CET kernel has been changed to place a restore token on shadow stack for
signal handler to enhance security. It is usually transparent to user
programs since kernel will pop the restore token when signal handler
returns. But when an exception is thrown from a signal handler, now
we need to remove _Unwind_Frames_Increment to pop the the restore token
from shadow stack. Otherwise, we get
FAIL: g++.dg/torture/pr85334.C -O0 execution test
FAIL: g++.dg/torture/pr85334.C -O1 execution test
FAIL: g++.dg/torture/pr85334.C -O2 execution test
FAIL: g++.dg/torture/pr85334.C -O3 -g execution test
FAIL: g++.dg/torture/pr85334.C -Os execution test
FAIL: g++.dg/torture/pr85334.C -O2 -flto -fno-use-linker-plugin -flto-partition=none execution test
PR libgcc/85334
* config/i386/shadow-stack-unwind.h (_Unwind_Frames_Increment):
Removed.
From-SVN: r263030
When -fcf-protection -mcet is used, I got
FAIL: g++.dg/eh/sighandle.C
(gdb) bt
#0 _Unwind_RaiseException (exc=exc@entry=0x416ed0)
at /export/gnu/import/git/sources/gcc/libgcc/unwind.inc:140
#1 0x00007ffff7d9936b in __cxxabiv1::__cxa_throw (obj=<optimized out>,
tinfo=0x403dd0 <typeinfo for int@@CXXABI_1.3>, dest=0x0)
at /export/gnu/import/git/sources/gcc/libstdc++-v3/libsupc++/eh_throw.cc:90
#2 0x0000000000401255 in sighandler (signo=11, si=0x7fffffffd6f8,
uc=0x7fffffffd5c0)
at /export/gnu/import/git/sources/gcc/gcc/testsuite/g++.dg/eh/sighandle.C:9
#3 <signal handler called> <<<< Signal frame which isn't on shadow stack
#4 dosegv ()
at /export/gnu/import/git/sources/gcc/gcc/testsuite/g++.dg/eh/sighandle.C:14
#5 0x00000000004012e3 in main ()
at /export/gnu/import/git/sources/gcc/gcc/testsuite/g++.dg/eh/sighandle.C:30
(gdb) p frames
$6 = 5
(gdb)
frame count should be 4, not 5. This patch skips signal frames when
unwinding shadow stack.
gcc/testsuite/
PR libgcc/85334
* g++.dg/torture/pr85334.C: New test.
libgcc/
PR libgcc/85334
* unwind-generic.h (_Unwind_Frames_Increment): New.
* config/i386/shadow-stack-unwind.h (_Unwind_Frames_Increment):
Likewise.
* unwind.inc (_Unwind_RaiseException_Phase2): Increment frame
count with _Unwind_Frames_Increment.
(_Unwind_ForcedUnwind_Phase2): Likewise.
From-SVN: r259502
Program received signal SIGSEGV, Segmentation fault.
__stack_split_initialize ()
at /export/gnu/import/git/sources/gcc/libgcc/config/i386/morestack.S:751
751 leaq -16000(%rsp),%rax # We should have at least 16K.
Missing separate debuginfos, use: dnf debuginfo-install libgcc-8.0.1-0.21.0.fc28.x86_64
(gdb) disass
Dump of assembler code for function __stack_split_initialize:
=> 0x0000000000402858 <+0>: lea -0x3e80(%rsp),%rax
0x0000000000402860 <+8>: mov %rax,%fs:0x70
0x0000000000402869 <+17>: sub $0x8,%rsp
0x000000000040286d <+21>: mov %rsp,%rdi
0x0000000000402870 <+24>: mov $0x3e80,%esi
0x0000000000402875 <+29>: callq 0x401810 <__generic_morestack_set_initial_sp>
0x000000000040287a <+34>: add $0x8,%rsp
0x000000000040287e <+38>: retq
End of assembler dump.
(gdb)
This patch adds the missing ENDBR to __stack_split_initialize.
PR libgcc/85379
* config/i386/morestack.S (__stack_split_initialize): Add
_CET_ENDBR.
From-SVN: r259497
PR target/84945
* config/i386/cpuinfo.c (set_feature): Wrap into do while (0) to avoid
-Wdangling-else warnings. Mask shift counts to avoid
-Wshift-count-negative and -Wshift-count-overflow false positives.
From-SVN: r259398
Enable AVX and AVX512 features only if their states are supported by
OSXSAVE.
PR target/85100
* config/i386/cpuinfo.c (XCR_XFEATURE_ENABLED_MASK): New.
(XSTATE_FP): Likewise.
(XSTATE_SSE): Likewise.
(XSTATE_YMM): Likewise.
(XSTATE_OPMASK): Likewise.
(XSTATE_ZMM): Likewise.
(XSTATE_HI_ZMM): Likewise.
(XCR_AVX_ENABLED_MASK): Likewise.
(XCR_AVX512F_ENABLED_MASK): Likewise.
(get_available_features): Enable AVX and AVX512 features only
if their states are supported by OSXSAVE.
From-SVN: r258954
PR target/84945
* config/i386/i386.c (fold_builtin_cpu): For features above 31
use __cpu_features2 variable instead of __cpu_model.__cpu_features[0].
Use 1U instead of 1. Formatting fixes.
* gcc.target/i386/pr84945.c: New test.
* config/i386/cpuinfo.h (__cpu_features2): Declare.
* config/i386/cpuinfo.c (__cpu_features2): New variable for
ifndef SHARED only.
(set_feature): Define.
(get_available_features): Use set_feature macro. Set __cpu_features2
to the second word of features ifndef SHARED.
From-SVN: r258673
PR debug/83917
* configure.ac (AS_HIDDEN_DIRECTIVE): AC_DEFINE_UNQUOTED this to
$asm_hidden_op if visibility ("hidden") attribute works.
(HAVE_AS_CFI_SECTIONS): New AC_DEFINE.
* config/i386/i386-asm.h: Don't include auto-host.h.
(PACKAGE_VERSION, PACKAGE_NAME, PACKAGE_STRING, PACKAGE_TARNAME,
PACKAGE_URL): Don't undefine.
(USE_GAS_CFI_DIRECTIVES): Don't use nor define this macro, instead
guard cfi_startproc only on ifdef __GCC_HAVE_DWARF2_CFI_ASM.
(FN_HIDDEN): Change guard from #ifdef HAVE_GAS_HIDDEN to
#ifdef AS_HIDDEN_DIRECTIVE, use AS_HIDDEN_DIRECTIVE macro in the
definition instead of hardcoded .hidden.
* config/i386/cygwin.S: Include i386-asm.h first before .cfi_sections
directive. Use #ifdef HAVE_AS_CFI_SECTIONS rather than
#ifdef HAVE_GAS_CFI_SECTIONS_DIRECTIVE to guard .cfi_sections.
(USE_GAS_CFI_DIRECTIVES): Don't define.
* configure: Regenerated.
* config.in: Likewise.
From-SVN: r258057
PR debug/83917
* config/i386/i386-asm.h (PACKAGE_VERSION, PACKAGE_NAME,
PACKAGE_STRING, PACKAGE_TARNAME, PACKAGE_URL): Undefine between
inclusion of auto-target.h and auto-host.h.
(USE_GAS_CFI_DIRECTIVES): Define if not defined already based on
__GCC_HAVE_DWARF2_CFI_ASM.
(cfi_startproc, cfi_endproc, cfi_adjust_cfa_offset,
cfi_def_cfa_register, cfi_def_cfa, cfi_register, cfi_offset, cfi_push,
cfi_pop): Define.
* config/i386/cygwin.S: Don't include auto-host.h here, just
define USE_GAS_CFI_DIRECTIVES to 1 or 0 and include i386-asm.h.
(cfi_startproc, cfi_endproc, cfi_adjust_cfa_offset,
cfi_def_cfa_register, cfi_register, cfi_push, cfi_pop): Remove.
* config/i386/resms64fx.h: Add cfi_* directives.
* config/i386/resms64x.h: Likewise.
From-SVN: r258010
Introduce a couple of new CET intrinsics for reading and updating a
shadow stack pointer (_get_ssp and _inc_ssp). They replace the existing
_rdssp[d|q] and _incssp[d|q] instrinsics.
PR target/84239
* gcc/config/i386/cetintrin.h: Remove _rdssp[d|q] and
add _get_ssp intrinsics. Remove argument from
__builtin_ia32_rdssp[d|q].
* gcc/config/i386/i386-builtin-types.def: Add UINT_FTYPE_VOID.
* gcc/config/i386/i386-builtin.def: Remove argument from
__builtin_ia32_rdssp[d|q].
* gcc/config/i386/i386.c: Use UINT_FTYPE_VOID. Use
ix86_expand_special_args_builtin for _rdssp[d|q].
* gcc/config/i386/i386.md: Remove argument from rdssp[si|di] insn.
Clear register before usage.
* doc/extend.texi: Remove argument from __builtin_ia32_rdssp[d|q].
Add documentation for new _get_ssp and _inc_ssp intrinsics.
* testsuite/gcc.target/i386/cet-intrin-3.c: Use new _get_ssp and
_inc_ssp intrinsics.
* testsuite/gcc.target/i386/cet-intrin-4.c: Likewise.
* testsuite/gcc.target/i386/cet-rdssp-1.c: Remove argument from
__builtin_ia32_rdssp[d|q].
* libgcc/config/i386/shadow-stack-unwind.hi (_Unwind_Frames_Extra):
Use new _get_ssp and _inc_ssp intrinsics.
From-SVN: r257660
Control-flow Enforcement Technology (CET), published by Intel,
introduces the Shadow Stack feature, which ensures a return from a
function is done to exactly the same location from where the function
was called. When EH is present the control-flow transfer may skip some
stack frames and the shadow stack has to be adjusted not to signal a
violation of a control-flow transfer. It's done by counting a number
of skiping frames and adjasting shadow stack pointer by this number.
Having new semantic of the 'ret' instruction if CET is supported in HW
the 'ret' instruction cannot be generated in ix86_expand_epilogue when
we are returning after EH is processed. Added a code in
ix86_expand_epilogue to adjust Shadow Stack pointer and to generate an
indirect jump instead of 'ret'. As sp register is used during this
adjustment thus the argument in pro_epilogue_adjust_stack is changed
to update cfa_reg based on whether control-flow instrumentation is set.
Without updating the cfa_reg field there is an assert later in dwarf2
pass related to mismatch the stack register and cfa_reg value.
gcc/
* config/i386/i386.c (ix86_expand_epilogue): Change simple
return to indirect jump for EH return if control-flow protection
is enabled. Change explicit 'false' argument in
pro_epilogue_adjust_stack with a value of flag_cf_protection.
* config/i386/i386.md (simple_return_indirect_internal): Remove
SImode restriction to support 64-bit.
libgcc/
* config/i386/linux-unwind.h: Include
config/i386/shadow-stack-unwind.h.
* config/i386/shadow-stack-unwind.h: New file.
* unwind-dw2.c: (uw_install_context): Add a frame parameter and
pass it to _Unwind_Frames_Extra.
* unwind-generic.h (_Unwind_Frames_Extra): New.
* unwind.inc (_Unwind_RaiseException_Phase2): Add frames_p
parameter. Add local variable frames to count number of frames.
(_Unwind_ForcedUnwind_Phase2): Likewise.
(_Unwind_RaiseException): Add local variable frames to count
number of frames, pass it to _Unwind_RaiseException_Phase2 and
uw_install_context.
(_Unwind_ForcedUnwind): Likewise.
(_Unwind_Resume): Likewise.
(_Unwind_Resume_or_Rethrow): Likewise.
From-SVN: r254876
Enable building libgcc with CET options by default on Linux/x86 if
binutils supports CET v2.0. It can be disabled with --disable-cet.
It is an error to configure GCC with --enable-cet if bintuiils
doesn't support CET v2.0.
ENDBR instruction is added to __morestack_large_model since it is
called indirectly.
2017-11-17 Igor Tsimbalist <igor.v.tsimbalist@intel.com>
config/
* cet.m4: New file.
gcc/
* config.gcc (extra_headers): Add cet.h for x86 targets.
* config/i386/cet.h: New file.
* doc/install.texi: Add --enable-cet/--disable-cet.
libgcc/
* Makefile.in (configure_deps): Add $(srcdir)/../config/cet.m4.
(CET_FLAGS): New.
* config/i386/morestack.S: Include <cet.h>.
(__morestack_large_model): Add _CET_ENDBR at function entrance.
* config/i386/resms64.h: Include <cet.h>.
* config/i386/resms64f.h: Likewise.
* config/i386/resms64fx.h: Likewise.
* config/i386/resms64x.h: Likewise.
* config/i386/savms64.h: Likewise.
* config/i386/savms64f.h: Likewise.
* config/i386/t-linux (HOST_LIBGCC2_CFLAGS): Add $(CET_FLAGS).
(CRTSTUFF_T_CFLAGS): Likewise.
* configure.ac: Include ../config/cet.m4.
Set and substitute CET_FLAGS.
* configure: Regenerated.
From-SVN: r254868
2017-11-04 Andreas Tobler <andreast@gcc.gnu.org>
PR libgcc/82635
* config/i386/freebsd-unwind.h (MD_FALLBACK_FRAME_STATE_FOR): Use a
sysctl to determine whether we're in a trampoline.
Keep the pattern matching method for systems without
KERN_PROC_SIGTRAMP sysctl.
From-SVN: r254411
gcc:
config/i386/i386.c: (xlogue_layout::STUB_NAME_MAX_LEN): Increase to 20
bytes.
(xlogue_layout::s_stub_names): Add an additional size-2 diminsion.
(xlogue_layout::get_stub_name): Modify to select the appropairate sse
or avx version of the stub.
gcc/testsuite:
gcc.target/i386/pr82196-1.c: New test.
gcc.target/i386/pr82196-2.c: Likewise.
libgcc:
config/i386/i386-asm.h (PASTE2): New macro.
(ASMNAME): Modify to use PASTE2.
(MS2SYSV_STUB_PREFIX): New macro for isa prefix.
(MS2SYSV_STUB_BEGIN, MS2SYSV_STUB_END): New macros for stub headers.
config/i386/resms64.S: Rename to a header file, use MS2SYSV_STUB_BEGIN
instead of HIDDEN_FUNC and MS2SYSV_STUB_END instead of FUNC_END.
config/i386/resms64f.S: Likewise.
config/i386/resms64fx.S: Likewise.
config/i386/resms64x.S: Likewise.
config/i386/savms64.S: Likewise.
config/i386/savms64f.S: Likewise.
config/i386/avx_resms64.S: New file that only defines a macro and
includes it's corresponding header file.
config/i386/avx_resms64f.S: Likewise.
config/i386/avx_resms64fx.S: Likewise.
config/i386/avx_resms64x.S: Likewise.
config/i386/avx_savms64.S: Likewise.
config/i386/avx_savms64f.S: Likewise.
config/i386/sse_resms64.S: Likewise.
config/i386/sse_resms64f.S: Likewise.
config/i386/sse_resms64fx.S: Likewise.
config/i386/sse_resms64x.S: Likewise.
config/i386/sse_savms64.S: Likewise.
config/i386/sse_savms64f.S: Likewise.
config/i386/t-msabi: Modified to add avx and sse versions of stubs.
From-SVN: r252896
2017-07-24 Daniel Santos <daniel.santos@pobox.com>
PR testsuite/80759
* config.host: include i386/t-msabi for darwin and solaris.
* config/i386/i386-asm.h
(ELFFN): Rename to FN_TYPE.
(FN_SIZE): New macro.
(FN_HIDDEN): Likewise.
(ASMNAME): Likewise.
(FUNC_START): Rename to FUNC_BEGIN, use ASMNAME, replace .global with
.globl.
(HIDDEN_FUNC): Use ASMNAME and .globl instead of .global.
(SSE_SAVE): Convert to cpp macro, hard-code offset (always 0x60).
* config/i386/resms64.S: Use SSE_SAVE as cpp macro instead of gas
.macro.
* config/i386/resms64f.S: Likewise.
* config/i386/resms64fx.S: Likewise.
* config/i386/resms64x.S: Likewise.
* config/i386/savms64.S: Likewise.
* config/i386/savms64f.S: Likewise.
From-SVN: r250488
Current glibc no longer gives the ucontext_t type the tag struct
ucontext, to conform with POSIX namespace rules. This requires
various linux-unwind.h files in libgcc, that were previously using
struct ucontext, to be fixed to use ucontext_t instead. This is
similar to the removal of the struct siginfo tag from siginfo_t some
years ago.
This patch changes those files to use ucontext_t instead. As the
standard name that should be unconditionally safe, so this is not
restricted to architectures supported by glibc, or conditioned on the
glibc version.
Tested compilation together with current glibc with glibc's
build-many-glibcs.py.
* config/aarch64/linux-unwind.h (aarch64_fallback_frame_state),
config/alpha/linux-unwind.h (alpha_fallback_frame_state),
config/bfin/linux-unwind.h (bfin_fallback_frame_state),
config/i386/linux-unwind.h (x86_64_fallback_frame_state,
x86_fallback_frame_state), config/m68k/linux-unwind.h (struct
uw_ucontext), config/nios2/linux-unwind.h (struct nios2_ucontext),
config/pa/linux-unwind.h (pa32_fallback_frame_state),
config/riscv/linux-unwind.h (riscv_fallback_frame_state),
config/sh/linux-unwind.h (sh_fallback_frame_state),
config/tilepro/linux-unwind.h (tile_fallback_frame_state),
config/xtensa/linux-unwind.h (xtensa_fallback_frame_state): Use
ucontext_t instead of struct ucontext.
From-SVN: r249731
gcc/
2017-06-22 Matt Turner <mattst88@gmail.com>
* config/i386/driver-i386.c (host_detect_local_cpu): Add Kaby
Lake models to skylake case. Assume skylake for unknown
models with clflushopt.
gcc/testsuite/
2017-06-22 Matt Turner <mattst88@gmail.com>
* gcc.target/i386/builtin_target.c: Add Kaby Lake models to
skylake check.
libgcc/
2017-06-22 Matt Turner <mattst88@gmail.com>
* config/i386/cpuinfo.c (get_intel_cpu): Add Kaby Lake models to
skylake case.
From-SVN: r249574
gcc/ChangeLog:
* config/i386/i386.opt: Add option -mcall-ms2sysv-xlogues.
* config/i386/i386.h
(x86_64_ms_sysv_extra_clobbered_registers): Change type to unsigned.
(NUM_X86_64_MS_CLOBBERED_REGS): New macro.
(struct machine_function): Add new members call_ms2sysv,
call_ms2sysv_pad_in, call_ms2sysv_pad_out and call_ms2sysv_extra_regs.
(struct machine_frame_state): New fields sp_realigned and
sp_realigned_offset.
* config/i386/i386.c
(enum xlogue_stub): New enum.
(enum xlogue_stub_sets): New enum.
(class xlogue_layout): New class.
(struct ix86_frame): New fields stack_realign_allocate_offset,
stack_realign_offset and outlined_save_offset. Modify comments to
detail stack layout when using out-of-line stubs.
(ix86_target_string): Add -mcall-ms2sysv-xlogues option.
(ix86_option_override_internal): Add sorry() for TARGET_SEH and
-mcall-ms2sysv-xlogues.
(stub_managed_regs): New static variable.
(ix86_save_reg): Add new parameter ignore_outlined to optionally omit
registers managed by out-of-line stub.
(disable_call_ms2sysv_xlogues): New function.
(ix86_compute_frame_layout): Modify re-alignment calculations, disable
m->call_ms2sysv when appropriate and compute frame layout for
out-of-line stubs.
(sp_valid_at, fp_valid_at): New inline functions.
(choose_basereg): New function.
(choose_baseaddr): Add align parameter, use choose_basereg and modify
all callers.
(ix86_emit_save_reg_using_mov, ix86_emit_restore_sse_regs_using_mov):
Use align parameter of choose_baseaddr to generated aligned SSE movs
when possible.
(pro_epilogue_adjust_stack): Modify to track
machine_frame_state::sp_realigned.
(ix86_nsaved_regs): Modify to accommodate changes to ix86_save_reg.
(ix86_nsaved_sseregs): Likewise.
(ix86_emit_save_regs): Likewise.
(ix86_emit_save_regs_using_mov): Likewise.
(ix86_emit_save_sse_regs_using_mov): Likewise.
(get_scratch_register_on_entry): Likewise.
(gen_frame_set): New function.
(gen_frame_load): Likewise.
(gen_frame_store): Likewise.
(emit_outlined_ms2sysv_save): Likewise.
(emit_outlined_ms2sysv_restore): Likewise.
(ix86_expand_prologue): Modify stack re-alignment code and call
emit_outlined_ms2sysv_save when appropriate.
(ix86_emit_leave): Clear machine_frame_state::sp_realigned. Add
parameter rtx_insn *insn, which allows the function to be used to only
generate the notes.
(ix86_expand_epilogue): Modify validity checks of frame and stack
pointers, and call emit_outlined_ms2sysv_restore when appropriate.
(ix86_expand_call): Modify to enable m->call_ms2sysv when appropriate.
* config/i386/predicates.md
(save_multiple): New predicate.
(restore_multiple): Likewise.
* config/i386/sse.md
(save_multiple<mode>): New pattern.
(save_multiple_realign<mode>): Likewise.
(restore_multiple<mode>): Likewise.
(restore_multiple_and_return<mode>): Likewise.
(restore_multiple_leave_return<mode>): Likewise.
* Makefile.in: Export HOSTCXX and HOSTCXXFLAGS to site.exp
gcc/testsuite/ChangeLog:
* gcc.target/x86_64/abi/ms-sysv/do-test.S: New file.
* gcc.target/x86_64/abi/ms-sysv/gen.cc: Likewise.
* gcc.target/x86_64/abi/ms-sysv/ms-sysv.c: Likewise.
* gcc.target/x86_64/abi/ms-sysv/ms-sysv.exp: Likewise.
libgcc/ChangeLog:
* config.host: Add i386/t-msabi to i386/t-linux file list.
* config/i386/i386-asm.h: New file.
* config/i386/resms64.S: New file.
* config/i386/resms64f.S: New file.
* config/i386/resms64fx.S: New file.
* config/i386/resms64x.S: New file.
* config/i386/savms64.S: New file.
* config/i386/savms64f.S: New file.
* config/i386/t-msabi: New file.
From-SVN: r248029
The __cpu_indicator_init and __cpu_model symbols are not safe to use
from shared libgcc_s.so from ifunc resolvers, so since gcc-6, only
the definitions from static libgcc.a are used, however the symbols
are kept in libgcc_s as well for backward compatibility (with
appropriate symbol version). On targets without such backward
compatibility concern add cpuinfo to the static library only (this
avoids running the ctor, reduces libgcc_s size and elf abi concerns
about the versioned symbols).
libgcc/
2016-11-11 Szabolcs Nagy <szabolcs.nagy@arm.com>
* config.host (i[3456]86-*-musl*, x86_64-*-musl*): Use
i386/t-cpuinfo-static instead of i386/t-cpuinfo.
* config/i386/t-cpuinfo-static: New.
From-SVN: r242268
Jakub Jelinek