhardened -O2 -fcf-protection=none
> >
> > because we're checking == CF_NONE which doesn't distinguish between nothing
> > and -fcf-protection=none. I should have used OPTION_SET_P, like below.
> >
> > PR target/114606
> >
> > gcc/ChangeLog:
> >
> > * config/i386/i386-options.cc (ix86_option_override_internal): Use
> > OPTION_SET_P rather than checking == CF_NONE.
> >
> > gcc/testsuite/ChangeLog:
> >
> > * gcc.target/i386/fhardened-1.c: New test.
> > * gcc.target/i386/fhardened-2.c: New test.
> > ---
> > gcc/config/i386/i386-options.cc | 2 +-
> > gcc/testsuite/gcc.target/i386/fhardened-1.c | 8 ++++++++
> > gcc/testsuite/gcc.target/i386/fhardened-2.c | 8 ++++++++
> > 3 files changed, 17 insertions(+), 1 deletion(-)
> > create mode 100644 gcc/testsuite/gcc.target/i386/fhardened-1.c
> > create mode 100644 gcc/testsuite/gcc.target/i386/fhardened-2.c
> >
> > diff --git a/gcc/config/i386/i386-options.cc b/gcc/config/i386/i386-options.cc
> > index 7896d576977..20c6dc48090 100644
> > --- a/gcc/config/i386/i386-options.cc
> > +++ b/gcc/config/i386/i386-options.cc
> > @@ -3242,7 +3242,7 @@ ix86_option_override_internal (bool main_args_p,
> > on the command line. */
> > if (opts->x_flag_hardened && cf_okay_p)
> > {
> > - if (opts->x_flag_cf_protection == CF_NONE)
> > + if (!OPTION_SET_P (flag_cf_protection))
>
> This function is passed explicit opts and opts_set arguments, so it
> shouldn't be using flag_something macros nor OPTION_SET_P, as the former
> use global_options.x_flag_something rather than opts->x_flag_something
> and the latter uses global_options_set.x_flag_something.
Ah right, so the other uses of OPTION_SET_P in ix86_option_override_internal
are also wrong?
> So, I think you want to use if (!opts_set->x_flag_cf_protection)
> instead.
Fixed below, thanks.
New tests passed on x86_64-pc-linux-gnu, ok for trunk?
-- >8 --
-Whardened warns when -fhardened couldn't enable a hardening option
because that option was disabled on the command line, e.g.:
$ ./cc1plus -quiet g.C -fhardened -O2 -fstack-protector
cc1plus: warning: '-fstack-protector-strong' is not enabled by '-fhardened' because it was specified on the command line [-Whardened]
but it doesn't work as expected with -fcf-protection=none:
$ ./cc1plus -quiet g.C -fhardened -O2 -fcf-protection=none
because we're checking == CF_NONE which doesn't distinguish between nothing
and -fcf-protection=none. I should have used opts_set, like below.
PR target/114606
gcc/ChangeLog:
* config/i386/i386-options.cc (ix86_option_override_internal): Use
opts_set rather than checking == CF_NONE.
gcc/testsuite/ChangeLog:
* gcc.target/i386/fhardened-1.c: New test.
* gcc.target/i386/fhardened-2.c: New test.
---
gcc/config/i386/i386-options.cc | 2 +-
gcc/testsuite/gcc.target/i386/fhardened-1.c | 8 ++++++++
gcc/testsuite/gcc.target/i386/fhardened-2.c | 8 ++++++++
3 files changed, 17 insertions(+), 1 deletion(-)
create mode 100644 gcc/testsuite/gcc.target/i386/fhardened-1.c
create mode 100644 gcc/testsuite/gcc.target/i386/fhardened-2.c
diff --git a/gcc/config/i386/i386-options.cc b/gcc/config/i386/i386-options.cc
index 7896d576977..68a2e1c6910 100644
--- a/gcc/config/i386/i386-options.cc
+++ b/gcc/config/i386/i386-options.cc
@@ -3242,7 +3242,7 @@ ix86_option_override_internal (bool main_args_p,
on the command line. */
if (opts->x_flag_hardened && cf_okay_p)
{
- if (opts->x_flag_cf_protection == CF_NONE)
+ if (!opts_set->x_flag_cf_protection)
opts->x_flag_cf_protection = CF_FULL;
else if (opts->x_flag_cf_protection != CF_FULL)
warning_at (UNKNOWN_LOCATION, OPT_Whardened,
diff --git a/gcc/testsuite/gcc.target/i386/fhardened-1.c b/gcc/testsuite/gcc.target/i386/fhardened-1.c
new file mode 100644
index 00000000000..55d1718ff55
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/fhardened-1.c
@@ -0,0 +1,8 @@
+/* PR target/114606 */
+/* { dg-options "-fhardened -O2 -fcf-protection=none" } */
+
+#ifdef __CET__
+# error "-fcf-protection enabled when it should not be"
+#endif
+
+/* { dg-warning ".-fcf-protection=full. is not enabled by .-fhardened. because it was specified" "" { target *-*-* } 0 } */
diff --git a/gcc/testsuite/gcc.target/i386/fhardened-2.c b/gcc/testsuite/gcc.target/i386/fhardened-2.c
new file mode 100644
index 00000000000..9b8c1381c19
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/fhardened-2.c
@@ -0,0 +1,8 @@
+/* PR target/114606 */
+/* { dg-options "-fhardened -O2" } */
+
+#if __CET__ != 3
+# error "-fcf-protection not enabled"
+#endif
+
+/* { dg-bogus ".-fcf-protection=full. is not enabled by .-fhardened. because it was specified" "" { target *-*-* } 0 } */
base-commit: 75b49c0e9012f5ecef0d32f3f6a0d8da66517576
--
2.44.0
next prev parent reply other threads:[~2024-04-05 18:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-05 18:22 [PATCH] " Marek Polacek
2024-04-05 18:28 ` Jakub Jelinek
2024-04-05 18:37 ` Marek Polacek [this message]
2024-04-10 17:53 ` [PATCH v2] " Jakub Jelinek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZhBE1LBmt2m6NZIC@redhat.com \
--to=polacek@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=jakub@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).