On Tue, May 28, 2019 at 10:33 AM Jeff Law <l...@redhat.com> wrote: > > On 5/28/19 9:48 AM, Jakub Jelinek wrote: > > On Tue, May 28, 2019 at 08:30:59AM -0700, H.J. Lu wrote: > >>> We shouldn't generate ENDBR in that case, nothing can goto to bar > >>> (otherwise > >>> it would remain a normal label, not a deleted label). > >>> > >> > >> But return value of func () may be used with indirect jump. > > > > No, it may be used say to print that address, but computed goto can't be > > used to jump from one function to a different function, see > > https://gcc.gnu.org/onlinedocs/gcc/Labels-as-Values.html > > "You may not use this mechanism to jump to code in a different function. > > If you do that, totally unpredictable things happen." > Right. We disallowed this case some time ago IIRC. It's essentially > undefined behavior. I would even claim that in a CET world that we > *want* a CET fault if something tried to use the deleted label as a jump > target and thus an ENDBR is undesirable. > > > > > > NOTE_INSN_DELETED_LABEL is not guaranteed to be followed by any sensible > > code, the only reason it is kept is that there is or might be something > > referencing the label and so you want to emit the label somewhere in the > > function, but don't care much where in the function. > Exactly. > > Jeff
Here is the updated patch not to insert ENDBR after NOTE_INSN_DELETED_LABEL. Tested on Linux/x86-64 with -fcf-protection. OK for trunk? Thanks. -- H.J.
From 221484c1c6871d6fa93d4338df52d03d76a436dc Mon Sep 17 00:00:00 2001 From: "H.J. Lu" <hjl.to...@gmail.com> Date: Thu, 14 Feb 2019 09:12:57 -0800 Subject: [PATCH] i386: Don't insert ENDBR after NOTE_INSN_DELETED_LABEL NOTE_INSN_DELETED_LABEL is used to mark what used to be a 'code_label', but was not used for other purposes than taking its address which cannot be used as target for indirect jumps. Since LABEL_PRESERVE_P is true only if the label address was taken, don't set LABEL_PRESERVE_P on label used to initialize PIC register. Tested on Linux/x86-64 with -fcf-protection. For x86-64 libc.so on glibc master branch (commit f43b8dd55588c3), Before: 2961 endbr64 After: 2943 endbr64 2019-05-31 H.J. Lu <hongjiu...@intel.com> Hongtao Liu <hongtao....@intel.com> gcc/ PR target/89355 * config/i386/i386-features.c (rest_of_insert_endbranch): Remove NOTE_INSN_DELETED_LABEL check. * config/i386/i386.c (ix86_init_large_pic_reg): Don't set LABEL_PRESERVE_P. gcc/testsuite/ PR target/89355 * gcc.target/i386/cet-label-3.c: New test. * gcc.target/i386/cet-label-4.c: Likewise. * gcc.target/i386/cet-label-5.c: Likewise. --- gcc/config/i386/i386-features.c | 5 +---- gcc/config/i386/i386.c | 1 - gcc/testsuite/gcc.target/i386/cet-label-3.c | 23 +++++++++++++++++++++ gcc/testsuite/gcc.target/i386/cet-label-4.c | 12 +++++++++++ gcc/testsuite/gcc.target/i386/cet-label-5.c | 13 ++++++++++++ 5 files changed, 49 insertions(+), 5 deletions(-) create mode 100644 gcc/testsuite/gcc.target/i386/cet-label-3.c create mode 100644 gcc/testsuite/gcc.target/i386/cet-label-4.c create mode 100644 gcc/testsuite/gcc.target/i386/cet-label-5.c diff --git a/gcc/config/i386/i386-features.c b/gcc/config/i386/i386-features.c index 60a120f4df7..c8de5261240 100644 --- a/gcc/config/i386/i386-features.c +++ b/gcc/config/i386/i386-features.c @@ -1911,10 +1911,7 @@ rest_of_insert_endbranch (void) continue; } - if ((LABEL_P (insn) && LABEL_PRESERVE_P (insn)) - || (NOTE_P (insn) - && NOTE_KIND (insn) == NOTE_INSN_DELETED_LABEL)) - /* TODO. Check /s bit also. */ + if (LABEL_P (insn) && LABEL_PRESERVE_P (insn)) { cet_eb = gen_nop_endbr (); emit_insn_after (cet_eb, insn); diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c index 79fcb5c4e57..bb4df4760b6 100644 --- a/gcc/config/i386/i386.c +++ b/gcc/config/i386/i386.c @@ -1651,7 +1651,6 @@ ix86_init_large_pic_reg (unsigned int tmp_regno) gcc_assert (Pmode == DImode); label = gen_label_rtx (); emit_label (label); - LABEL_PRESERVE_P (label) = 1; tmp_reg = gen_rtx_REG (Pmode, tmp_regno); gcc_assert (REGNO (pic_offset_table_rtx) != tmp_regno); emit_insn (gen_set_rip_rex64 (pic_offset_table_rtx, diff --git a/gcc/testsuite/gcc.target/i386/cet-label-3.c b/gcc/testsuite/gcc.target/i386/cet-label-3.c new file mode 100644 index 00000000000..9f427a866f3 --- /dev/null +++ b/gcc/testsuite/gcc.target/i386/cet-label-3.c @@ -0,0 +1,23 @@ +/* PR target/89355 */ +/* { dg-do compile } */ +/* { dg-options "-O2 -fcf-protection" } */ +/* { dg-final { scan-assembler-times "endbr32" 1 { target ia32 } } } */ +/* { dg-final { scan-assembler-times "endbr64" 1 { target { ! ia32 } } } } */ +int +test (int* val) +{ + int status = 99; + + if (!val) + { + status = 22; + goto end; + } + + extern int x; + *val = x; + + status = 0; +end: + return status; +} diff --git a/gcc/testsuite/gcc.target/i386/cet-label-4.c b/gcc/testsuite/gcc.target/i386/cet-label-4.c new file mode 100644 index 00000000000..d743d2bf202 --- /dev/null +++ b/gcc/testsuite/gcc.target/i386/cet-label-4.c @@ -0,0 +1,12 @@ +/* PR target/89355 */ +/* { dg-do compile { target { fpic && lp64 } } } */ +/* { dg-options "-O2 -fcf-protection -fPIC -mcmodel=large" } */ +/* { dg-final { scan-assembler-times "endbr64" 1 } } */ + +extern int val; + +int +test (void) +{ + return val; +} diff --git a/gcc/testsuite/gcc.target/i386/cet-label-5.c b/gcc/testsuite/gcc.target/i386/cet-label-5.c new file mode 100644 index 00000000000..862c79b058d --- /dev/null +++ b/gcc/testsuite/gcc.target/i386/cet-label-5.c @@ -0,0 +1,13 @@ +/* PR target/89355 */ +/* { dg-do compile } */ +/* { dg-options "-O2 -fcf-protection -Wno-return-local-addr" } */ +/* { dg-final { scan-assembler-times "endbr32" 1 { target ia32 } } } */ +/* { dg-final { scan-assembler-times "endbr64" 1 { target { ! ia32 } } } } */ + +void * +func (void) +{ + return &&bar; +bar: + return 0; +} -- 2.20.1