target: missing -Whardened with -fcf-protection=none [PR114606]
Checks
Context |
Check |
Description |
linaro-tcwg-bot/tcwg_gcc_build--master-arm |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_gcc_check--master-arm |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_gcc_build--master-aarch64 |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_gcc_check--master-aarch64 |
success
|
Testing passed
|
Commit Message
Bootstrapped/regtested on x86_64-pc-linux-gnu, ok for trunk?
-- >8 --
-Whardened warns when -fhardened couldn't enable a hardening option
because that option was disabled on the command line, e.g.:
$ ./cc1plus -quiet g.C -fhardened -O2 -fstack-protector
cc1plus: warning: '-fstack-protector-strong' is not enabled by '-fhardened' because it was specified on the command line [-Whardened]
but it doesn't work as expected with -fcf-protection=none:
$ ./cc1plus -quiet g.C -fhardened -O2 -fcf-protection=none
because we're checking == CF_NONE which doesn't distinguish between nothing
and -fcf-protection=none. I should have used OPTION_SET_P, like below.
PR target/114606
gcc/ChangeLog:
* config/i386/i386-options.cc (ix86_option_override_internal): Use
OPTION_SET_P rather than checking == CF_NONE.
gcc/testsuite/ChangeLog:
* gcc.target/i386/fhardened-1.c: New test.
* gcc.target/i386/fhardened-2.c: New test.
---
gcc/config/i386/i386-options.cc | 2 +-
gcc/testsuite/gcc.target/i386/fhardened-1.c | 8 ++++++++
gcc/testsuite/gcc.target/i386/fhardened-2.c | 8 ++++++++
3 files changed, 17 insertions(+), 1 deletion(-)
create mode 100644 gcc/testsuite/gcc.target/i386/fhardened-1.c
create mode 100644 gcc/testsuite/gcc.target/i386/fhardened-2.c
base-commit: e7d015b2506a1d9e84d9f7182e42e097147527e1
Comments
On Fri, Apr 05, 2024 at 02:22:18PM -0400, Marek Polacek wrote:
> Bootstrapped/regtested on x86_64-pc-linux-gnu, ok for trunk?
>
> -- >8 --
> -Whardened warns when -fhardened couldn't enable a hardening option
> because that option was disabled on the command line, e.g.:
>
> $ ./cc1plus -quiet g.C -fhardened -O2 -fstack-protector
> cc1plus: warning: '-fstack-protector-strong' is not enabled by '-fhardened' because it was specified on the command line [-Whardened]
>
> but it doesn't work as expected with -fcf-protection=none:
>
> $ ./cc1plus -quiet g.C -fhardened -O2 -fcf-protection=none
>
> because we're checking == CF_NONE which doesn't distinguish between nothing
> and -fcf-protection=none. I should have used OPTION_SET_P, like below.
>
> PR target/114606
>
> gcc/ChangeLog:
>
> * config/i386/i386-options.cc (ix86_option_override_internal): Use
> OPTION_SET_P rather than checking == CF_NONE.
>
> gcc/testsuite/ChangeLog:
>
> * gcc.target/i386/fhardened-1.c: New test.
> * gcc.target/i386/fhardened-2.c: New test.
> ---
> gcc/config/i386/i386-options.cc | 2 +-
> gcc/testsuite/gcc.target/i386/fhardened-1.c | 8 ++++++++
> gcc/testsuite/gcc.target/i386/fhardened-2.c | 8 ++++++++
> 3 files changed, 17 insertions(+), 1 deletion(-)
> create mode 100644 gcc/testsuite/gcc.target/i386/fhardened-1.c
> create mode 100644 gcc/testsuite/gcc.target/i386/fhardened-2.c
>
> diff --git a/gcc/config/i386/i386-options.cc b/gcc/config/i386/i386-options.cc
> index 7896d576977..20c6dc48090 100644
> --- a/gcc/config/i386/i386-options.cc
> +++ b/gcc/config/i386/i386-options.cc
> @@ -3242,7 +3242,7 @@ ix86_option_override_internal (bool main_args_p,
> on the command line. */
> if (opts->x_flag_hardened && cf_okay_p)
> {
> - if (opts->x_flag_cf_protection == CF_NONE)
> + if (!OPTION_SET_P (flag_cf_protection))
This function is passed explicit opts and opts_set arguments, so it
shouldn't be using flag_something macros nor OPTION_SET_P, as the former
use global_options.x_flag_something rather than opts->x_flag_something
and the latter uses global_options_set.x_flag_something.
So, I think you want to use if (!opts_set->x_flag_cf_protection)
instead.
> opts->x_flag_cf_protection = CF_FULL;
> else if (opts->x_flag_cf_protection != CF_FULL)
> warning_at (UNKNOWN_LOCATION, OPT_Whardened,
Otherwise LGTM.
Jakub
@@ -3242,7 +3242,7 @@ ix86_option_override_internal (bool main_args_p,
on the command line. */
if (opts->x_flag_hardened && cf_okay_p)
{
- if (opts->x_flag_cf_protection == CF_NONE)
+ if (!OPTION_SET_P (flag_cf_protection))
opts->x_flag_cf_protection = CF_FULL;
else if (opts->x_flag_cf_protection != CF_FULL)
warning_at (UNKNOWN_LOCATION, OPT_Whardened,
new file mode 100644
@@ -0,0 +1,8 @@
+/* PR target/114606 */
+/* { dg-options "-fhardened -O2 -fcf-protection=none" } */
+
+#ifdef __CET__
+# error "-fcf-protection enabled when it should not be"
+#endif
+
+/* { dg-warning ".-fcf-protection=full. is not enabled by .-fhardened. because it was specified" "" { target *-*-* } 0 } */
new file mode 100644
@@ -0,0 +1,8 @@
+/* PR target/114606 */
+/* { dg-options "-fhardened -O2" } */
+
+#if __CET__ != 3
+# error "-fcf-protection not enabled"
+#endif
+
+/* { dg-bogus ".-fcf-protection=full. is not enabled by .-fhardened. because it was specified" "" { target *-*-* } 0 } */