On 12/17/2017 05:05 PM, Tsimbalist, Igor V wrote:
-fcf-protection -mcet is incompatible with makecontext family functions
since they can't properly set up and destroy shadow stack pointer. This
change provides a mechanism to help detection shadow stack compatibility.
The current proposal is to add -mcheck-shstk-compat option which will
predefine __CHECK_SHSTK_COMPAT__ macro. The option will be
set on by default. Then we can add a code
#if defined __SHSTK__ && defined __CHECK_SHSTK_COMPAT__
# error This source is incompatible with -mshstk
#endif
to <ucontext.h>.
The functional change here is out of my maintainership domain, but....
Why does this need a new macro and a new option to control it? If the
code being protected doesn't work properly with -mshstk, it seems like
it would be more robust to do just
#if defined __SHSTK__
# error This source is incompatible with -mshstk
#endif
I don't see any discussion in the bugzilla issue to explain this.
Re the proposed documentation for the new option:
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 1413095..7b4223a 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -26225,6 +26225,15 @@ The option has effect only if the
@option{-fcf-protection=full} or
@option{-mshstk} is on by default when the @option{-mcet} option is
specified.
+@item -mcheck-shstk-compat
+@opindex mcheck-shstk-compat
+This option predefines __CHECK_SHSTK_COMPAT__ macro, which can be used
You need to add @code markup on all the macro names here.
+to add a guard to the C/C++ sources which are incompatible with Intel
s/which/that/
+shadow stack technology. A typical case would be issuing an error when >
+both __SHSTK__ and __CHECK_SHSTK_COMPAT__ macro are defined. The option
+@option{-mcheck-shstk-compat} is on by default when the @code{-mshstk}
+option is specified.
+
@item -mcrc32
@opindex mcrc32
This option enables built-in functions @code{__builtin_ia32_crc32qi},
-Sandra
