On Tue, May 28, 2019 at 10:33 AM Jeff Law <l...@redhat.com> wrote:
>
> On 5/28/19 9:48 AM, Jakub Jelinek wrote:
> > On Tue, May 28, 2019 at 08:30:59AM -0700, H.J. Lu wrote:
> >>> We shouldn't generate ENDBR in that case, nothing can goto to bar 
> >>> (otherwise
> >>> it would remain a normal label, not a deleted label).
> >>>
> >>
> >> But return value of func () may be used with indirect jump.
> >
> > No, it may be used say to print that address, but computed goto can't be
> > used to jump from one function to a different function, see
> > https://gcc.gnu.org/onlinedocs/gcc/Labels-as-Values.html
> > "You may not use this mechanism to jump to code in a different function.
> > If you do that, totally unpredictable things happen."
> Right.  We disallowed this case some time ago IIRC.  It's essentially
> undefined behavior.  I would even claim that in a CET world that we
> *want* a CET fault if something tried to use the deleted label as a jump
> target and thus an ENDBR is undesirable.
>
>
> >
> > NOTE_INSN_DELETED_LABEL is not guaranteed to be followed by any sensible
> > code, the only reason it is kept is that there is or might be something
> > referencing the label and so you want to emit the label somewhere in the
> > function, but don't care much where in the function.
> Exactly.
>
> Jeff

Here is the updated patch not to insert ENDBR after NOTE_INSN_DELETED_LABEL.

Tested on Linux/x86-64 with -fcf-protection.

OK for trunk?

Thanks.

-- 
H.J.
From 221484c1c6871d6fa93d4338df52d03d76a436dc Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.to...@gmail.com>
Date: Thu, 14 Feb 2019 09:12:57 -0800
Subject: [PATCH] i386: Don't insert ENDBR after NOTE_INSN_DELETED_LABEL

NOTE_INSN_DELETED_LABEL is used to mark what used to be a 'code_label',
but was not used for other purposes than taking its address which cannot
be used as target for indirect jumps.

Since LABEL_PRESERVE_P is true only if the label address was taken, don't
set LABEL_PRESERVE_P on label used to initialize PIC register.

Tested on Linux/x86-64 with -fcf-protection.

For x86-64 libc.so on glibc master branch (commit f43b8dd55588c3),

Before: 2961 endbr64
After:  2943 endbr64

2019-05-31  H.J. Lu  <hongjiu...@intel.com>
	    Hongtao Liu  <hongtao....@intel.com>

gcc/

	PR target/89355
	* config/i386/i386-features.c (rest_of_insert_endbranch): Remove
	NOTE_INSN_DELETED_LABEL check.
	* config/i386/i386.c (ix86_init_large_pic_reg): Don't set
	LABEL_PRESERVE_P.

gcc/testsuite/

	PR target/89355
	* gcc.target/i386/cet-label-3.c: New test.
	* gcc.target/i386/cet-label-4.c: Likewise.
	* gcc.target/i386/cet-label-5.c: Likewise.
---
 gcc/config/i386/i386-features.c             |  5 +----
 gcc/config/i386/i386.c                      |  1 -
 gcc/testsuite/gcc.target/i386/cet-label-3.c | 23 +++++++++++++++++++++
 gcc/testsuite/gcc.target/i386/cet-label-4.c | 12 +++++++++++
 gcc/testsuite/gcc.target/i386/cet-label-5.c | 13 ++++++++++++
 5 files changed, 49 insertions(+), 5 deletions(-)
 create mode 100644 gcc/testsuite/gcc.target/i386/cet-label-3.c
 create mode 100644 gcc/testsuite/gcc.target/i386/cet-label-4.c
 create mode 100644 gcc/testsuite/gcc.target/i386/cet-label-5.c

diff --git a/gcc/config/i386/i386-features.c b/gcc/config/i386/i386-features.c
index 60a120f4df7..c8de5261240 100644
--- a/gcc/config/i386/i386-features.c
+++ b/gcc/config/i386/i386-features.c
@@ -1911,10 +1911,7 @@ rest_of_insert_endbranch (void)
 	      continue;
 	    }
 
-	  if ((LABEL_P (insn) && LABEL_PRESERVE_P (insn))
-	      || (NOTE_P (insn)
-		  && NOTE_KIND (insn) == NOTE_INSN_DELETED_LABEL))
-	    /* TODO.  Check /s bit also.  */
+	  if (LABEL_P (insn) && LABEL_PRESERVE_P (insn))
 	    {
 	      cet_eb = gen_nop_endbr ();
 	      emit_insn_after (cet_eb, insn);
diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index 79fcb5c4e57..bb4df4760b6 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -1651,7 +1651,6 @@ ix86_init_large_pic_reg (unsigned int tmp_regno)
   gcc_assert (Pmode == DImode);
   label = gen_label_rtx ();
   emit_label (label);
-  LABEL_PRESERVE_P (label) = 1;
   tmp_reg = gen_rtx_REG (Pmode, tmp_regno);
   gcc_assert (REGNO (pic_offset_table_rtx) != tmp_regno);
   emit_insn (gen_set_rip_rex64 (pic_offset_table_rtx,
diff --git a/gcc/testsuite/gcc.target/i386/cet-label-3.c b/gcc/testsuite/gcc.target/i386/cet-label-3.c
new file mode 100644
index 00000000000..9f427a866f3
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/cet-label-3.c
@@ -0,0 +1,23 @@
+/* PR target/89355  */
+/* { dg-do compile } */
+/* { dg-options "-O2 -fcf-protection" } */
+/* { dg-final { scan-assembler-times "endbr32" 1 { target ia32 } } } */
+/* { dg-final { scan-assembler-times "endbr64" 1 { target { ! ia32 } } } } */
+int
+test (int* val)
+{
+  int status = 99;
+
+  if (!val)
+    {
+      status = 22;
+      goto end;
+    }
+
+  extern int x;
+  *val = x;
+
+  status = 0;
+end:
+  return status;
+}
diff --git a/gcc/testsuite/gcc.target/i386/cet-label-4.c b/gcc/testsuite/gcc.target/i386/cet-label-4.c
new file mode 100644
index 00000000000..d743d2bf202
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/cet-label-4.c
@@ -0,0 +1,12 @@
+/* PR target/89355  */
+/* { dg-do compile { target { fpic && lp64 } } } */
+/* { dg-options "-O2 -fcf-protection -fPIC -mcmodel=large" } */
+/* { dg-final { scan-assembler-times "endbr64" 1 } } */
+
+extern int val;
+
+int
+test (void)
+{
+  return val;
+}
diff --git a/gcc/testsuite/gcc.target/i386/cet-label-5.c b/gcc/testsuite/gcc.target/i386/cet-label-5.c
new file mode 100644
index 00000000000..862c79b058d
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/cet-label-5.c
@@ -0,0 +1,13 @@
+/* PR target/89355  */
+/* { dg-do compile } */
+/* { dg-options "-O2 -fcf-protection -Wno-return-local-addr" } */
+/* { dg-final { scan-assembler-times "endbr32" 1 { target ia32 } } } */
+/* { dg-final { scan-assembler-times "endbr64" 1 { target { ! ia32 } } } } */
+
+void *
+func (void)
+{
+  return &&bar;
+bar:
+  return 0;
+}
-- 
2.20.1

Reply via email to