Attachment #760602 for bug #828400

View | Details | Raw Unified | Return to bug 828400 | Differences between
Collapse All | Expand All




From 83efc6ce009021f27b602c1dfcf65338f761b095 Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
Date: Tue, 28 Dec 2021 03:42:53 +0000
Subject: [PATCH] Enable CET (-fcf-protection=full) by default

Needs:

  for now to avoid accidentally enabling it on other arches.

  Only supported on amd64.

---
 gcc/config/i386/i386-options.c |  3 +++
 gcc/config/i386/i386-options.c |  8 ++++++++
 gcc/defaults.h                 | 13 +++++++++++++
 2 files changed, 16 insertions(+)
 gcc/toplev.c                   |  4 +++-
 5 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/gcc/common.opt b/gcc/common.opt
index a88778b..4993a7e 100644
--- a/gcc/common.opt
+++ b/gcc/common.opt
@@ -1783,7 +1783,7 @@ fcf-protection
 Common RejectNegative Alias(fcf-protection=,full)
 
 fcf-protection=
-Common Joined RejectNegative Enum(cf_protection_level) Var(flag_cf_protection) Init(CF_NONE)
+Common Joined RejectNegative Enum(cf_protection_level) Var(flag_cf_protection) Init(CF_UNSET)
 -fcf-protection=[full|branch|return|none|check]	Instrument functions with checks to verify jump/call/return control-flow transfer
 instructions have valid targets.
 
diff --git a/gcc/config/i386/i386-options.c b/gcc/config/i386/i386-options.c
index 19632b5..fac61af 100644
--- a/gcc/config/i386/i386-options.c
+++ b/gcc/config/i386/i386-options.c
@@ -3049,6 +3049,9 @@ ix86_option_override_internal (bool main_args_p,
         = build_target_option_node (opts, opts_set);
     }
 
+  if (TARGET_64BIT && TARGET_CMOV)
+    SET_OPTION_IF_UNSET (opts, opts_set, flag_cf_protection, DEFAULT_FLAG_CF);
+      if (TARGET_64BIT && TARGET_CMOV)
+	opts->x_flag_cf_protection = DEFAULT_FLAG_CF;
+      else
+	opts->x_flag_cf_protection = CF_NONE;
+    }
+
   if (opts->x_flag_cf_protection != CF_NONE)
     {

 /* By default, the C++ compiler will use function addresses in the
    vtable entries.  Setting this nonzero tells the compiler to use
    function descriptors instead.  The value of this macro says how
diff --git a/gcc/flag-types.h b/gcc/flag-types.h
index a038c8f..61be0b1 100644
--- a/gcc/flag-types.h
+++ b/gcc/flag-types.h
@@ -389,6 +389,7 @@ enum gfc_convert
 /* Control-Flow Protection values.  */
 enum cf_protection_level
 {
+  CF_UNSET = -1,
   CF_NONE = 0,
   CF_BRANCH = 1 << 0,
   CF_RETURN = 1 << 1,
diff --git a/gcc/toplev.c b/gcc/toplev.c
index ea0a2a1..bac60eb 100644
--- a/gcc/toplev.c
+++ b/gcc/toplev.c
@@ -1297,7 +1297,9 @@ process_options (void)
 	   "%<-floop-nest-optimize%>, %<-floop-parallelize-all%>)");
 #endif
 
-  if (flag_cf_protection != CF_NONE
+  /* Gentoo: we add CF_UNSET here just to be safe, but we only patch the default
+     for amd64 + when CET is definitely enabled anyway. */
+  if ((flag_cf_protection != CF_NONE) && (flag_cf_protection != CF_UNSET)
       && !(flag_cf_protection & CF_SET))
     {
       if (flag_cf_protection == CF_FULL)
-- 
2.34.1

- 

Return to bug 828400

Lines 1-6 Link Here

(-)a/11.3.0/gentoo/26_all_enable-cet.patch (-57 / +9 lines)
1	From ed1d323dc821e906144f4fc4c39bc16695495f73 Mon Sep 17 00:00:00 2001	1	From 83efc6ce009021f27b602c1dfcf65338f761b095 Mon Sep 17 00:00:00 2001
2	From: Sam James <sam@gentoo.org>	2	From: Sam James <sam@gentoo.org>
3	Date: Thu, 9 Dec 2021 02:39:19 +0000	3	Date: Tue, 28 Dec 2021 03:42:53 +0000
4	Subject: [PATCH] Enable CET (-fcf-protection=full) by default	4	Subject: [PATCH] Enable CET (-fcf-protection=full) by default
5		5
6	Needs:	6	Needs:
Lines 9-50 Needs: Link Here
9	for now to avoid accidentally enabling it on other arches.	9	for now to avoid accidentally enabling it on other arches.
10		10
11	Only supported on amd64.	11	Only supported on amd64.
		12
12	---	13	---
13	gcc/common.opt \| 2 +-	14	gcc/config/i386/i386-options.c \| 3 +++
14	gcc/config/i386/i386-options.c \| 8 ++++++++
15	gcc/defaults.h \| 13 +++++++++++++	15	gcc/defaults.h \| 13 +++++++++++++
16	gcc/flag-types.h \| 1 +	16	2 files changed, 16 insertions(+)
17	gcc/toplev.c \| 4 +++-
18	5 files changed, 26 insertions(+), 2 deletions(-)
19		17
20	diff --git a/gcc/common.opt b/gcc/common.opt
21	index a88778b..4993a7e 100644
22	--- a/gcc/common.opt
23	+++ b/gcc/common.opt
24	@@ -1783,7 +1783,7 @@ fcf-protection
25	Common RejectNegative Alias(fcf-protection=,full)
26
27	fcf-protection=
28	-Common Joined RejectNegative Enum(cf_protection_level) Var(flag_cf_protection) Init(CF_NONE)
29	+Common Joined RejectNegative Enum(cf_protection_level) Var(flag_cf_protection) Init(CF_UNSET)
30	-fcf-protection=[full\|branch\|return\|none\|check] Instrument functions with checks to verify jump/call/return control-flow transfer
31	instructions have valid targets.
32
33	diff --git a/gcc/config/i386/i386-options.c b/gcc/config/i386/i386-options.c	18	diff --git a/gcc/config/i386/i386-options.c b/gcc/config/i386/i386-options.c
34	index 19632b5..8ee36fe 100644	19	index 19632b5..fac61af 100644
35	--- a/gcc/config/i386/i386-options.c	20	--- a/gcc/config/i386/i386-options.c
36	+++ b/gcc/config/i386/i386-options.c	21	+++ b/gcc/config/i386/i386-options.c
37	@@ -3049,6 +3049,14 @@ ix86_option_override_internal (bool main_args_p,	22	@@ -3049,6 +3049,9 @@ ix86_option_override_internal (bool main_args_p,
38	= build_target_option_node (opts, opts_set);	23	= build_target_option_node (opts, opts_set);
39	}	24	}
40		25
41	+ if (opts->x_flag_cf_protection == CF_UNSET)	26	+ if (TARGET_64BIT && TARGET_CMOV)
42	+ {	27	+ SET_OPTION_IF_UNSET (opts, opts_set, flag_cf_protection, DEFAULT_FLAG_CF);
43	+ if (TARGET_64BIT && TARGET_CMOV)
44	+ opts->x_flag_cf_protection = DEFAULT_FLAG_CF;
45	+ else
46	+ opts->x_flag_cf_protection = CF_NONE;
47	+ }
48	+	28	+
49	if (opts->x_flag_cf_protection != CF_NONE)	29	if (opts->x_flag_cf_protection != CF_NONE)
50	{	30	{
Lines 73-105 index 0f6cd78..5694412 100644 Link Here
73	/* By default, the C++ compiler will use function addresses in the	53	/* By default, the C++ compiler will use function addresses in the
74	vtable entries. Setting this nonzero tells the compiler to use	54	vtable entries. Setting this nonzero tells the compiler to use
75	function descriptors instead. The value of this macro says how	55	function descriptors instead. The value of this macro says how
76	diff --git a/gcc/flag-types.h b/gcc/flag-types.h
77	index a038c8f..61be0b1 100644
78	--- a/gcc/flag-types.h
79	+++ b/gcc/flag-types.h
80	@@ -389,6 +389,7 @@ enum gfc_convert
81	/* Control-Flow Protection values. */
82	enum cf_protection_level
83	{
84	+ CF_UNSET = -1,
85	CF_NONE = 0,
86	CF_BRANCH = 1 << 0,
87	CF_RETURN = 1 << 1,
88	diff --git a/gcc/toplev.c b/gcc/toplev.c
89	index ea0a2a1..bac60eb 100644
90	--- a/gcc/toplev.c
91	+++ b/gcc/toplev.c
92	@@ -1297,7 +1297,9 @@ process_options (void)
93	"%<-floop-nest-optimize%>, %<-floop-parallelize-all%>)");
94	#endif
95
96	- if (flag_cf_protection != CF_NONE
97	+ /* Gentoo: we add CF_UNSET here just to be safe, but we only patch the default
98	+ for amd64 + when CET is definitely enabled anyway. */
99	+ if ((flag_cf_protection != CF_NONE) && (flag_cf_protection != CF_UNSET)
100	&& !(flag_cf_protection & CF_SET))
101	{
102	if (flag_cf_protection == CF_FULL)
103	--	56	--
104	2.34.1	57	2.34.1
105		58
106	-