[PATCH 2/5] gcc: Enable Intel CET on Intel CET enabled host for jit

Sat, 09 May 2020 08:43:52 -0700 

Since on Intel CET enabled host, dlopen in Intel CET enabled applications
fails on shared libraries which aren't Intel CET enabled, compile with
-fcf-protection on Intel CET enabled host when jit is enabled to enable
Intel CET on libgccjit.

        * Makefile.in (CET_HOST_FLAGS): New.
        (COMPILER): Add $(CET_HOST_FLAGS).
        * configure.ac: Add GCC_CET_HOST_FLAGS(CET_HOST_FLAGS) and
        AC_SUBST(CET_HOST_FLAGS).  Clear CET_HOST_FLAGS if jit isn't
        enabled.
        * aclocal.m4: Regenerated.
        * configure: Likewise.
---
 gcc/Makefile.in  |   4 ++
 gcc/aclocal.m4   |   2 +
 gcc/configure    | 182 ++++++++++++++++++++++++++++++++++++++++++++++-
 gcc/configure.ac |  11 +++
 4 files changed, 197 insertions(+), 2 deletions(-)

diff --git a/gcc/Makefile.in b/gcc/Makefile.in
index 543b477ff18..b49d6b0d31f 100644
--- a/gcc/Makefile.in
+++ b/gcc/Makefile.in
@@ -262,6 +262,10 @@ LINKER = $(CC)
 LINKER_FLAGS = $(CFLAGS)
 endif
 
+# Enable Intel CET on Intel CET enabled host if needed.
+CET_HOST_FLAGS = @CET_HOST_FLAGS@
+COMPILER += $(CET_HOST_FLAGS)
+
 NO_PIE_CFLAGS = @NO_PIE_CFLAGS@
 NO_PIE_FLAG = @NO_PIE_FLAG@
 
diff --git a/gcc/aclocal.m4 b/gcc/aclocal.m4
index e208071d236..1737d59d1cb 100644
--- a/gcc/aclocal.m4
+++ b/gcc/aclocal.m4
@@ -18,9 +18,11 @@ m4_include([../ltsugar.m4])
 m4_include([../ltversion.m4])
 m4_include([../lt~obsolete.m4])
 m4_include([../config/acx.m4])
+m4_include([../config/cet.m4])
 m4_include([../config/codeset.m4])
 m4_include([../config/depstand.m4])
 m4_include([../config/dfp.m4])
+m4_include([../config/enable.m4])
 m4_include([../config/gcc-plugin.m4])
 m4_include([../config/gettext-sister.m4])
 m4_include([../config/iconv.m4])
diff --git a/gcc/configure b/gcc/configure
index cd3d9516fce..3156db7821e 100755
--- a/gcc/configure
+++ b/gcc/configure
@@ -631,6 +631,7 @@ ac_includes_default="\
 
 ac_subst_vars='LTLIBOBJS
 LIBOBJS
+CET_HOST_FLAGS
 NO_PIE_FLAG
 NO_PIE_CFLAGS
 enable_default_pie
@@ -1017,6 +1018,7 @@ with_linker_hash_style
 with_diagnostics_color
 with_diagnostics_urls
 enable_default_pie
+enable_cet
 '
       ac_precious_vars='build_alias
 host_alias
@@ -1771,6 +1773,7 @@ Optional Features:
   --disable-libquadmath-support
                           disable libquadmath support for Fortran
   --enable-default-pie    enable Position Independent Executable as default
+  --enable-cet            enable Intel CET in host libraries [default=auto]
 
 Optional Packages:
   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
@@ -19015,7 +19018,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 19018 "configure"
+#line 19021 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -19121,7 +19124,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 19124 "configure"
+#line 19127 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -30730,6 +30733,181 @@ if test "$gcc_cv_no_pie" = "yes"; then
 fi
 
 
+# Enable Intel CET on Intel CET enabled host if jit is enabled.
+ # Check whether --enable-cet was given.
+if test "${enable_cet+set}" = set; then :
+  enableval=$enable_cet;
+      case "$enableval" in
+       yes|no|auto) ;;
+       *) as_fn_error $? "Unknown argument to enable/disable cet" "$LINENO" 5 
;;
+                          esac
+
+else
+  enable_cet=auto
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for CET support" >&5
+$as_echo_n "checking for CET support... " >&6; }
+
+case "$host" in
+  i[34567]86-*-linux* | x86_64-*-linux*)
+    may_have_cet=yes
+    save_CFLAGS="$CFLAGS"
+    CFLAGS="$CFLAGS -fcf-protection"
+    case "$enable_cet" in
+      auto)
+       # Check if target supports multi-byte NOPs
+       # and if assembler supports CET insn.
+       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+#if !defined(__SSE2__)
+#error target does not support multi-byte NOPs
+#else
+asm ("setssbsy");
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  enable_cet=yes
+else
+  enable_cet=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+       ;;
+      yes)
+       # Check if assembler supports CET.
+       cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+asm ("setssbsy");
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+
+else
+  as_fn_error $? "assembler with CET support is required for --enable-cet" 
"$LINENO" 5
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+       ;;
+    esac
+    CFLAGS="$save_CFLAGS"
+    ;;
+  *)
+    may_have_cet=no
+    enable_cet=no
+    ;;
+esac
+
+save_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS -fcf-protection=none"
+save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS -Wl,-z,ibt,-z,shstk"
+if test x$may_have_cet = xyes; then
+  # Check whether -fcf-protection=none -Wl,-z,ibt,-z,shstk work.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_link "$LINENO"; then :
+  may_have_cet=yes
+else
+  may_have_cet=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+
+if test x$may_have_cet = xyes; then
+  if test "$cross_compiling" = yes; then :
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+static void
+foo (void)
+{
+}
+
+static void
+__attribute__ ((noinline, noclone))
+xxx (void (*f) (void))
+{
+  f ();
+}
+
+static void
+__attribute__ ((noinline, noclone))
+bar (void)
+{
+  xxx (foo);
+}
+
+int
+main ()
+{
+  bar ();
+  return 0;
+}
+
+_ACEOF
+if ac_fn_cxx_try_run "$LINENO"; then :
+  have_cet=no
+else
+  have_cet=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+  if test x$enable_cet = xno -a x$have_cet = xyes; then
+    as_fn_error $? "Intel CET must be enabled on Intel CET enabled host" 
"$LINENO" 5
+  fi
+fi
+if test x$enable_cet = xyes; then
+  CET_HOST_FLAGS="-fcf-protection"
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+CFLAGS="$save_CFLAGS"
+LDFLAGS="$save_LDFLAGS"
+
+case x$enable_languages in
+*jit*)
+  ;;
+*)
+  CET_HOST_FLAGS=
+  ;;
+esac
+
+
 # Check linker supports '-z bndplt'
 ld_bndplt_support=no
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking linker -z bndplt option" >&5
diff --git a/gcc/configure.ac b/gcc/configure.ac
index 0de3b4bf97b..953b464cedf 100644
--- a/gcc/configure.ac
+++ b/gcc/configure.ac
@@ -6846,6 +6846,17 @@ if test "$gcc_cv_no_pie" = "yes"; then
 fi
 AC_SUBST([NO_PIE_FLAG])
 
+# Enable Intel CET on Intel CET enabled host if jit is enabled.
+GCC_CET_HOST_FLAGS(CET_HOST_FLAGS)
+case x$enable_languages in
+*jit*)
+  ;;
+*)
+  CET_HOST_FLAGS=
+  ;;
+esac
+AC_SUBST(CET_HOST_FLAGS)
+
 # Check linker supports '-z bndplt'
 ld_bndplt_support=no
 AC_MSG_CHECKING(linker -z bndplt option)
-- 
2.26.2

Reply via email to