This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Updated version #3. > -----Original Message----- > From: Sandra Loosemore [mailto:sandra@codesourcery.com] > Sent: Wednesday, September 27, 2017 5:41 AM > To: Tsimbalist, Igor V <igor.v.tsimbalist@intel.com>; Uros Bizjak > <ubizjak@gmail.com> > Cc: gcc-patches@gcc.gnu.org > Subject: Re: 0005-Part-5.-Add-x86-CET-documentation > > On 09/26/2017 07:47 AM, Tsimbalist, Igor V wrote: > > Here is a new version of the patch. > > > > diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi index > > a374890..a900ed1 100644 > > --- a/gcc/doc/extend.texi > > +++ b/gcc/doc/extend.texi > > @@ -5655,6 +5655,13 @@ compiled with the > > @option{-fcf-protection=branch} option. The compiler assumes that > > the function's address is a valid target for a control-flow transfer. > > > > +@emph{x86 implementation:} when @option{-fcf-protection} option is > > +specified the compiler inserts an ENDBR instruction at function's > > +prologue if the function's type does not have the @code{nocf_check} > > +attribute and addresses to which indirect control-flow transfer can > > +happen. The instruction triggers the HW check if a control-flow > > +transfer to the address of ENDBR instruction is valid. > > Implementation details like this should be comments in the code, not > included in the user-facing documentation. > > > @@ -5662,7 +5669,8 @@ not be instrumented when compiled with the > that > > the function's address from the pointer is a valid target for a > > control-flow transfer. A direct function call through a function > > name is assumed to be a safe call thus direct calls are not > > -instrumented by the compiler. > > +instrumented by the compiler. For @emph{x86 implementation} the > > +compiler inserts a NOTRACK prefix before an indirect call instruction. > > Likewise here. For this comment and above could you please let me know what is the right place To move the description? Also I enclosed ENDBR and NOTRACK in @code{} and wrote it in lower case. > > @@ -21217,6 +21225,25 @@ void __builtin_ia32_wrpkru (unsigned int) > > unsigned int __builtin_ia32_rdpkru () @end smallexample > > > > +The following built-in functions are available when @option{-mcet} is > used. > > +They are used to support Intel Control-flow Enforcment Technology (CET). > > +Each built-in function generate a machine instruction that is part of > > +the > > s/generate a/generates the/ Fixed. > > @@ -11378,6 +11379,20 @@ You can also use the @code{nocf_check} > > attribute to identify which functions and calls should be skipped > > from instrumentation (@pxref{Function Attributes}). > > > > +Currently x86 GNU/Linux target provides an implementation based on > > s/x86/the x86/ Fixed. > > +Intel Control-flow Enforcement Technology (CET), thus @option{-mcet} > > s/@option/the @option/ Fixed. > > +option is required to enable this feature. > > I think you should put a cross-reference to the x86 options node here, and > move all the following x86-specific discussion to that section. Put cross-reference. > > In order to get an > > +application to be CET compatible the x86 implementation requires all > > +object files have to be compiled with @option{-fcf-protection} option > > +and all linked in libraries have to be CET compatible. > > I'm having difficulty parsing this. What does "CET compatible" mean? > Is this an ABI compatibility issue, so that all objects linked into the executable > have to be compiled with the (same?) @option{-fcf-protection} option if any > of them do? Or do you just lose checking on code in uninstrumented > objects? I re-wrote the paragraph and removed "compatibility topic". > > +Instrumentation for x86 is controlled by target specific options > > hyphenate target-specific here Fixed. > > +@option{-mcet}, @option{-mibt} and @option{-mshstk}. The compiler > > +also provides a number of built-in functions for fine-grained control > > +of CET-based implementation. See @xref{x86 Built-in Functions}, for > > +more information. > > + > > @item -fstack-protector > > @opindex fstack-protector > > Emit extra code to check for buffer overflows, such as stack smashing > > @@ -25755,15 +25770,19 @@ preferred alignment to @option{- > mpreferred-stack-boundary=2}. > > @need 200 > > @itemx -mclzero > > @opindex mclzero > > +@need 200 > > @itemx -mpku > > @opindex mpku > > +@need 200 > > +@itemx -mcet > > +@opindex mcet > > These switches enable the use of instructions in the MMX, SSE, SSE2, > > SSE3, SSSE3, SSE4.1, AVX, AVX2, AVX512F, AVX512PF, AVX512ER, > AVX512CD, > > SHA, AES, PCLMUL, FSGSBASE, RDRND, F16C, FMA, SSE4A, FMA4, XOP, > LWP, > > ABM, AVX512VL, AVX512BW, AVX512DQ, AVX512IFMA AVX512VBMI, BMI, > BMI2, > > FXSR, -XSAVE, XSAVEOPT, LZCNT, RTM, MPX, MWAITX, PKU, 3DNow!@: or > enhanced 3DNow!@: > > -extended instruction sets. Each has a corresponding @option{-mno-} > > option -to disable use of these instructions. > > +XSAVE, XSAVEOPT, LZCNT, RTM, MPX, MWAITX, PKU, IBT, SHSTK, > > +3DNow!@: or enhanced 3DNow!@: extended instruction sets. Each has a > > +corresponding @option{-mno-} option to disable use of these > instructions. > > > > These extensions are also available as built-in functions: see > > @ref{x86 Built-in Functions}, for details of the functions enabled > > and @@ -25783,6 +25802,11 @@ supported architecture, using the > > appropriate flags. In particular, the file containing the CPU > > detection code should be compiled without these options. > > > > +The @option{-mcet} option turns on @option{-mibt} and > > +@option{-mshstk} > > s/turns on/turns on the/ Fixed. > > +options. @option{-mibt} option enables idirect branch tracking > > +support > > s/@option/The @option/ > s/idirect/indirect/ Fixed. > > +and @option{-mshstk} option enables shadow stack support from > > s/@option/the @option/ Fixed. > > +Intel Control-flow Enforcement Technology (CET). > > + > > @item -mdump-tune-features > > @opindex mdump-tune-features > > This option instructs GCC to dump the names of the x86 performance @@ > > -25856,6 +25880,24 @@ see @ref{Other Builtins} for details. > > This option enables use of the @code{movbe} instruction to implement > > @code{__builtin_bswap32} and @code{__builtin_bswap64}. > > > > +@item -mibt > > +@opindex mibt > > +This option tells the compiler to use indirect branch tracking > > +support (for indirect calls and jumps) from x86 Control-flow > > +Enforcement Technology (CET). The option has effect only if > > +@option{-fcf-protection=full} or @option{-fcf-protection=branch} > > +option is specified. The option @option{-mibt} is on by default when > > +@code{-mcet} > > s/@code{-mcet}/the @option{-mcet}/ Fixed. Thanks, Igor > > +option is specified. > > + > > +@item -mshstk > > +@opindex mshstk > > +This option tells the compiler to use shadow stack support (return > > +address tracking) from x86 Control-flow Enforcement Technology (CET). > > +The option has effect only if @option{-fcf-protection=full} or > > +@option{-fcf-protection=return} option is specified. The option > > +@option{-mshstk} is on by default when @option{-mcet} option is > > +specified. > > + > > @item -mcrc32 > > @opindex mcrc32 > > This option enables built-in functions @code{__builtin_ia32_crc32qi}, > > -Sandra >
Attachment:
0005-Add-x86-CET-documentation.patch
Description: 0005-Add-x86-CET-documentation.patch
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |