x86/cet: Add -fcf-protection=none before -fcf-protection=branch
Checks
Context |
Check |
Description |
redhat-pt-bot/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
redhat-pt-bot/TryBot-32bit |
success
|
Build for i686
|
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_build--master-arm |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-arm |
success
|
Testing passed
|
Commit Message
When shadow stack is enabled, some CET tests failed when compiled with
GCC 14:
FAIL: elf/tst-cet-legacy-4
FAIL: elf/tst-cet-legacy-5a
FAIL: elf/tst-cet-legacy-6a
which are caused by
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113039
These tests use -fcf-protection -fcf-protection=branch and assume that
-fcf-protection=branch will override -fcf-protection. But this GCC 14
commit:
https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1c6231c05bdcca
changed the -fcf-protection behavior such that
-fcf-protection -fcf-protection=branch
is treated the same as
-fcf-protection
Use
-fcf-protection -fcf-protection=none -fcf-protection=branch
as the workaround. This fixes BZ #31187.
Tested with GCC 13 and GCC 14 on Intel Tiger Lake.
---
sysdeps/x86/Makefile | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
Comments
On Mon, Jan 1, 2024 at 7:55 AM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> When shadow stack is enabled, some CET tests failed when compiled with
> GCC 14:
>
> FAIL: elf/tst-cet-legacy-4
> FAIL: elf/tst-cet-legacy-5a
> FAIL: elf/tst-cet-legacy-6a
>
> which are caused by
>
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113039
>
> These tests use -fcf-protection -fcf-protection=branch and assume that
> -fcf-protection=branch will override -fcf-protection. But this GCC 14
> commit:
>
> https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1c6231c05bdcca
>
> changed the -fcf-protection behavior such that
>
> -fcf-protection -fcf-protection=branch
>
> is treated the same as
>
> -fcf-protection
>
> Use
>
> -fcf-protection -fcf-protection=none -fcf-protection=branch
>
> as the workaround. This fixes BZ #31187.
>
> Tested with GCC 13 and GCC 14 on Intel Tiger Lake.
> ---
> sysdeps/x86/Makefile | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile
> index a49b13c595..5c8ab64c4d 100644
> --- a/sysdeps/x86/Makefile
> +++ b/sysdeps/x86/Makefile
> @@ -215,12 +215,12 @@ modules-names += \
> tst-cet-legacy-mod-6c \
> # modules-names
>
> -CFLAGS-tst-cet-legacy-2.c += -fcf-protection=branch
> +CFLAGS-tst-cet-legacy-2.c += -fcf-protection=none -fcf-protection=branch
> CFLAGS-tst-cet-legacy-2a.c += -fcf-protection
> CFLAGS-tst-cet-legacy-mod-1.c += -fcf-protection=none
> CFLAGS-tst-cet-legacy-mod-2.c += -fcf-protection=none
> CFLAGS-tst-cet-legacy-3.c += -fcf-protection=none
> -CFLAGS-tst-cet-legacy-4.c += -fcf-protection=branch
> +CFLAGS-tst-cet-legacy-4.c += -fcf-protection=none -fcf-protection=branch
> CPPFLAGS-tst-cet-legacy-4a.c += -DCET_IS_PERMISSIVE=1
> CFLAGS-tst-cet-legacy-4a.c += -fcf-protection
> CFLAGS-tst-cet-legacy-4b.c += -fcf-protection
> @@ -231,7 +231,7 @@ CPPFLAGS-tst-cet-legacy-5a.c += -DCET_IS_PERMISSIVE=1
> endif
> CFLAGS-tst-cet-legacy-5b.c += -fcf-protection -mshstk
> CPPFLAGS-tst-cet-legacy-5b.c += -DCET_DISABLED_BY_ENV=1
> -CFLAGS-tst-cet-legacy-mod-5a.c += -fcf-protection=branch
> +CFLAGS-tst-cet-legacy-mod-5a.c += -fcf-protection=none -fcf-protection=branch
> CFLAGS-tst-cet-legacy-mod-5b.c += -fcf-protection
> CFLAGS-tst-cet-legacy-mod-5c.c += -fcf-protection
> CFLAGS-tst-cet-legacy-6a.c += -fcf-protection -mshstk
> @@ -240,7 +240,7 @@ CPPFLAGS-tst-cet-legacy-6a.c += -DCET_IS_PERMISSIVE=1
> endif
> CFLAGS-tst-cet-legacy-6b.c += -fcf-protection -mshstk
> CPPFLAGS-tst-cet-legacy-6b.c += -DCET_DISABLED_BY_ENV=1
> -CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=branch
> +CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=none -fcf-protection=branch
> CFLAGS-tst-cet-legacy-mod-6b.c += -fcf-protection
> CFLAGS-tst-cet-legacy-mod-6c.c += -fcf-protection
> CFLAGS-tst-cet-legacy-7.c += -fcf-protection=none
> --
> 2.43.0
>
LGTM.
Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
@@ -215,12 +215,12 @@ modules-names += \
tst-cet-legacy-mod-6c \
# modules-names
-CFLAGS-tst-cet-legacy-2.c += -fcf-protection=branch
+CFLAGS-tst-cet-legacy-2.c += -fcf-protection=none -fcf-protection=branch
CFLAGS-tst-cet-legacy-2a.c += -fcf-protection
CFLAGS-tst-cet-legacy-mod-1.c += -fcf-protection=none
CFLAGS-tst-cet-legacy-mod-2.c += -fcf-protection=none
CFLAGS-tst-cet-legacy-3.c += -fcf-protection=none
-CFLAGS-tst-cet-legacy-4.c += -fcf-protection=branch
+CFLAGS-tst-cet-legacy-4.c += -fcf-protection=none -fcf-protection=branch
CPPFLAGS-tst-cet-legacy-4a.c += -DCET_IS_PERMISSIVE=1
CFLAGS-tst-cet-legacy-4a.c += -fcf-protection
CFLAGS-tst-cet-legacy-4b.c += -fcf-protection
@@ -231,7 +231,7 @@ CPPFLAGS-tst-cet-legacy-5a.c += -DCET_IS_PERMISSIVE=1
endif
CFLAGS-tst-cet-legacy-5b.c += -fcf-protection -mshstk
CPPFLAGS-tst-cet-legacy-5b.c += -DCET_DISABLED_BY_ENV=1
-CFLAGS-tst-cet-legacy-mod-5a.c += -fcf-protection=branch
+CFLAGS-tst-cet-legacy-mod-5a.c += -fcf-protection=none -fcf-protection=branch
CFLAGS-tst-cet-legacy-mod-5b.c += -fcf-protection
CFLAGS-tst-cet-legacy-mod-5c.c += -fcf-protection
CFLAGS-tst-cet-legacy-6a.c += -fcf-protection -mshstk
@@ -240,7 +240,7 @@ CPPFLAGS-tst-cet-legacy-6a.c += -DCET_IS_PERMISSIVE=1
endif
CFLAGS-tst-cet-legacy-6b.c += -fcf-protection -mshstk
CPPFLAGS-tst-cet-legacy-6b.c += -DCET_DISABLED_BY_ENV=1
-CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=branch
+CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=none -fcf-protection=branch
CFLAGS-tst-cet-legacy-mod-6b.c += -fcf-protection
CFLAGS-tst-cet-legacy-mod-6c.c += -fcf-protection
CFLAGS-tst-cet-legacy-7.c += -fcf-protection=none