RE: [PATCH 07/22] Enable building libgcc with CET options.

["Tsimbalist, Igor V" <igor dot v dot tsimbalist at intel dot com>]

> -----Original Message-----
> From: Jeff Law [mailto:law@redhat.com]
> Sent: Wednesday, November 8, 2017 6:21 PM
> To: Tsimbalist, Igor V <igor.v.tsimbalist@intel.com>; Joseph Myers
> <joseph@codesourcery.com>; gcc-patches@gcc.gnu.org; ian@airs.com
> Subject: Re: [PATCH 07/22] Enable building libgcc with CET options.
> 
> On 10/31/2017 05:29 AM, Tsimbalist, Igor V wrote:
> > The revised patch is attached. The differences are in what options are
> defined and propagated to Makefile for CET enabling, also needed asm files
> are updated.
> >
> [ ... ]
> 
> >
> > 0007-Enable-building-libgcc-with-CET-options.patch
> >
> >
> > From df923f7e0ebee1f10136bb64f9c723f2d58f8f2a Mon Sep 17 00:00:00
> 2001
> > From: Igor Tsimbalist <igor.v.tsimbalist@intel.com>
> > Date: Fri, 27 Oct 2017 15:44:56 +0300
> > Subject: [PATCH 07/21] Enable building libgcc with CET options
> >
> > Enable building libgcc with CET options by default on Linux/x86 if
> > binutils supports CET v2.0.  It can be disabled with --disable-cet.
> > It is an error to configure GCC with --enable-cet if bintuiils doesn't
> > support CET v2.0.
> >
> > ENDBR is added to __morestack_large_model since it is called indirectly.
> >
> > config/
> > 	* cet.m4: New file.
> >
> > gcc/
> > 	* config.gcc (extra_headers): Add cet.h for x86 targets.
> > 	* config/i386/cet.h: New file.
> > 	* doc/install.texi: Add --enable-cet/--disable-cet.
> >
> > libgcc/
> > 	* Makefile.in (configure_deps): Add $(srcdir)/../config/cet.m4.
> > 	(CET_FLAGS): New.
> > 	* config/i386/morestack.S: Include <cet.h>.
> > 	(__morestack_large_model): Add _CET_ENDBR at function entrance.
> > 	* config/i386/resms64.h: Include <cet.h>.
> > 	* config/i386/resms64f.h: Likewise.
> > 	* config/i386/resms64fx.h: Likewise.
> > 	* config/i386/resms64x.h: Likewise.
> > 	* config/i386/savms64.h: Likewise.
> > 	* config/i386/savms64f.h: Likewise.
> > 	* config/i386/t-linux (HOST_LIBGCC2_CFLAGS): Add $(CET_FLAGS).
> > 	(CRTSTUFF_T_CFLAGS): Likewise.
> > 	* configure.ac: Include ../config/cet.m4.
> > 	Set and substitute CET_FLAGS.
> > 	* configure: Regenerated.
> So the question I have WRT this patch is the default setting.  If I
> understand it correctly, if the assembler supports the appropriate
> insns, then we enable building target libraries with CET by default.

That's right.

> These libraries continue to work on older systems without CET
> capabilities because the CET specific instructions are interpreted as
> NOPs on older hardware, right?

That's correct. One specific note though. The endbr and rdssp instructions
will be treated as NOPs. Incssp instruction generated by the compiler or
used in the library will be guarded not to be executed if CET features are
not enabled.

> What about cases where we're running on CET capable hardware, the main
> program gets compiled without CET, but links against a libgcc with CET.
> What happens in that case?

All object files and libraries must have CET property set to make the whole
application to be CET capable. In your case the program will not be CET
capable.

Igor

> What triggers the use of CET vs interpreting those instructions as NOPs
>
> I don't doubt y'all have already thought about these cases.  I just want
> to make sure that I understand them and the implications before I ack
> this patch.
> 
> Jeff