Enable building libgcc with CET options.

Enable building libgcc with CET options by default on Linux/x86 if
binutils supports CET v2.0.  It can be disabled with --disable-cet.
It is an error to configure GCC with --enable-cet if bintuiils
doesn't support CET v2.0.

ENDBR instruction is added to __morestack_large_model since it is
called indirectly.

2017-11-17  Igor Tsimbalist  <igor.v.tsimbalist@intel.com>

config/
	* cet.m4: New file.

gcc/
	* config.gcc (extra_headers): Add cet.h for x86 targets.
	* config/i386/cet.h: New file.
	* doc/install.texi: Add --enable-cet/--disable-cet.

libgcc/
	* Makefile.in (configure_deps): Add $(srcdir)/../config/cet.m4.
	(CET_FLAGS): New.
	* config/i386/morestack.S: Include <cet.h>.
	(__morestack_large_model): Add _CET_ENDBR at function entrance.
	* config/i386/resms64.h: Include <cet.h>.
	* config/i386/resms64f.h: Likewise.
	* config/i386/resms64fx.h: Likewise.
	* config/i386/resms64x.h: Likewise.
	* config/i386/savms64.h: Likewise.
	* config/i386/savms64f.h: Likewise.
	* config/i386/t-linux (HOST_LIBGCC2_CFLAGS): Add $(CET_FLAGS).
	(CRTSTUFF_T_CFLAGS): Likewise.
	* configure.ac: Include ../config/cet.m4.
	Set and substitute CET_FLAGS.
	* configure: Regenerated.

From-SVN: r254868
This commit is contained in:
Igor Tsimbalist 2017-11-17 14:34:39 +01:00 committed by Igor Tsimbalist
parent a851ce04f7
commit 1ecae1fc23
18 changed files with 271 additions and 4 deletions

View File

@ -1,3 +1,7 @@
2017-11-17 Igor Tsimbalist <igor.v.tsimbalist@intel.com>
* cet.m4: New file.
2017-11-15 Alexandre Oliva <aoliva@redhat.com> 2017-11-15 Alexandre Oliva <aoliva@redhat.com>
* bootstrap-debug-lean.mk (do-compare): Use the * bootstrap-debug-lean.mk (do-compare): Use the

38
config/cet.m4 Normal file
View File

@ -0,0 +1,38 @@
dnl
dnl GCC_CET_FLAGS
dnl (SHELL-CODE_HANDLER)
dnl
AC_DEFUN([GCC_CET_FLAGS],[dnl
GCC_ENABLE(cet, default, ,[enable Intel CET in target libraries],
permit yes|no|default)
case "$host" in
i[[34567]]86-*-linux* | x86_64-*-linux*)
case "$enable_cet" in
default)
# Check if assembler supports CET.
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[],
[asm ("setssbsy");])],
[enable_cet=yes],
[enable_cet=no])
;;
yes)
# Check if assembler supports CET.
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[],
[asm ("setssbsy");])],
[],
[AC_MSG_ERROR([assembler with CET support is required for --enable-cet])])
;;
esac
;;
*)
enable_cet=no
;;
esac
if test x$enable_cet = xyes; then
$1="-fcf-protection -mcet"
fi
])

View File

@ -1,3 +1,9 @@
2017-11-17 Igor Tsimbalist <igor.v.tsimbalist@intel.com>
* config.gcc (extra_headers): Add cet.h for x86 targets.
* config/i386/cet.h: New file.
* doc/install.texi: Add --enable-cet/--disable-cet.
2017-11-17 Richard Biener <rguenther@suse.de> 2017-11-17 Richard Biener <rguenther@suse.de>
PR tree-optimization/83017 PR tree-optimization/83017

View File

@ -379,7 +379,7 @@ i[34567]86-*-*)
avx512vbmivlintrin.h avx5124fmapsintrin.h avx5124vnniwintrin.h avx512vbmivlintrin.h avx5124fmapsintrin.h avx5124vnniwintrin.h
avx512vpopcntdqintrin.h clwbintrin.h mwaitxintrin.h avx512vpopcntdqintrin.h clwbintrin.h mwaitxintrin.h
clzerointrin.h pkuintrin.h sgxintrin.h cetintrin.h clzerointrin.h pkuintrin.h sgxintrin.h cetintrin.h
gfniintrin.h" gfniintrin.h cet.h"
;; ;;
x86_64-*-*) x86_64-*-*)
cpu_type=i386 cpu_type=i386
@ -404,7 +404,7 @@ x86_64-*-*)
avx512vbmivlintrin.h avx5124fmapsintrin.h avx5124vnniwintrin.h avx512vbmivlintrin.h avx5124fmapsintrin.h avx5124vnniwintrin.h
avx512vpopcntdqintrin.h clwbintrin.h mwaitxintrin.h avx512vpopcntdqintrin.h clwbintrin.h mwaitxintrin.h
clzerointrin.h pkuintrin.h sgxintrin.h cetintrin.h clzerointrin.h pkuintrin.h sgxintrin.h cetintrin.h
gfniintrin.h" gfniintrin.h cet.h"
;; ;;
ia64-*-*) ia64-*-*)
extra_headers=ia64intrin.h extra_headers=ia64intrin.h

93
gcc/config/i386/cet.h Normal file
View File

@ -0,0 +1,93 @@
/* ELF program property for Intel CET.
Copyright (C) 2017 Free Software Foundation, Inc.
This file is free software; you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the
Free Software Foundation; either version 3, or (at your option) any
later version.
This file is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
Under Section 7 of GPL version 3, you are granted additional
permissions described in the GCC Runtime Library Exception, version
3.1, as published by the Free Software Foundation.
You should have received a copy of the GNU General Public License and
a copy of the GCC Runtime Library Exception along with this program;
see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
<http://www.gnu.org/licenses/>.
*/
/* Add x86 feature with IBT and/or SHSTK bits to ELF program property
if they are enabled. Otherwise, contents in this header file are
unused. Define _CET_ENDBR for assembly codes. _CET_ENDBR should be
placed unconditionally at the entrance of a function whose address
may be taken. */
#ifndef _CET_H_INCLUDED
#define _CET_H_INCLUDED
#ifdef __ASSEMBLER__
# ifdef __IBT__
# ifdef __x86_64__
# define _CET_ENDBR endbr64
# else
# define _CET_ENDBR endbr32
# endif
# else
# define _CET_ENDBR
# endif
# ifdef __ELF__
# ifdef __CET__
# ifdef __IBT__
/* GNU_PROPERTY_X86_FEATURE_1_IBT. */
# define __PROPERTY_IBT 0x1
# else
# define __PROPERTY_IBT 0x0
# endif
# ifdef __SHSTK__
/* GNU_PROPERTY_X86_FEATURE_1_SHSTK. */
# define __PROPERTY_SHSTK 0x2
# else
# define __PROPERTY_SHSTK 0x0
# endif
# define __PROPERTY_BITS (__PROPERTY_IBT | __PROPERTY_SHSTK)
# ifdef __LP64__
# define __PROPERTY_ALIGN 3
# else
# define __PROPERTY_ALIGN 2
# endif
.pushsection ".note.gnu.property", "a"
.p2align __PROPERTY_ALIGN
.long 1f - 0f /* name length. */
.long 4f - 1f /* data length. */
/* NT_GNU_PROPERTY_TYPE_0. */
.long 5 /* note type. */
0:
.asciz "GNU" /* vendor name. */
1:
.p2align __PROPERTY_ALIGN
/* GNU_PROPERTY_X86_FEATURE_1_AND. */
.long 0xc0000002 /* pr_type. */
.long 3f - 2f /* pr_datasz. */
2:
/* GNU_PROPERTY_X86_FEATURE_1_XXX. */
.long __PROPERTY_BITS
3:
.p2align __PROPERTY_ALIGN
4:
.popsection
# endif /* __CET__ */
# endif /* __ELF__ */
#endif /* __ASSEMBLER__ */
#endif /* _CET_H_INCLUDED */

View File

@ -2065,6 +2065,19 @@ explicitly specify the directory where they are installed. The
shorthand for shorthand for
@option{--with-hsa-runtime-lib=@/@var{hsainstalldir}/lib} and @option{--with-hsa-runtime-lib=@/@var{hsainstalldir}/lib} and
@option{--with-hsa-runtime-include=@/@var{hsainstalldir}/include}. @option{--with-hsa-runtime-include=@/@var{hsainstalldir}/include}.
@item --enable-cet
@itemx --disable-cet
Enable building target run-time libraries with control-flow
instrumentation, see @option{-fcf-protection} option. When
@code{--enable-cet} is specified target libraries are configured
to add @option{-fcf-protection} and, if needed, other target
specific options to a set of building options.
The option is enabled by default on Linux/x86 if target binutils
supports @code{Intel CET} instructions. In this case the target
libraries are configured to get additional @option{-fcf-protection}
and @option{-mcet} options.
@end table @end table
@subheading Cross-Compiler-Specific Options @subheading Cross-Compiler-Specific Options

View File

@ -1,3 +1,21 @@
2017-11-17 Igor Tsimbalist <igor.v.tsimbalist@intel.com>
* Makefile.in (configure_deps): Add $(srcdir)/../config/cet.m4.
(CET_FLAGS): New.
* config/i386/morestack.S: Include <cet.h>.
(__morestack_large_model): Add _CET_ENDBR at function entrance.
* config/i386/resms64.h: Include <cet.h>.
* config/i386/resms64f.h: Likewise.
* config/i386/resms64fx.h: Likewise.
* config/i386/resms64x.h: Likewise.
* config/i386/savms64.h: Likewise.
* config/i386/savms64f.h: Likewise.
* config/i386/t-linux (HOST_LIBGCC2_CFLAGS): Add $(CET_FLAGS).
(CRTSTUFF_T_CFLAGS): Likewise.
* configure.ac: Include ../config/cet.m4.
Set and substitute CET_FLAGS.
* configure: Regenerated.
2017-11-14 Rainer Orth <ro@CeBiTec.Uni-Bielefeld.DE> 2017-11-14 Rainer Orth <ro@CeBiTec.Uni-Bielefeld.DE>
* config.host (*-*-solaris2*): Adapt comment for Solaris 12 * config.host (*-*-solaris2*): Adapt comment for Solaris 12

View File

@ -171,7 +171,8 @@ configure_deps = \
$(srcdir)/../config/dfp.m4 \ $(srcdir)/../config/dfp.m4 \
$(srcdir)/../config/unwind_ipinfo.m4 \ $(srcdir)/../config/unwind_ipinfo.m4 \
$(srcdir)/../config/gthr.m4 \ $(srcdir)/../config/gthr.m4 \
$(srcdir)/../config/sjlj.m4 $(srcdir)/../config/sjlj.m4 \
$(srcdir)/../config/cet.m4
$(srcdir)/configure: @MAINT@ $(srcdir)/configure.ac $(configure_deps) $(srcdir)/configure: @MAINT@ $(srcdir)/configure.ac $(configure_deps)
cd $(srcdir) && $(AUTOCONF) cd $(srcdir) && $(AUTOCONF)
@ -254,6 +255,8 @@ HOST_LIBGCC2_CFLAGS =
PICFLAG = @PICFLAG@ PICFLAG = @PICFLAG@
CET_FLAGS = @CET_FLAGS@
# Defined in libgcc2.c, included only in the static library. # Defined in libgcc2.c, included only in the static library.
LIB2FUNCS_ST = _eprintf __gcc_bcmp LIB2FUNCS_ST = _eprintf __gcc_bcmp

View File

@ -91,6 +91,8 @@
# __morestack to call __morestack_non_split instead. We just bump the # __morestack to call __morestack_non_split instead. We just bump the
# requested stack space by 16K. # requested stack space by 16K.
#include <cet.h>
.global __morestack_non_split .global __morestack_non_split
.hidden __morestack_non_split .hidden __morestack_non_split
@ -701,6 +703,7 @@ DW.ref.__gcc_personality_v0:
__morestack_large_model: __morestack_large_model:
.cfi_startproc .cfi_startproc
_CET_ENDBR
movq %r10, %r11 movq %r10, %r11
andl $0xffffffff, %r10d andl $0xffffffff, %r10d

View File

@ -23,6 +23,8 @@ a copy of the GCC Runtime Library Exception along with this program;
see the files COPYING3 and COPYING.RUNTIME respectively. If not, see see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <cet.h>
#ifdef __x86_64__ #ifdef __x86_64__
#include "i386-asm.h" #include "i386-asm.h"

View File

@ -23,6 +23,8 @@ a copy of the GCC Runtime Library Exception along with this program;
see the files COPYING3 and COPYING.RUNTIME respectively. If not, see see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <cet.h>
#ifdef __x86_64__ #ifdef __x86_64__
#include "i386-asm.h" #include "i386-asm.h"

View File

@ -23,6 +23,8 @@ a copy of the GCC Runtime Library Exception along with this program;
see the files COPYING3 and COPYING.RUNTIME respectively. If not, see see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <cet.h>
#ifdef __x86_64__ #ifdef __x86_64__
#include "i386-asm.h" #include "i386-asm.h"

View File

@ -23,6 +23,8 @@ a copy of the GCC Runtime Library Exception along with this program;
see the files COPYING3 and COPYING.RUNTIME respectively. If not, see see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <cet.h>
#ifdef __x86_64__ #ifdef __x86_64__
#include "i386-asm.h" #include "i386-asm.h"

View File

@ -23,6 +23,8 @@ a copy of the GCC Runtime Library Exception along with this program;
see the files COPYING3 and COPYING.RUNTIME respectively. If not, see see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <cet.h>
#ifdef __x86_64__ #ifdef __x86_64__
#include "i386-asm.h" #include "i386-asm.h"

View File

@ -23,6 +23,8 @@ a copy of the GCC Runtime Library Exception along with this program;
see the files COPYING3 and COPYING.RUNTIME respectively. If not, see see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
<http://www.gnu.org/licenses/>. */ <http://www.gnu.org/licenses/>. */
#include <cet.h>
#ifdef __x86_64__ #ifdef __x86_64__
#include "i386-asm.h" #include "i386-asm.h"

View File

@ -3,4 +3,5 @@
# t-slibgcc-elf-ver and t-linux # t-slibgcc-elf-ver and t-linux
SHLIB_MAPFILES = libgcc-std.ver $(srcdir)/config/i386/libgcc-glibc.ver SHLIB_MAPFILES = libgcc-std.ver $(srcdir)/config/i386/libgcc-glibc.ver
HOST_LIBGCC2_CFLAGS += -mlong-double-80 -DUSE_ELF_SYMVER HOST_LIBGCC2_CFLAGS += -mlong-double-80 -DUSE_ELF_SYMVER $(CET_FLAGS)
CRTSTUFF_T_CFLAGS += $(CET_FLAGS)

72
libgcc/configure vendored
View File

@ -573,6 +573,7 @@ vis_hide
real_host_noncanonical real_host_noncanonical
accel_dir_suffix accel_dir_suffix
force_explicit_eh_registry force_explicit_eh_registry
CET_FLAGS
fixed_point fixed_point
enable_decimal_float enable_decimal_float
decimal_float decimal_float
@ -675,6 +676,7 @@ with_build_libsubdir
enable_largefile enable_largefile
enable_decimal_float enable_decimal_float
with_system_libunwind with_system_libunwind
enable_cet
enable_explicit_exception_frame_registration enable_explicit_exception_frame_registration
with_glibc_version with_glibc_version
enable_tls enable_tls
@ -1314,6 +1316,8 @@ Optional Features:
enable decimal float extension to C. Selecting 'bid' enable decimal float extension to C. Selecting 'bid'
or 'dpd' choses which decimal floating point format or 'dpd' choses which decimal floating point format
to use to use
--enable-cet enable Intel CET in target libraries
[default=default]
--enable-explicit-exception-frame-registration --enable-explicit-exception-frame-registration
register exception tables explicitly at module register exception tables explicitly at module
start, for use e.g. for compatibility with start, for use e.g. for compatibility with
@ -4773,6 +4777,74 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sjlj_exceptions" >&5 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sjlj_exceptions" >&5
$as_echo "$ac_cv_sjlj_exceptions" >&6; } $as_echo "$ac_cv_sjlj_exceptions" >&6; }
# Check whether --enable-cet was given.
if test "${enable_cet+set}" = set; then :
enableval=$enable_cet;
case "$enableval" in
yes|no|default) ;;
*) as_fn_error "Unknown argument to enable/disable cet" "$LINENO" 5 ;;
esac
else
enable_cet=default
fi
case "$host" in
i[34567]86-*-linux* | x86_64-*-linux*)
case "$enable_cet" in
default)
# Check if assembler supports CET.
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
asm ("setssbsy");
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
enable_cet=yes
else
enable_cet=no
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
;;
yes)
# Check if assembler supports CET.
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
asm ("setssbsy");
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
else
as_fn_error "assembler with CET support is required for --enable-cet" "$LINENO" 5
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
;;
esac
;;
*)
enable_cet=no
;;
esac
if test x$enable_cet = xyes; then
CET_FLAGS="-fcf-protection -mcet"
fi
# Check whether --enable-explicit-exception-frame-registration was given. # Check whether --enable-explicit-exception-frame-registration was given.
if test "${enable_explicit_exception_frame_registration+set}" = set; then : if test "${enable_explicit_exception_frame_registration+set}" = set; then :
enableval=$enable_explicit_exception_frame_registration; enableval=$enable_explicit_exception_frame_registration;

View File

@ -11,6 +11,7 @@ sinclude(../config/dfp.m4)
sinclude(../config/unwind_ipinfo.m4) sinclude(../config/unwind_ipinfo.m4)
sinclude(../config/gthr.m4) sinclude(../config/gthr.m4)
sinclude(../config/sjlj.m4) sinclude(../config/sjlj.m4)
sinclude(../config/cet.m4)
AC_PREREQ(2.64) AC_PREREQ(2.64)
AC_INIT([GNU C Runtime Library], 1.0,,[libgcc]) AC_INIT([GNU C Runtime Library], 1.0,,[libgcc])
@ -236,6 +237,9 @@ GCC_CHECK_UNWIND_GETIPINFO
# Check if the compiler is configured for setjmp/longjmp exceptions. # Check if the compiler is configured for setjmp/longjmp exceptions.
GCC_CHECK_SJLJ_EXCEPTIONS GCC_CHECK_SJLJ_EXCEPTIONS
GCC_CET_FLAGS(CET_FLAGS)
AC_SUBST(CET_FLAGS)
AC_ARG_ENABLE([explicit-exception-frame-registration], AC_ARG_ENABLE([explicit-exception-frame-registration],
[AC_HELP_STRING([--enable-explicit-exception-frame-registration], [AC_HELP_STRING([--enable-explicit-exception-frame-registration],
[register exception tables explicitly at module start, for use [register exception tables explicitly at module start, for use