This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH 07/22] Enable building libgcc with CET options.
- From: Jeff Law <law at redhat dot com>
- To: "Tsimbalist, Igor V" <igor dot v dot tsimbalist at intel dot com>, Joseph Myers <joseph at codesourcery dot com>, "gcc-patches at gcc dot gnu dot org" <gcc-patches at gcc dot gnu dot org>, "ian at airs dot com" <ian at airs dot com>
- Date: Wed, 8 Nov 2017 16:04:47 -0700
- Subject: Re: [PATCH 07/22] Enable building libgcc with CET options.
- Authentication-results: sourceware.org; auth=none
- References: <D511F25789BA7F4EBA64C8A63891A00291F42230@IRSMSX102.ger.corp.intel.com> <alpine.DEB.2.20.1710122032490.4373@digraph.polyomino.org.uk> <D511F25789BA7F4EBA64C8A63891A00291F42572@IRSMSX102.ger.corp.intel.com> <D511F25789BA7F4EBA64C8A63891A00291F4B82A@IRSMSX102.ger.corp.intel.com> <03217204-eb7b-ef7b-d6b8-f52ecb517239@redhat.com> <D511F25789BA7F4EBA64C8A63891A00291F54A93@IRSMSX102.ger.corp.intel.com>
On 11/08/2017 03:06 PM, Tsimbalist, Igor V wrote:
So the question I have WRT this patch is the default setting. If I
>> understand it correctly, if the assembler supports the appropriate
>> insns, then we enable building target libraries with CET by default.
>
> That's right.
>
>> These libraries continue to work on older systems without CET
>> capabilities because the CET specific instructions are interpreted as
>> NOPs on older hardware, right?
>
> That's correct. One specific note though. The endbr and rdssp instructions
> will be treated as NOPs. Incssp instruction generated by the compiler or
> used in the library will be guarded not to be executed if CET features are
> not enabled.
OK.
>
>> What about cases where we're running on CET capable hardware, the main
>> program gets compiled without CET, but links against a libgcc with CET.
>> What happens in that case?
>
> All object files and libraries must have CET property set to make the whole
> application to be CET capable. In your case the program will not be CET
> capable.
Doesn't this imply that other components (linker, dynamic linker) are
working together to verify that the entire application and DSO are
compiled with CET? What happens when a CET capable application dl-opens
a DSO which is not CET safe? Does the dynamic linker disable CET at
that point?
Jeff