https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102953
--- Comment #21 from Andrew Cooper <andrew.cooper3 at citrix dot com> ---
Another possibly-bug, but possibly mis-expectations on my behalf.
I've found some code in the depths of Xen which is causing a failure on final
link due to a missing `__x86_indirect_thunk_nt_rax` symbol.
$ cat fnptr-typeof.c
extern void (*fnptrs[])(char);
void foo(int a)
{
typeof(foo) *bar = (void *)fnptrs[0];
bar(a);
}
I realise this is wildly undefined behaviour, and I will try to address it in
due course. However, the instruction generation is bizarre.
When I compile with -fcf-protection=branch -mmanual-endbr, I get a plain `jmp
*fnptrs(%rip)` instruction. (This is fine.)
When I compile with -fcf-check-attribute=no as well, then I get `notrack jmp
*fnptrs(%rip)`. I'm not sure why the notrack is warranted here; for all GCC
knows, the target does have a suitable ENDBR64 instruction.
When I compile with -mindirect-branch=thunk as well, I get a load into %rax and
a normal looking retpoline thunk. (This is as expected too.)
However, when I switch to -mindirect-branch=thunk-extern, I get the the same
load into %rax, and then a jump to `__x86_indirect_thunk_nt_rax`. Presumably
the nt is short for notrack.
Irrespective of whether there should be a notrack or not on the jmp form, it
weird for the retpoline thunk ABI to be changing based on extern or not. What
is the reasoning behind this?
