[Bug target/84176] Need a different thunk for -mindirect-branch=thunk-extern -fcf-protection -mcet

hjl at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Thu Feb 22 17:10:00 GMT 2018


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84176

--- Comment #1 from hjl at gcc dot gnu.org <hjl at gcc dot gnu.org> ---
Author: hjl
Date: Thu Feb 22 17:09:06 2018
New Revision: 257909

URL: https://gcc.gnu.org/viewcvs?rev=257909&root=gcc&view=rev
Log:
i386: Add __x86_indirect_thunk_nt_reg for -fcf-protection -mcet

nocf_check attribute can be used with -fcf-protection -mcet to disable
control-flow check by adding NOTRACK prefix before indirect branch.
When -mindirect-branch=thunk-extern -mindirect-branch-register is added,
indirect branch via register, "notrack call/jmp reg", is converted to

    call/jmp __x86_indirect_thunk_nt_reg

When running on machines with CET enabled, __x86_indirect_thunk_nt_reg
can be updated to

    notrack jmp reg

at run-time to restore NOTRACK prefix in the original indirect branch.

Since we don't support -mindirect-branch=thunk-extern, CET and MPX at
the same time, -mindirect-branch=thunk-extern is disallowed with
-fcf-protection=branch and -fcheck-pointer-bounds.

Tested on i686 and x86-64.

gcc/

        PR target/84176
        * config/i386/i386.c (ix86_set_indirect_branch_type): Issue an
        error when -mindirect-branch=thunk-extern, -fcf-protection=branch
        and -fcheck-pointer-bounds are used together.
        (indirect_thunk_prefix): New enum.
        (indirect_thunk_need_prefix): New function.
        (indirect_thunk_name): Replace need_bnd_p with need_prefix.  Use
        "_nt" instead of "_bnd" for NOTRACK prefix.
        (output_indirect_thunk): Replace need_bnd_p with need_prefix.
        (output_indirect_thunk_function): Likewise.
        (): Likewise.
        (ix86_code_end): Update output_indirect_thunk_function calls.
        (ix86_output_indirect_branch_via_reg): Replace
        ix86_bnd_prefixed_insn_p with indirect_thunk_need_prefix.
        (ix86_output_indirect_branch_via_push): Likewise.
        (ix86_output_function_return): Likewise.
        * doc/invoke.texi: Document -mindirect-branch=thunk-extern is
        incompatible with -fcf-protection=branch and
        -fcheck-pointer-bounds.

gcc/testsuite/

        PR target/84176
        * gcc.target/i386/indirect-thunk-11.c: New test.
        * gcc.target/i386/indirect-thunk-12.c: Likewise.
        * gcc.target/i386/indirect-thunk-attr-12.c: Likewise.
        * gcc.target/i386/indirect-thunk-attr-13.c: Likewise.
        * gcc.target/i386/indirect-thunk-attr-14.c: Likewise.
        * gcc.target/i386/indirect-thunk-attr-15.c: Likewise.
        * gcc.target/i386/indirect-thunk-attr-16.c: Likewise.
        * gcc.target/i386/indirect-thunk-extern-10.c: Likewise.
        * gcc.target/i386/indirect-thunk-extern-8.c: Likewise.
        * gcc.target/i386/indirect-thunk-extern-9.c: Likewise.

Added:
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-11.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-12.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-12.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-13.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-14.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-15.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-attr-16.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-10.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-8.c
    trunk/gcc/testsuite/gcc.target/i386/indirect-thunk-extern-9.c
Modified:
    trunk/gcc/ChangeLog
    trunk/gcc/config/i386/i386.c
    trunk/gcc/doc/invoke.texi
    trunk/gcc/testsuite/ChangeLog


More information about the Gcc-bugs mailing list