On Tue, May 28, 2019 at 10:33 AM Jeff Law wrote:
>
> On 5/28/19 9:48 AM, Jakub Jelinek wrote:
> > On Tue, May 28, 2019 at 08:30:59AM -0700, H.J. Lu wrote:
> >>> We shouldn't generate ENDBR in that case, nothing can goto to bar
> >>> (otherwise
> >>> it would remain a normal label, not a deleted label).
> >>>
> >>
> >> But return value of func () may be used with indirect jump.
> >
> > No, it may be used say to print that address, but computed goto can't be
> > used to jump from one function to a different function, see
> > https://gcc.gnu.org/onlinedocs/gcc/Labels-as-Values.html
> > "You may not use this mechanism to jump to code in a different function.
> > If you do that, totally unpredictable things happen."
> Right. We disallowed this case some time ago IIRC. It's essentially
> undefined behavior. I would even claim that in a CET world that we
> *want* a CET fault if something tried to use the deleted label as a jump
> target and thus an ENDBR is undesirable.
>
>
> >
> > NOTE_INSN_DELETED_LABEL is not guaranteed to be followed by any sensible
> > code, the only reason it is kept is that there is or might be something
> > referencing the label and so you want to emit the label somewhere in the
> > function, but don't care much where in the function.
> Exactly.
>
> Jeff
Here is the updated patch not to insert ENDBR after NOTE_INSN_DELETED_LABEL.
Tested on Linux/x86-64 with -fcf-protection.
OK for trunk?
Thanks.
--
H.J.
From 221484c1c6871d6fa93d4338df52d03d76a436dc Mon Sep 17 00:00:00 2001
From: "H.J. Lu"
Date: Thu, 14 Feb 2019 09:12:57 -0800
Subject: [PATCH] i386: Don't insert ENDBR after NOTE_INSN_DELETED_LABEL
NOTE_INSN_DELETED_LABEL is used to mark what used to be a 'code_label',
but was not used for other purposes than taking its address which cannot
be used as target for indirect jumps.
Since LABEL_PRESERVE_P is true only if the label address was taken, don't
set LABEL_PRESERVE_P on label used to initialize PIC register.
Tested on Linux/x86-64 with -fcf-protection.
For x86-64 libc.so on glibc master branch (commit f43b8dd55588c3),
Before: 2961 endbr64
After: 2943 endbr64
2019-05-31 H.J. Lu
Hongtao Liu
gcc/
PR target/89355
* config/i386/i386-features.c (rest_of_insert_endbranch): Remove
NOTE_INSN_DELETED_LABEL check.
* config/i386/i386.c (ix86_init_large_pic_reg): Don't set
LABEL_PRESERVE_P.
gcc/testsuite/
PR target/89355
* gcc.target/i386/cet-label-3.c: New test.
* gcc.target/i386/cet-label-4.c: Likewise.
* gcc.target/i386/cet-label-5.c: Likewise.
---
gcc/config/i386/i386-features.c | 5 +
gcc/config/i386/i386.c | 1 -
gcc/testsuite/gcc.target/i386/cet-label-3.c | 23 +
gcc/testsuite/gcc.target/i386/cet-label-4.c | 12 +++
gcc/testsuite/gcc.target/i386/cet-label-5.c | 13
5 files changed, 49 insertions(+), 5 deletions(-)
create mode 100644 gcc/testsuite/gcc.target/i386/cet-label-3.c
create mode 100644 gcc/testsuite/gcc.target/i386/cet-label-4.c
create mode 100644 gcc/testsuite/gcc.target/i386/cet-label-5.c
diff --git a/gcc/config/i386/i386-features.c b/gcc/config/i386/i386-features.c
index 60a120f4df7..c8de5261240 100644
--- a/gcc/config/i386/i386-features.c
+++ b/gcc/config/i386/i386-features.c
@@ -1911,10 +1911,7 @@ rest_of_insert_endbranch (void)
continue;
}
- if ((LABEL_P (insn) && LABEL_PRESERVE_P (insn))
- || (NOTE_P (insn)
- && NOTE_KIND (insn) == NOTE_INSN_DELETED_LABEL))
- /* TODO. Check /s bit also. */
+ if (LABEL_P (insn) && LABEL_PRESERVE_P (insn))
{
cet_eb = gen_nop_endbr ();
emit_insn_after (cet_eb, insn);
diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index 79fcb5c4e57..bb4df4760b6 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -1651,7 +1651,6 @@ ix86_init_large_pic_reg (unsigned int tmp_regno)
gcc_assert (Pmode == DImode);
label = gen_label_rtx ();
emit_label (label);
- LABEL_PRESERVE_P (label) = 1;
tmp_reg = gen_rtx_REG (Pmode, tmp_regno);
gcc_assert (REGNO (pic_offset_table_rtx) != tmp_regno);
emit_insn (gen_set_rip_rex64 (pic_offset_table_rtx,
diff --git a/gcc/testsuite/gcc.target/i386/cet-label-3.c b/gcc/testsuite/gcc.target/i386/cet-label-3.c
new file mode 100644
index 000..9f427a866f3
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/cet-label-3.c
@@ -0,0 +1,23 @@
+/* PR target/89355 */
+/* { dg-do compile } */
+/* { dg-options "-O2 -fcf-protection" } */
+/* { dg-final { scan-assembler-times "endbr32" 1 { target ia32 } } } */
+/* { dg-final { scan-assembler-times "endbr64" 1 { target { ! ia32 } } } } */
+int
+test (int* val)
+{
+ int status = 99;
+
+ if (!val)
+{
+ status = 22;
+ goto end;
+}
+
+ extern int x;
+ *val = x;
+
+ status = 0;
+end:
+ return status;
+}
diff --git a/gcc/testsuite/gcc.target/i386/cet-label-4.c b/gcc/testsuite/gcc.target/i386/cet-label-4.c
new file mode 100644
index