From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 1039) id 321283858D1E; Mon, 1 Jan 2024 23:56:41 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 321283858D1E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1704153401; bh=jEOVqO6IUiSXjC4H7h2lpxGfne+Z0SgzwLgfzdXLsEY=; h=From:To:Subject:Date:From; b=b+E4Z+LghLd2gVmpNaRljRoGI0QaN7XkQmWVqayC1S/KxNOtla/Ehv3jt3l8S+hhv O9CfdJlC3ofBFmDdpmsBzGZEZi9nkKZxUq+QWsMiJ0VhAajrmW2qydpDBSlERSImtT hZVU9ojcqR4G/y3j/VwKxvgLXMhjOZ2icnplQgb8= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: H.J. Lu To: glibc-cvs@sourceware.org Subject: [glibc] x86/cet: Add -fcf-protection=none before -fcf-protection=branch X-Act-Checkin: glibc X-Git-Author: H.J. Lu X-Git-Refname: refs/heads/master X-Git-Oldrev: 6ac0e019098252cd6378d4ca2e1e3c0174d4806d X-Git-Newrev: b5dcccfb12385ee492eb074f6beb9ead56b5e5fd Message-Id: <20240101235641.321283858D1E@sourceware.org> Date: Mon, 1 Jan 2024 23:56:41 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b5dcccfb12385ee492eb074f6beb9ead56b5e5fd commit b5dcccfb12385ee492eb074f6beb9ead56b5e5fd Author: H.J. Lu Date: Mon Jan 1 07:55:18 2024 -0800 x86/cet: Add -fcf-protection=none before -fcf-protection=branch When shadow stack is enabled, some CET tests failed when compiled with GCC 14: FAIL: elf/tst-cet-legacy-4 FAIL: elf/tst-cet-legacy-5a FAIL: elf/tst-cet-legacy-6a which are caused by https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113039 These tests use -fcf-protection -fcf-protection=branch and assume that -fcf-protection=branch will override -fcf-protection. But this GCC 14 commit: https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1c6231c05bdcca changed the -fcf-protection behavior such that -fcf-protection -fcf-protection=branch is treated the same as -fcf-protection Use -fcf-protection -fcf-protection=none -fcf-protection=branch as the workaround. This fixes BZ #31187. Tested with GCC 13 and GCC 14 on Intel Tiger Lake. Reviewed-by: Noah Goldstein Diff: --- sysdeps/x86/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile index a49b13c595..5c8ab64c4d 100644 --- a/sysdeps/x86/Makefile +++ b/sysdeps/x86/Makefile @@ -215,12 +215,12 @@ modules-names += \ tst-cet-legacy-mod-6c \ # modules-names -CFLAGS-tst-cet-legacy-2.c += -fcf-protection=branch +CFLAGS-tst-cet-legacy-2.c += -fcf-protection=none -fcf-protection=branch CFLAGS-tst-cet-legacy-2a.c += -fcf-protection CFLAGS-tst-cet-legacy-mod-1.c += -fcf-protection=none CFLAGS-tst-cet-legacy-mod-2.c += -fcf-protection=none CFLAGS-tst-cet-legacy-3.c += -fcf-protection=none -CFLAGS-tst-cet-legacy-4.c += -fcf-protection=branch +CFLAGS-tst-cet-legacy-4.c += -fcf-protection=none -fcf-protection=branch CPPFLAGS-tst-cet-legacy-4a.c += -DCET_IS_PERMISSIVE=1 CFLAGS-tst-cet-legacy-4a.c += -fcf-protection CFLAGS-tst-cet-legacy-4b.c += -fcf-protection @@ -231,7 +231,7 @@ CPPFLAGS-tst-cet-legacy-5a.c += -DCET_IS_PERMISSIVE=1 endif CFLAGS-tst-cet-legacy-5b.c += -fcf-protection -mshstk CPPFLAGS-tst-cet-legacy-5b.c += -DCET_DISABLED_BY_ENV=1 -CFLAGS-tst-cet-legacy-mod-5a.c += -fcf-protection=branch +CFLAGS-tst-cet-legacy-mod-5a.c += -fcf-protection=none -fcf-protection=branch CFLAGS-tst-cet-legacy-mod-5b.c += -fcf-protection CFLAGS-tst-cet-legacy-mod-5c.c += -fcf-protection CFLAGS-tst-cet-legacy-6a.c += -fcf-protection -mshstk @@ -240,7 +240,7 @@ CPPFLAGS-tst-cet-legacy-6a.c += -DCET_IS_PERMISSIVE=1 endif CFLAGS-tst-cet-legacy-6b.c += -fcf-protection -mshstk CPPFLAGS-tst-cet-legacy-6b.c += -DCET_DISABLED_BY_ENV=1 -CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=branch +CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=none -fcf-protection=branch CFLAGS-tst-cet-legacy-mod-6b.c += -fcf-protection CFLAGS-tst-cet-legacy-mod-6c.c += -fcf-protection CFLAGS-tst-cet-legacy-7.c += -fcf-protection=none