84176 – Need a different thunk for -mindirect-branch=thunk-extern -fcf-protection -mcet

Bug 84176 - Need a different thunk for -mindirect-branch=thunk-extern -fcf-protection -mcet

Summary: Need a different thunk for -mindirect-branch=thunk-extern -fcf-protection -mcet

Status:	RESOLVED FIXED

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	target (show other bugs)
Version:	8.0.1

Importance:	P3 normal
Target Milestone:	8.0
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:	81652 84072
	Show dependency tree / graph

Reported:	2018-02-02 04:25 UTC by H.J. Lu
Modified:	2018-02-26 16:22 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:	x86_64--, i?86--
Build:
Known to work:
Known to fail:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description H.J. Lu 2018-02-02 04:25:12 UTC

When -fcf-protection -mcet is used to compile kernel, nocf_check attribute
can be used to add notrack prefix:

[hjl@gnu-skx-1 nt-1]$ cat x.i
void (*func1) (void) __attribute__((nocf_check));
void (*func2) (void);

void
bar (void)
{
  func1 ();
  func2 ();
}
[hjl@gnu-skx-1 nt-1]$ /export/build/gnu/gcc-test/build-x86_64-linux/gcc/xgcc -B/export/build/gnu/gcc-test/build-x86_64-linux/gcc/ -O2 -fcf-protection -mcet -S x.i
[hjl@gnu-skx-1 nt-1]$ cat x.s
	.file	"x.i"
	.text
	.p2align 4,,15
	.globl	bar
	.type	bar, @function
bar:
.LFB0:
	.cfi_startproc
	endbr64
	subq	$8, %rsp
	.cfi_def_cfa_offset 16
	notrack call	*func1(%rip)
	addq	$8, %rsp
	.cfi_def_cfa_offset 8
	jmp	*func2(%rip)
	.cfi_endproc
.LFE0:
	.size	bar, .-bar

When -mindirect-branch=thunk-extern is added, we need a thunk with
a different name to tell a thunk for indirect branch with notrack
prefix from a thunk for indirect branch without notrack prefix

[hjl@gnu-skx-1 nt-1]$ /export/build/gnu/gcc-test/build-x86_64-linux/gcc/xgcc -B/export/build/gnu/gcc-test/build-x86_64-linux/gcc/ -O2 -fcf-protection -mcet -mindirect-branch=thunk-extern  -S -o y.s x.i
[hjl@gnu-skx-1 nt-1]$ cat y.s
	.file	"x.i"
	.text
	.p2align 4,,15
	.globl	bar
	.type	bar, @function
bar:
.LFB0:
	.cfi_startproc
	endbr64
	subq	$8, %rsp
	.cfi_def_cfa_offset 16
	movq	func1(%rip), %rax
	call	__x86_indirect_thunk_rax
	movq	func2(%rip), %rax
	addq	$8, %rsp
	.cfi_def_cfa_offset 8
	jmp	__x86_indirect_thunk_rax
	.cfi_endproc
.LFE0:
	.size	bar, .-bar

Otherwise kernel can't properly update a thunk to an indirect branch with
notrack prefix for indirect branch with notrack prefix.

Comment 1 hjl@gcc.gnu.org 2018-02-22 17:09:38 UTC

Author: hjl
Date: Thu Feb 22 17:09:06 2018
New Revision: 257909

URL: https://gcc.gnu.org/viewcvs?rev=257909&root=gcc&view=rev
Log:
i386: Add __x86_indirect_thunk_nt_reg for -fcf-protection -mcet

nocf_check attribute can be used with -fcf-protection -mcet to disable
control-flow check by adding NOTRACK prefix before indirect branch.
When -mindirect-branch=thunk-extern -mindirect-branch-register is added,
indirect branch via register, "notrack call/jmp reg", is converted to

    call/jmp __x86_indirect_thunk_nt_reg

When running on machines with CET enabled, __x86_indirect_thunk_nt_reg
can be updated to

    notrack jmp reg

at run-time to restore NOTRACK prefix in the original indirect branch.

Since we don't support -mindirect-branch=thunk-extern, CET and MPX at
the same time, -mindirect-branch=thunk-extern is disallowed with
-fcf-protection=branch and -fcheck-pointer-bounds.

Tested on i686 and x86-64.

gcc/

	PR target/84176
	* config/i386/i386.c (ix86_set_indirect_branch_type): Issue an
	error when -mindirect-branch=thunk-extern, -fcf-protection=branch
	and -fcheck-pointer-bounds are used together.
	(indirect_thunk_prefix): New enum.
	(indirect_thunk_need_prefix): New function.
	(indirect_thunk_name): Replace need_bnd_p with need_prefix.  Use
	"_nt" instead of "_bnd" for NOTRACK prefix.
	(output_indirect_thunk): Replace need_bnd_p with need_prefix.
	(output_indirect_thunk_function): Likewise.
	(): Likewise.
	(ix86_code_end): Update output_indirect_thunk_function calls.
	(ix86_output_indirect_branch_via_reg): Replace
	ix86_bnd_prefixed_insn_p with indirect_thunk_need_prefix.
	(ix86_output_indirect_branch_via_push): Likewise.
	(ix86_output_function_return): Likewise.
	* doc/invoke.texi: Document -mindirect-branch=thunk-extern is
	incompatible with -fcf-protection=branch and
	-fcheck-pointer-bounds.

gcc/testsuite/

	PR target/84176
	* gcc.target/i386/indirect-thunk-11.c: New test.
	* gcc.target/i386/indirect-thunk-12.c: Likewise.
	* gcc.target/i386/indirect-thunk-attr-12.c: Likewise.
	* gcc.target/i386/indirect-thunk-attr-13.c: Likewise.
	* gcc.target/i386/indirect-thunk-attr-14.c: Likewise.
	* gcc.target/i386/indirect-thunk-attr-15.c: Likewise.
	* gcc.target/i386/indirect-thunk-attr-16.c: Likewise.
	* gcc.target/i386/indirect-thunk-extern-10.c: Likewise.
	* gcc.target/i386/indirect-thunk-extern-8.c: Likewise.
	* gcc.target/i386/indirect-thunk-extern-9.c: Likewise.

Added:
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-11.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-12.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-12.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-13.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-14.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-15.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-16.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-10.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-8.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-9.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/config/i386/i386.c
    trunk/gcc/doc/invoke.texi
    trunk/gcc/testsuite/ChangeLog

Comment 2 H.J. Lu 2018-02-26 16:22:59 UTC

Fixed for GCC 8.