On x86, swapcontext may return via indirect branch when shadow stack
is enabled.  To support code instrumentation of control-flow transfers
with -fcf-protection, add indirect_return function attribute to inform
compiler that a function may return via indirect branch.

Note: Unlike setjmp, swapcontext only returns once.  Mark it return
twice will unnecessarily disable compiler optimization.

OK for trunk?

H.J.
----
gcc/

        PR target/85620
        * config/i386/i386.c (rest_of_insert_endbranch): Also generate
        ENDBRANCH for non-tail call which may return via indirect branch.
        * doc/extend.texi: Document indirect_return attribute.

gcc/testsuite/

        PR target/85620
        * gcc.target/i386/pr85620-1.c: New test.
        * gcc.target/i386/pr85620-2.c: Likewise.
---
 gcc/config/i386/i386.c                    | 23 ++++++++++++++++++++++-
 gcc/doc/extend.texi                       |  6 ++++++
 gcc/testsuite/gcc.target/i386/pr85620-1.c | 15 +++++++++++++++
 gcc/testsuite/gcc.target/i386/pr85620-2.c | 13 +++++++++++++
 4 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 gcc/testsuite/gcc.target/i386/pr85620-1.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr85620-2.c

diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index b95f0612562..3fb79178138 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -2625,7 +2625,26 @@ rest_of_insert_endbranch (void)
        {
          if (CALL_P (insn))
            {
-             if (find_reg_note (insn, REG_SETJMP, NULL) == NULL)
+             bool need_endbr;
+             need_endbr = find_reg_note (insn, REG_SETJMP, NULL) != NULL;
+             if (!need_endbr && !SIBLING_CALL_P (insn))
+               {
+                 rtx call = get_call_rtx_from (insn);
+                 rtx fnaddr = XEXP (call, 0);
+
+                 /* Also generate ENDBRANCH for non-tail call which
+                    may return via indirect branch.  */
+                 if (MEM_P (fnaddr)
+                     && GET_CODE (XEXP (fnaddr, 0)) == SYMBOL_REF)
+                   {
+                     tree fndecl = SYMBOL_REF_DECL (XEXP (fnaddr, 0));
+                     if (fndecl
+                         && lookup_attribute ("indirect_return",
+                                              DECL_ATTRIBUTES (fndecl)))
+                       need_endbr = true;
+                   }
+               }
+             if (!need_endbr)
                continue;
              /* Generate ENDBRANCH after CALL, which can return more than
                 twice, setjmp-like functions.  */
@@ -46769,6 +46788,8 @@ static const struct attribute_spec 
ix86_attribute_table[] =
     ix86_handle_fndecl_attribute, NULL },
   { "function_return", 1, 1, true, false, false, false,
     ix86_handle_fndecl_attribute, NULL },
+  { "indirect_return", 0, 0, true, false, false, false,
+    ix86_handle_fndecl_attribute, NULL },
 
   /* End element.  */
   { NULL, 0, 0, false, false, false, false, NULL, NULL }
diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
index 3e6c98a554a..ddd50b0da3e 100644
--- a/gcc/doc/extend.texi
+++ b/gcc/doc/extend.texi
@@ -5878,6 +5878,12 @@ foo (void)
 @}
 @end smallexample
 
+@item indirect_return
+@cindex @code{indirect_return} function attribute, x86
+
+The @code{indirect_return} attribute on a function is used to inform
+the compiler that the function may return via indiret branch.
+
 @end table
 
 On the x86, the inliner does not inline a
diff --git a/gcc/testsuite/gcc.target/i386/pr85620-1.c 
b/gcc/testsuite/gcc.target/i386/pr85620-1.c
new file mode 100644
index 00000000000..32efb08e59e
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/pr85620-1.c
@@ -0,0 +1,15 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -fcf-protection" } */
+/* { dg-final { scan-assembler-times {\mendbr} 2 } } */
+
+struct ucontext;
+
+extern int bar (struct ucontext *) __attribute__((__indirect_return__));
+
+extern int res;
+
+void
+foo (struct ucontext *oucp)
+{
+  res = bar (oucp);
+}
diff --git a/gcc/testsuite/gcc.target/i386/pr85620-2.c 
b/gcc/testsuite/gcc.target/i386/pr85620-2.c
new file mode 100644
index 00000000000..b2e680fa1fe
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/pr85620-2.c
@@ -0,0 +1,13 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -fcf-protection" } */
+/* { dg-final { scan-assembler-times {\mendbr} 1 } } */
+
+struct ucontext;
+
+extern int bar (struct ucontext *) __attribute__((__indirect_return__));
+
+int
+foo (struct ucontext *oucp)
+{
+  return bar (oucp);
+}
-- 
2.17.1

Reply via email to