x86: Enable -fcf-protection with multi-byte NOPs
-fcf-protection -mcet can't be used with IFUNC features, like symbol
multiversioning or target clone, since IBT/SHSTK are applied to the whole
program and they may be disabled in some functions. But -fcf-protection
is implemented with multi-byte NOPs on all 64-bit processors as well as
32-bit processors starting with Pentium Pro. If -fcf-protection requires
-mcet, IFUNC features can't be used on Linux when -fcf-protection is
enabled by default.
This patch changes -fcf-protection to implement indirect branch and
return address tracking with multi-byte NOPs. -mibt and -mshstk are
changed to only enable CET built-in functions. CET tests are updated
to allow -fcf-protection without -mibt, -mshstk and -mcet on x86.
-fcf-protection=none are also added to tests which fail with
-fcf-protection so that -fcf-protection can be added to RUNTESTFLAGS
to verify -fcf-protection implementation.
gcc/
PR target/85417
* config/i386/cet.c (file_end_indicate_exec_stack_and_cet):
Check flag_cf_protection instead of TARGET_IBT and TARGET_SHSTK.
* config/i386/i386-c.c (ix86_target_macros_internal): Also
define __IBT__ and __SHSTK__ for -fcf-protection.
* config/i386/i386.c (pass_insert_endbranch::gate): Don't check
TARGET_IBT.
(ix86_trampoline_init): Likewise.
(x86_output_mi_thunk): Likewise.
(ix86_notrack_prefixed_insn_p): Likewise.
(ix86_option_override_internal): Don't disallow -fcf-protection.
* config/i386/i386.md (rdssp<mode>): Also enable for
-fcf-protection.
(incssp<mode>): Likewise.
(nop_endbr): Likewise.
* config/i386/i386.opt (mcet): Change help message to built-in
functions only.
(mibt): Likewise.
(mshstk): Likewise.
* doc/invoke.texi: Remove -mcet, -mibt and -mshstk condition
on -fcf-protection. Change -mcet, -mibt and -mshstk to only
enable CET built-in functions.
gcc/testsuite/
PR target/85417
* c-c++-common/attr-nocf-check-1.c: Compile with
-fcf-protection=none.
* c-c++-common/attr-nocf-check-3.c: Likewise.
* gcc.dg/march-generic.c: Likewise.
* gcc.target/i386/align-limit.c: Likewise.
* gcc.target/i386/cet-notrack-icf-1.c: Likewise.
* gcc.target/i386/cet-notrack-icf-3.c: Likewise.
* gcc.target/i386/cet-property-2.c: Likewise.
* gcc.target/i386/ret-thunk-26.c: Likewise.
* c-c++-common/fcf-protection-1.c: Remove dg-error for x86
targets.
* c-c++-common/fcf-protection-2.c: Likewise.
* c-c++-common/fcf-protection-3.c: Likewise.
* c-c++-common/fcf-protection-5.c: Likewise.
* c-c++-common/fcf-protection-6.c: Likewise.
* c-c++-common/fcf-protection-7.c: Likewise.
* gcc.target/i386/cet-label-3.c: New test.
* gcc.target/i386/cet-property-3.c: Likewise.
* gcc.target/i386/cet-sjlj-7.c: Likewise.
* gcc.target/i386/pr85417-1.c: Likewise.
* gcc.target/i386/indirect-thunk-attr-7.c: Also expect
__x86_indirect_thunk_nt_(r|e)ax
* gcc.target/i386/indirect-thunk-extern-7.c: Likewise.
* gcc.target/i386/pr85403.c: Remove dg-error,
From-SVN: r259496
29 files changed:
projects / platform / upstream / gcc.git / commit