From patchwork Mon Jan 31 18:55:24 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hjl.tools@gmail.com>
X-Patchwork-Id: 50599
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id AF1093857815
	for <patchwork@sourceware.org>; Mon, 31 Jan 2022 18:56:55 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AF1093857815
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1643655415;
	bh=uyaegPfp63qTPPLevpVKJFTwAIl89TT+1PGLc7Wjh+w=;
	h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=PoTnGP24jtyKSjw0C/vuogYszp8VG54unQgfRBLekgifiqYdBfNABWeyNKlm9Oblw
	 3ixcjJmskCKG6LK6tAbR/ITzCd1FytWQ5QQGgy7MFPIIgJtF7+IQgejMAaXnpKZ4Hr
	 rVWkujiHOJkIjUPZ7ChdGzRNN0bYmf5KeGSZC49M=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from mail-pg1-x52f.google.com (mail-pg1-x52f.google.com
 [IPv6:2607:f8b0:4864:20::52f])
 by sourceware.org (Postfix) with ESMTPS id 79E50385C019
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 18:55:31 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 79E50385C019
Received: by mail-pg1-x52f.google.com with SMTP id z131so13037412pgz.12
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 10:55:31 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=uyaegPfp63qTPPLevpVKJFTwAIl89TT+1PGLc7Wjh+w=;
 b=jCHLbx9QYy0372j804eMMge/iAWwhZcxMCCcDB3ZchlPaS6bKPPVn/sDiC9bPa/dQe
 ljtdMoGdX/hBZMjhdQVXn004631ae/5KNpB2sLVBuZtBFHmZypjeBfVS9VJASEmF6d07
 DdD7ZZCvP4YviBSQCiV85DJjIbRBsGXXv0pgKxM9LUsz8pBWXbvZJZgZrCZ3/zeOaRRR
 b49sZX3hg3ty3eLvK/P9j7BNWjZM5g+ElLaXPSaCjeT85kHalBSFOCie3Ygo1/i5DZMD
 dO8dHWjSyE0AWJ6ucrYlhn6dITUGODVME44F/6hy73k/IvRw2im2zrIQAay3+2wJ+DdQ
 nODA==
X-Gm-Message-State: AOAM530nvPacBZL5tblYklZxgmm/wDaHJpJePLgiie+JaOXlKPsSOwoq
 g+AMtl3d5vBAh1g11agL6SrANRckmGY=
X-Google-Smtp-Source: 
 ABdhPJyjz3l8/jQ3mBWX5z2/do54JdEKU7z9JjB5kw5a+nmi+bVDQTv5J3VnJiI4jlEV1HIhRIkDRA==
X-Received: by 2002:aa7:8490:: with SMTP id u16mr21411087pfn.1.1643655330282;
 Mon, 31 Jan 2022 10:55:30 -0800 (PST)
Received: from gnu-tgl-2.localdomain ([172.58.35.133])
 by smtp.gmail.com with ESMTPSA id d12sm22572656pgk.29.2022.01.31.10.55.29
 for <gcc-patches@gcc.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 31 Jan 2022 10:55:29 -0800 (PST)
Received: from gnu-tgl-2.. (localhost [IPv6:::1])
 by gnu-tgl-2.localdomain (Postfix) with ESMTP id 194873004A3
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 10:55:28 -0800 (PST)
To: gcc-patches@gcc.gnu.org
Subject: [GCC 11 PATCH 1/5] x86: Remove "%!" before ret
Date: Mon, 31 Jan 2022 10:55:24 -0800
Message-Id: <20220131185528.619688-2-hjl.tools@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220131185528.619688-1-hjl.tools@gmail.com>
References: <20220131185528.619688-1-hjl.tools@gmail.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-3028.5 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: "H.J. Lu via Gcc-patches" <gcc-patches@gcc.gnu.org>
From: "H.J. Lu" <hjl.tools@gmail.com>
Reply-To: "H.J. Lu" <hjl.tools@gmail.com>
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>

Before MPX was removed, "%!" was mapped to

        case '!':
          if (ix86_bnd_prefixed_insn_p (current_output_insn))
            fputs ("bnd ", file);
          return;

After CET was added and MPX was removed, "%!" was mapped to

       case '!':
          if (ix86_notrack_prefixed_insn_p (current_output_insn))
            fputs ("notrack ", file);
          return;

ix86_notrack_prefixed_insn_p always returns false on ret since the
notrack prefix is only for indirect branches.  Remove the unused "%!"
before ret.

	PR target/103307
	* config/i386/i386.c (ix86_code_end): Remove "%!" before ret.
	(ix86_output_function_return): Likewise.
	* config/i386/i386.md (simple_return_pop_internal): Likewise.

(cherry picked from commit 8e410de43ce039bbe08f1e0195e3b6ec24f68cae)
---
 gcc/config/i386/i386.c  | 4 ++--
 gcc/config/i386/i386.md | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index 8e8c8beb366..4ba1a218ee6 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -6000,7 +6000,7 @@ ix86_code_end (void)
       xops[0] = gen_rtx_REG (Pmode, regno);
       xops[1] = gen_rtx_MEM (Pmode, stack_pointer_rtx);
       output_asm_insn ("mov%z0\t{%1, %0|%0, %1}", xops);
-      output_asm_insn ("%!ret", NULL);
+      fputs ("\tret\n", asm_out_file);
       final_end_function ();
       init_insn_lengths ();
       free_after_compilation (cfun);
@@ -16027,7 +16027,7 @@ ix86_output_function_return (bool long_p)
     }
 
   if (!long_p)
-    return "%!ret";
+    return "ret";
 
   return "rep%; ret";
 }
diff --git a/gcc/config/i386/i386.md b/gcc/config/i386/i386.md
index db9dbf384ad..1aff2ac2a82 100644
--- a/gcc/config/i386/i386.md
+++ b/gcc/config/i386/i386.md
@@ -13912,7 +13912,7 @@ (define_insn_and_split "simple_return_pop_internal"
   [(simple_return)
    (use (match_operand:SI 0 "const_int_operand"))]
   "reload_completed"
-  "%!ret\t%0"
+  "ret\t%0"
   "&& cfun->machine->function_return_type != indirect_branch_keep"
   [(const_int 0)]
   "ix86_split_simple_return_pop_internal (operands[0]); DONE;"

From patchwork Mon Jan 31 18:55:25 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hjl.tools@gmail.com>
X-Patchwork-Id: 50600
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id C614C3948A6E
	for <patchwork@sourceware.org>; Mon, 31 Jan 2022 18:57:52 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C614C3948A6E
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1643655472;
	bh=/VLyCnne1HYgLB6QuhokQDjwzX6cmE4y8OLgUgbO4uQ=;
	h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=auQ03sC/6f24jVZkebXn+FMMBNi4AlXvg8nNUQmr3zO4aJ5zboXwJ+ogZHCg2/bpv
	 X2XLKT1dIfKZVNSC8ve8mMG71XZ5E5YOKU3mhSTM9hTCOhxV1Ek7pXxql7baBM58hi
	 LGmOpa9U0Y+ncHpSeMKGWa2xvSqx/A/gu1X/zwDw=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from mail-pj1-x102d.google.com (mail-pj1-x102d.google.com
 [IPv6:2607:f8b0:4864:20::102d])
 by sourceware.org (Postfix) with ESMTPS id 0A3883857C77
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 18:55:31 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0A3883857C77
Received: by mail-pj1-x102d.google.com with SMTP id
 qe6-20020a17090b4f8600b001b7aaad65b9so42619pjb.2
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 10:55:30 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=/VLyCnne1HYgLB6QuhokQDjwzX6cmE4y8OLgUgbO4uQ=;
 b=R96+KsdJsCXWWEC7mTAW7DfRImLgTjBxJgqhs4rOstz0FVhImpptE/qTXeXRL35Xuk
 mP8gM7upgFsKBBuALbfXQHr4ag8YCFXrZ/edoKLfwcLeZk3tJLqqSnzpiUYwE2JSvR7M
 cLfOUG5PydDDXvk/h/UvdLI2HM9s+bDl3iyawdftJL9A9yO0RbDJXe0I0fwD/NQct/a2
 UjQtQpfpAXbC5XW/DjcPPqAMg6lW0rQPy2FXzRZUPL4Ftq8JtfZhtcIJRqJhU7lcNj09
 +J0ThuVqFKu1/Zkcd0qRfL55g6ebvapeQ0yJoookpSc7iCWhgfAWA4gb7OYEa8J9EmcB
 2npw==
X-Gm-Message-State: AOAM531p6Sp+el49EwuqNkbq/QjH7vZA++evn8bElpyhEdWJsEyifHjI
 lFziWfQr9dGFFatC7fnHdd6QDTIe7zw=
X-Google-Smtp-Source: 
 ABdhPJyTj0NBmBEa8Bj0h/u0V8jPNrFfXtrO79mKWDsVfl+N0C+BstdNMvWPq268lr15sBr7K3k5Vg==
X-Received: by 2002:a17:90b:4a83:: with SMTP id
 lp3mr35356437pjb.35.1643655329626;
 Mon, 31 Jan 2022 10:55:29 -0800 (PST)
Received: from gnu-tgl-2.localdomain ([172.58.35.133])
 by smtp.gmail.com with ESMTPSA id s2sm29815728pgf.56.2022.01.31.10.55.29
 for <gcc-patches@gcc.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 31 Jan 2022 10:55:29 -0800 (PST)
Received: from gnu-tgl-2.. (localhost [IPv6:::1])
 by gnu-tgl-2.localdomain (Postfix) with ESMTP id 1AD1F3004A4
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 10:55:28 -0800 (PST)
To: gcc-patches@gcc.gnu.org
Subject: [GCC 11 PATCH 2/5] x86: Add
 -mharden-sls=[none|all|return|indirect-branch]
Date: Mon, 31 Jan 2022 10:55:25 -0800
Message-Id: <20220131185528.619688-3-hjl.tools@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220131185528.619688-1-hjl.tools@gmail.com>
References: <20220131185528.619688-1-hjl.tools@gmail.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-3028.5 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 KAM_SHORT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,
 SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: "H.J. Lu via Gcc-patches" <gcc-patches@gcc.gnu.org>
From: "H.J. Lu" <hjl.tools@gmail.com>
Reply-To: "H.J. Lu" <hjl.tools@gmail.com>
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>

Add -mharden-sls= to mitigate against straight line speculation (SLS)
for function return and indirect branch by adding an INT3 instruction
after function return and indirect branch.

gcc/

	PR target/102952
	* config/i386/i386-opts.h (harden_sls): New enum.
	* config/i386/i386.c (output_indirect_thunk): Mitigate against
	SLS for function return.
	(ix86_output_function_return): Likewise.
	(ix86_output_jmp_thunk_or_indirect): Mitigate against indirect
	branch.
	(ix86_output_indirect_jmp): Likewise.
	(ix86_output_call_insn): Likewise.
	* config/i386/i386.opt: Add -mharden-sls=.
	* doc/invoke.texi: Document -mharden-sls=.

gcc/testsuite/

	PR target/102952
	* gcc.target/i386/harden-sls-1.c: New test.
	* gcc.target/i386/harden-sls-2.c: Likewise.
	* gcc.target/i386/harden-sls-3.c: Likewise.
	* gcc.target/i386/harden-sls-4.c: Likewise.
	* gcc.target/i386/harden-sls-5.c: Likewise.

(cherry picked from commit 53a643f8568067d7700a9f2facc8ba39974973d3)
---
 gcc/config/i386/i386-opts.h                  |  7 +++++++
 gcc/config/i386/i386.c                       | 21 +++++++++++++-------
 gcc/config/i386/i386.opt                     | 20 +++++++++++++++++++
 gcc/doc/invoke.texi                          | 10 +++++++++-
 gcc/testsuite/gcc.target/i386/harden-sls-1.c | 14 +++++++++++++
 gcc/testsuite/gcc.target/i386/harden-sls-2.c | 14 +++++++++++++
 gcc/testsuite/gcc.target/i386/harden-sls-3.c | 14 +++++++++++++
 gcc/testsuite/gcc.target/i386/harden-sls-4.c | 16 +++++++++++++++
 gcc/testsuite/gcc.target/i386/harden-sls-5.c | 17 ++++++++++++++++
 9 files changed, 125 insertions(+), 8 deletions(-)
 create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-1.c
 create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-2.c
 create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-3.c
 create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-4.c
 create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-5.c

diff --git a/gcc/config/i386/i386-opts.h b/gcc/config/i386/i386-opts.h
index de6e7e01661..e159019e904 100644
--- a/gcc/config/i386/i386-opts.h
+++ b/gcc/config/i386/i386-opts.h
@@ -125,4 +125,11 @@ enum instrument_return {
   instrument_return_nop5
 };
 
+enum harden_sls {
+  harden_sls_none = 0,
+  harden_sls_return = 1 << 0,
+  harden_sls_indirect_branch = 1 << 1,
+  harden_sls_all = harden_sls_return | harden_sls_indirect_branch
+};
+
 #endif
diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index 4ba1a218ee6..f3c4991317d 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -5798,6 +5798,8 @@ output_indirect_thunk (unsigned int regno)
     }
 
   fputs ("\tret\n", asm_out_file);
+  if ((ix86_harden_sls & harden_sls_return))
+    fputs ("\tint3\n", asm_out_file);
 }
 
 /* Output a funtion with a call and return thunk for indirect branch.
@@ -15733,6 +15735,8 @@ ix86_output_jmp_thunk_or_indirect (const char *thunk_name, const int regno)
       fprintf (asm_out_file, "\tjmp\t");
       assemble_name (asm_out_file, thunk_name);
       putc ('\n', asm_out_file);
+      if ((ix86_harden_sls & harden_sls_indirect_branch))
+	fputs ("\tint3\n", asm_out_file);
     }
   else
     output_indirect_thunk (regno);
@@ -15955,10 +15959,10 @@ ix86_output_indirect_jmp (rtx call_op)
 	gcc_unreachable ();
 
       ix86_output_indirect_branch (call_op, "%0", true);
-      return "";
     }
   else
-    return "%!jmp\t%A0";
+    output_asm_insn ("%!jmp\t%A0", &call_op);
+  return (ix86_harden_sls & harden_sls_indirect_branch) ? "int3" : "";
 }
 
 /* Output return instrumentation for current function if needed.  */
@@ -16026,10 +16030,8 @@ ix86_output_function_return (bool long_p)
       return "";
     }
 
-  if (!long_p)
-    return "ret";
-
-  return "rep%; ret";
+  output_asm_insn (long_p ? "rep%; ret" : "ret", nullptr);
+  return (ix86_harden_sls & harden_sls_return) ? "int3" : "";
 }
 
 /* Output indirect function return.  RET_OP is the function return
@@ -16124,7 +16126,12 @@ ix86_output_call_insn (rtx_insn *insn, rtx call_op)
       if (output_indirect_p && !direct_p)
 	ix86_output_indirect_branch (call_op, xasm, true);
       else
-	output_asm_insn (xasm, &call_op);
+	{
+	  output_asm_insn (xasm, &call_op);
+	  if (!direct_p
+	      && (ix86_harden_sls & harden_sls_indirect_branch))
+	    return "int3";
+	}
       return "";
     }
 
diff --git a/gcc/config/i386/i386.opt b/gcc/config/i386/i386.opt
index 7b8547bb1c3..bc401c197b5 100644
--- a/gcc/config/i386/i386.opt
+++ b/gcc/config/i386/i386.opt
@@ -1113,6 +1113,26 @@ mrecord-return
 Target Var(ix86_flag_record_return) Init(0)
 Generate a __return_loc section pointing to all return instrumentation code.
 
+mharden-sls=
+Target RejectNegative Joined Enum(harden_sls) Var(ix86_harden_sls) Init(harden_sls_none)
+Generate code to mitigate against straight line speculation.
+
+Enum
+Name(harden_sls) Type(enum harden_sls)
+Known choices for mitigation against straight line speculation with -mharden-sls=:
+
+EnumValue
+Enum(harden_sls) String(none) Value(harden_sls_none)
+
+EnumValue
+Enum(harden_sls) String(return) Value(harden_sls_return)
+
+EnumValue
+Enum(harden_sls) String(indirect-branch) Value(harden_sls_indirect_branch)
+
+EnumValue
+Enum(harden_sls) String(all) Value(harden_sls_all)
+
 mavx512bf16
 Target Mask(ISA2_AVX512BF16) Var(ix86_isa_flags2) Save
 Support MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AVX, AVX2, AVX512F and
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 5a4b3c6c234..1fe19800bde 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -1409,7 +1409,7 @@ See RS/6000 and PowerPC Options.
 -mstack-protector-guard-symbol=@var{symbol} @gol
 -mgeneral-regs-only  -mcall-ms2sysv-xlogues @gol
 -mindirect-branch=@var{choice}  -mfunction-return=@var{choice} @gol
--mindirect-branch-register -mneeded}
+-mindirect-branch-register -mharden-sls=@var{choice} -mneeded}
 
 @emph{x86 Windows Options}
 @gccoptlist{-mconsole  -mcygwin  -mno-cygwin  -mdll @gol
@@ -31724,6 +31724,14 @@ not be reachable in the large code model.
 @opindex mindirect-branch-register
 Force indirect call and jump via register.
 
+@item -mharden-sls=@var{choice}
+@opindex mharden-sls
+Generate code to mitigate against straight line speculation (SLS) with
+@var{choice}.  The default is @samp{none} which disables all SLS
+hardening.  @samp{return} enables SLS hardening for function return.
+@samp{indirect-branch} enables SLS hardening for indirect branch.
+@samp{all} enables all SLS hardening.
+
 @end table
 
 These @samp{-m} switches are supported in addition to the above
diff --git a/gcc/testsuite/gcc.target/i386/harden-sls-1.c b/gcc/testsuite/gcc.target/i386/harden-sls-1.c
new file mode 100644
index 00000000000..6f70dc94a23
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/harden-sls-1.c
@@ -0,0 +1,14 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -mindirect-branch=thunk-extern -mharden-sls=all" } */
+/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
+
+extern void foo (void);
+
+void
+bar (void)
+{
+  foo ();
+}
+
+/* { dg-final { scan-assembler "jmp\[ \t\]+_?foo" } } */
+/* { dg-final { scan-assembler-not {int3} } } */
diff --git a/gcc/testsuite/gcc.target/i386/harden-sls-2.c b/gcc/testsuite/gcc.target/i386/harden-sls-2.c
new file mode 100644
index 00000000000..a7c59078d03
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/harden-sls-2.c
@@ -0,0 +1,14 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -mindirect-branch=thunk-extern -mharden-sls=all" } */
+/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
+
+extern void (*fptr) (void);
+
+void
+foo (void)
+{
+  fptr ();
+}
+
+/* { dg-final { scan-assembler "jmp\[ \t\]+_?__x86_indirect_thunk_(r|e)ax" } } */
+/* { dg-final { scan-assembler-times "int3" 1 } } */
diff --git a/gcc/testsuite/gcc.target/i386/harden-sls-3.c b/gcc/testsuite/gcc.target/i386/harden-sls-3.c
new file mode 100644
index 00000000000..1a6056b6d7b
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/harden-sls-3.c
@@ -0,0 +1,14 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -mindirect-branch=thunk -mharden-sls=all" } */
+/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
+
+extern void (*fptr) (void);
+
+void
+foo (void)
+{
+  fptr ();
+}
+
+/* { dg-final { scan-assembler "jmp\[ \t\]+_?__x86_indirect_thunk_(r|e)ax" } } */
+/* { dg-final { scan-assembler-times "int3" 2 } } */
diff --git a/gcc/testsuite/gcc.target/i386/harden-sls-4.c b/gcc/testsuite/gcc.target/i386/harden-sls-4.c
new file mode 100644
index 00000000000..f70dd1379d3
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/harden-sls-4.c
@@ -0,0 +1,16 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -mindirect-branch=keep -mharden-sls=all" } */
+/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
+
+extern void (*fptr) (void);
+
+void
+foo (void)
+{
+  fptr ();
+}
+
+/* { dg-final { scan-assembler "jmp\[ \t\]+\\*_?fptr" { target { ! x32 } } } } */
+/* { dg-final { scan-assembler "movl\[ \t\]+fptr\\(%rip\\), %eax" { target x32 } } } */
+/* { dg-final { scan-assembler "jmp\[ \t\]+\\*%rax" { target x32 } } } */
+/* { dg-final { scan-assembler-times "int3" 1 } } */
diff --git a/gcc/testsuite/gcc.target/i386/harden-sls-5.c b/gcc/testsuite/gcc.target/i386/harden-sls-5.c
new file mode 100644
index 00000000000..613c44c6f82
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/harden-sls-5.c
@@ -0,0 +1,17 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-extern -mharden-sls=return" } */
+/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
+
+typedef void (*dispatch_t)(long offset);
+
+dispatch_t dispatch;
+
+int
+male_indirect_jump (long offset)
+{
+  dispatch(offset);
+  return 0;
+}
+
+/* { dg-final { scan-assembler-times "ret" 1 } } */
+/* { dg-final { scan-assembler-times "int3" 1 } } */

From patchwork Mon Jan 31 18:55:26 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hjl.tools@gmail.com>
X-Patchwork-Id: 50602
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 19B393949081
	for <patchwork@sourceware.org>; Mon, 31 Jan 2022 18:59:46 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 19B393949081
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1643655586;
	bh=AcQ9Xt1FBWFsoI4HBOad9CnptO2IWOORRGFITh9QihU=;
	h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=xdEeIHxn2osdrb00z6w7dqn3/A6GhfREPvWmw9mloR6Il6fTZ/QjXobmib/PWLaMs
	 PRyMah6CwyIy6QM1kzxWB8Fltkfu7fxb8+CNVNgRykYH6M87iCBIQWRnV8ZjMFQnkx
	 is6LQRcHt36l/uOe84rxhUz0tEbWz4AvRRKwkpXk=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from mail-pl1-x62e.google.com (mail-pl1-x62e.google.com
 [IPv6:2607:f8b0:4864:20::62e])
 by sourceware.org (Postfix) with ESMTPS id 5C51938515C5
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 18:55:32 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 5C51938515C5
Received: by mail-pl1-x62e.google.com with SMTP id d18so13297454plg.2
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 10:55:32 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=AcQ9Xt1FBWFsoI4HBOad9CnptO2IWOORRGFITh9QihU=;
 b=XZwZO/mK8VQRgolQ4d1ApMuVALYdsa36geWs2Sj4KVBMPcAaZRGxopVYsjOjGhkd7K
 pD6ZQQOXgei1EYdJmnypX8XERDPtMNPiXMyamVdwMV36KN5Tt8L2etuqd6msZ67y10da
 08toP94j3SpvtUmc/9mbLkMkyyHaA2zim3D2jVU3B+GGCFqnfduf54i0FcFFmqlbwh/g
 Q7gV/Q/dvlnFk5E4ozPCa4uyzXzfsbMCtasykWzKV42ZzHnCDNhjkUnsdRamE4MejnZY
 q4i4bM8gQJhq5uzO9eLoHAQP+8rBiXIxP2ZcDdxh97PXuyiIpXlqgRISwKVoBAj/5XHn
 2vnQ==
X-Gm-Message-State: AOAM530TZWFThrnIHam2S+Xh3yr0y56KSF6XdOTgXm7bXcmoK+8cHbNw
 xvhA0RbVo37ddIbmqLdJ1rcnTYMPlA8=
X-Google-Smtp-Source: 
 ABdhPJye9FBLA2AnBQ84NWWdGGHCh+jxaQNBm1B9Z+BgdBV1VdeYZ+fMtzGnf1F0IKxsshmK8SPYZg==
X-Received: by 2002:a17:902:7e4a:: with SMTP id
 a10mr21798916pln.143.1643655331182;
 Mon, 31 Jan 2022 10:55:31 -0800 (PST)
Received: from gnu-tgl-2.localdomain ([172.58.35.133])
 by smtp.gmail.com with ESMTPSA id om18sm49521pjb.39.2022.01.31.10.55.29
 for <gcc-patches@gcc.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 31 Jan 2022 10:55:29 -0800 (PST)
Received: from gnu-tgl-2.. (localhost [IPv6:::1])
 by gnu-tgl-2.localdomain (Postfix) with ESMTP id 265E33004A5
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 10:55:28 -0800 (PST)
To: gcc-patches@gcc.gnu.org
Subject: [GCC 11 PATCH 3/5] x86: Add -mindirect-branch-cs-prefix
Date: Mon, 31 Jan 2022 10:55:26 -0800
Message-Id: <20220131185528.619688-4-hjl.tools@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220131185528.619688-1-hjl.tools@gmail.com>
References: <20220131185528.619688-1-hjl.tools@gmail.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-3028.5 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 KAM_SHORT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,
 SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: "H.J. Lu via Gcc-patches" <gcc-patches@gcc.gnu.org>
From: "H.J. Lu" <hjl.tools@gmail.com>
Reply-To: "H.J. Lu" <hjl.tools@gmail.com>
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>

Add -mindirect-branch-cs-prefix to add CS prefix to call and jmp to
indirect thunk with branch target in r8-r15 registers so that the call
and jmp instruction length is 6 bytes to allow them to be replaced with
"lfence; call *%r8-r15" or "lfence; jmp *%r8-r15" at run-time.

gcc/

	PR target/102952
	* config/i386/i386.c (ix86_output_jmp_thunk_or_indirect): Emit
	CS prefix for -mindirect-branch-cs-prefix.
	(ix86_output_indirect_branch_via_reg): Likewise.
	* config/i386/i386.opt: Add -mindirect-branch-cs-prefix.
	* doc/invoke.texi: Document -mindirect-branch-cs-prefix.

gcc/testsuite/

	PR target/102952
	* gcc.target/i386/indirect-thunk-cs-prefix-1.c: New test.
	* gcc.target/i386/indirect-thunk-cs-prefix-2.c: Likewise.

(cherry picked from commit 2196a681d7810ad8b227bf983f38ba716620545e)
---
 gcc/config/i386/i386.c                            |  6 ++++++
 gcc/config/i386/i386.opt                          |  4 ++++
 gcc/doc/invoke.texi                               | 10 +++++++++-
 .../gcc.target/i386/indirect-thunk-cs-prefix-1.c  | 14 ++++++++++++++
 .../gcc.target/i386/indirect-thunk-cs-prefix-2.c  | 15 +++++++++++++++
 5 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-1.c
 create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-2.c

diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index f3c4991317d..2643aa9480f 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -15732,6 +15732,9 @@ ix86_output_jmp_thunk_or_indirect (const char *thunk_name, const int regno)
 {
   if (thunk_name != NULL)
     {
+      if (REX_INT_REGNO_P (regno)
+	  && ix86_indirect_branch_cs_prefix)
+	fprintf (asm_out_file, "\tcs\n");
       fprintf (asm_out_file, "\tjmp\t");
       assemble_name (asm_out_file, thunk_name);
       putc ('\n', asm_out_file);
@@ -15785,6 +15788,9 @@ ix86_output_indirect_branch_via_reg (rtx call_op, bool sibcall_p)
     {
       if (thunk_name != NULL)
 	{
+	  if (REX_INT_REGNO_P (regno)
+	      && ix86_indirect_branch_cs_prefix)
+	    fprintf (asm_out_file, "\tcs\n");
 	  fprintf (asm_out_file, "\tcall\t");
 	  assemble_name (asm_out_file, thunk_name);
 	  putc ('\n', asm_out_file);
diff --git a/gcc/config/i386/i386.opt b/gcc/config/i386/i386.opt
index bc401c197b5..46010c2cc1d 100644
--- a/gcc/config/i386/i386.opt
+++ b/gcc/config/i386/i386.opt
@@ -1072,6 +1072,10 @@ Enum(indirect_branch) String(thunk-inline) Value(indirect_branch_thunk_inline)
 EnumValue
 Enum(indirect_branch) String(thunk-extern) Value(indirect_branch_thunk_extern)
 
+mindirect-branch-cs-prefix
+Target Var(ix86_indirect_branch_cs_prefix) Init(0)
+Add CS prefix to call and jmp to indirect thunk with branch target in r8-r15 registers.
+
 mindirect-branch-register
 Target Var(ix86_indirect_branch_register) Init(0)
 Force indirect call and jump via register.
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 1fe19800bde..645189c2227 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -1409,7 +1409,8 @@ See RS/6000 and PowerPC Options.
 -mstack-protector-guard-symbol=@var{symbol} @gol
 -mgeneral-regs-only  -mcall-ms2sysv-xlogues @gol
 -mindirect-branch=@var{choice}  -mfunction-return=@var{choice} @gol
--mindirect-branch-register -mharden-sls=@var{choice} -mneeded}
+-mindirect-branch-register -mharden-sls=@var{choice} @gol
+-mindirect-branch-cs-prefix -mneeded}
 
 @emph{x86 Windows Options}
 @gccoptlist{-mconsole  -mcygwin  -mno-cygwin  -mdll @gol
@@ -31732,6 +31733,13 @@ hardening.  @samp{return} enables SLS hardening for function return.
 @samp{indirect-branch} enables SLS hardening for indirect branch.
 @samp{all} enables all SLS hardening.
 
+@item -mindirect-branch-cs-prefix
+@opindex mindirect-branch-cs-prefix
+Add CS prefix to call and jmp to indirect thunk with branch target in
+r8-r15 registers so that the call and jmp instruction length is 6 bytes
+to allow them to be replaced with @samp{lfence; call *%r8-r15} or
+@samp{lfence; jmp *%r8-r15} at run-time.
+
 @end table
 
 These @samp{-m} switches are supported in addition to the above
diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-1.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-1.c
new file mode 100644
index 00000000000..db2f3416823
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-1.c
@@ -0,0 +1,14 @@
+/* { dg-do compile { target { ! ia32 } } } */
+/* { dg-options "-O2 -ffixed-rax -ffixed-rbx -ffixed-rcx -ffixed-rdx -ffixed-rdi -ffixed-rsi -mindirect-branch-cs-prefix -mindirect-branch=thunk-extern" } */
+/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
+
+extern void (*fptr) (void);
+
+void
+foo (void)
+{
+  fptr ();
+}
+
+/* { dg-final { scan-assembler-times "jmp\[ \t\]+_?__x86_indirect_thunk_r\[0-9\]+" 1 } } */
+/* { dg-final { scan-assembler-times "\tcs" 1 } } */
diff --git a/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-2.c b/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-2.c
new file mode 100644
index 00000000000..adfc39a49d4
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-2.c
@@ -0,0 +1,15 @@
+/* { dg-do compile { target { ! ia32 } } } */
+/* { dg-options "-O2 -ffixed-rax -ffixed-rbx -ffixed-rcx -ffixed-rdx -ffixed-rdi -ffixed-rsi -mindirect-branch-cs-prefix -mindirect-branch=thunk-extern" } */
+/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
+
+extern void (*bar) (void);
+
+int
+foo (void)
+{
+  bar ();
+  return 0;
+}
+
+/* { dg-final { scan-assembler-times "call\[ \t\]+_?__x86_indirect_thunk_r\[0-9\]+" 1 } } */
+/* { dg-final { scan-assembler-times "\tcs" 1 } } */

From patchwork Mon Jan 31 18:55:27 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hjl.tools@gmail.com>
X-Patchwork-Id: 50601
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 375BD384389F
	for <patchwork@sourceware.org>; Mon, 31 Jan 2022 18:58:49 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 375BD384389F
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1643655529;
	bh=R+E7bbwHxGXXnPCYZtm+arGvbu2oJfiOyGvSePpk8Dg=;
	h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=bjwyveqkhyIwjJKp3tOunHudY19pT53EksSzUom8jKyMVNkAmqJHdWlRUMXWJTCmZ
	 UJk/7nNgMekJGRHhJ6Kes1QmP7RHUyG+Nk3nqNKIwILdIOle8/d6GXrRSjHaLHelza
	 LLeU59sxc1VlmY/NTWdILTZGu06DiWpZJpKpdkA4=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com
 [IPv6:2607:f8b0:4864:20::1035])
 by sourceware.org (Postfix) with ESMTPS id D7533385C418
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 18:55:31 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org D7533385C418
Received: by mail-pj1-x1035.google.com with SMTP id q63so14857715pja.1
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 10:55:31 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=R+E7bbwHxGXXnPCYZtm+arGvbu2oJfiOyGvSePpk8Dg=;
 b=nBUUa4D66k+cBjBelBBwKZXOyd2Np7LkOv3A95aYHxB4VOfL03XXgot4CuNSJ5pPMX
 8TpsT67FO5V9f/if3UB1Q6lSxNskMkhBuYXMf7IUz5K5IpoZjk93KmahwMKYsZxClEgt
 nqlRcQjK0T//ekChPy6pzaxgIQC+kVsPuN/71ymCIjLO44MIN/C3RWzJnPs0KOgst31F
 0o96b8pmllM4e0L6ND7f9kzKk9WrHf105rK6+bvtY9uqyrItkD6EYxFKikRxU7pTMak9
 32qz8xO0KwLgw1M58fG+W4RtxXAs6inLGHQBOb7tgzh4/vs3E23xc2pa16NUPUB2th7O
 Yx7A==
X-Gm-Message-State: AOAM5301aHzU+bEgTWa/B4f8Jrru9+/GyJk20j8s8RRNm7SIM14GZod4
 ORM/Q++HdhKU3hliSVegkYE2lZy7VD8=
X-Google-Smtp-Source: 
 ABdhPJzK/dABJJp7AICTnve8uB2YEnQxQhgI2Sr7Nq/ampPRvx5360oTJ/87G8attMgfJBoztXXHxQ==
X-Received: by 2002:a17:902:6b4a:: with SMTP id
 g10mr22142544plt.57.1643655330770;
 Mon, 31 Jan 2022 10:55:30 -0800 (PST)
Received: from gnu-tgl-2.localdomain ([172.58.35.133])
 by smtp.gmail.com with ESMTPSA id m20sm16563520pfk.215.2022.01.31.10.55.29
 for <gcc-patches@gcc.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 31 Jan 2022 10:55:29 -0800 (PST)
Received: from gnu-tgl-2.. (localhost [IPv6:::1])
 by gnu-tgl-2.localdomain (Postfix) with ESMTP id 27FBD3004A6
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 10:55:28 -0800 (PST)
To: gcc-patches@gcc.gnu.org
Subject: [GCC 11 PATCH 4/5] x86: Rename -harden-sls=indirect-branch to
 -harden-sls=indirect-jmp
Date: Mon, 31 Jan 2022 10:55:27 -0800
Message-Id: <20220131185528.619688-5-hjl.tools@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220131185528.619688-1-hjl.tools@gmail.com>
References: <20220131185528.619688-1-hjl.tools@gmail.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-3028.5 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: "H.J. Lu via Gcc-patches" <gcc-patches@gcc.gnu.org>
From: "H.J. Lu" <hjl.tools@gmail.com>
Reply-To: "H.J. Lu" <hjl.tools@gmail.com>
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>

Indirect branch also includes indirect call instructions.  Rename
-harden-sls=indirect-branch to -harden-sls=indirect-jmp to match its
intended behavior.

	PR target/102952
	* config/i386/i386-opts.h (harden_sls): Replace
	harden_sls_indirect_branch with harden_sls_indirect_jmp.
	* config/i386/i386.c (ix86_output_jmp_thunk_or_indirect):
	Likewise.
	(ix86_output_indirect_jmp): Likewise.
	(ix86_output_call_insn): Likewise.
	* config/i386/i386.opt: Replace indirect-branch with
	indirect-jmp.  Replace harden_sls_indirect_branch with
	harden_sls_indirect_jmp.
	* doc/invoke.texi (-harden-sls=): Replace indirect-branch with
	indirect-jmp.

(cherry picked from commit ed8060950c64f2e449aaf90e438aa26d0d9d0b31)
---
 gcc/config/i386/i386-opts.h | 4 ++--
 gcc/config/i386/i386.c      | 6 +++---
 gcc/config/i386/i386.opt    | 2 +-
 gcc/doc/invoke.texi         | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/gcc/config/i386/i386-opts.h b/gcc/config/i386/i386-opts.h
index e159019e904..ab1f658dab9 100644
--- a/gcc/config/i386/i386-opts.h
+++ b/gcc/config/i386/i386-opts.h
@@ -128,8 +128,8 @@ enum instrument_return {
 enum harden_sls {
   harden_sls_none = 0,
   harden_sls_return = 1 << 0,
-  harden_sls_indirect_branch = 1 << 1,
-  harden_sls_all = harden_sls_return | harden_sls_indirect_branch
+  harden_sls_indirect_jmp = 1 << 1,
+  harden_sls_all = harden_sls_return | harden_sls_indirect_jmp
 };
 
 #endif
diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index 2643aa9480f..35dbe05aecd 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -15738,7 +15738,7 @@ ix86_output_jmp_thunk_or_indirect (const char *thunk_name, const int regno)
       fprintf (asm_out_file, "\tjmp\t");
       assemble_name (asm_out_file, thunk_name);
       putc ('\n', asm_out_file);
-      if ((ix86_harden_sls & harden_sls_indirect_branch))
+      if ((ix86_harden_sls & harden_sls_indirect_jmp))
 	fputs ("\tint3\n", asm_out_file);
     }
   else
@@ -15968,7 +15968,7 @@ ix86_output_indirect_jmp (rtx call_op)
     }
   else
     output_asm_insn ("%!jmp\t%A0", &call_op);
-  return (ix86_harden_sls & harden_sls_indirect_branch) ? "int3" : "";
+  return (ix86_harden_sls & harden_sls_indirect_jmp) ? "int3" : "";
 }
 
 /* Output return instrumentation for current function if needed.  */
@@ -16135,7 +16135,7 @@ ix86_output_call_insn (rtx_insn *insn, rtx call_op)
 	{
 	  output_asm_insn (xasm, &call_op);
 	  if (!direct_p
-	      && (ix86_harden_sls & harden_sls_indirect_branch))
+	      && (ix86_harden_sls & harden_sls_indirect_jmp))
 	    return "int3";
 	}
       return "";
diff --git a/gcc/config/i386/i386.opt b/gcc/config/i386/i386.opt
index 46010c2cc1d..f62b0ebd3b4 100644
--- a/gcc/config/i386/i386.opt
+++ b/gcc/config/i386/i386.opt
@@ -1132,7 +1132,7 @@ EnumValue
 Enum(harden_sls) String(return) Value(harden_sls_return)
 
 EnumValue
-Enum(harden_sls) String(indirect-branch) Value(harden_sls_indirect_branch)
+Enum(harden_sls) String(indirect-jmp) Value(harden_sls_indirect_jmp)
 
 EnumValue
 Enum(harden_sls) String(all) Value(harden_sls_all)
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 645189c2227..cf536a15116 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -31729,8 +31729,8 @@ Force indirect call and jump via register.
 @opindex mharden-sls
 Generate code to mitigate against straight line speculation (SLS) with
 @var{choice}.  The default is @samp{none} which disables all SLS
-hardening.  @samp{return} enables SLS hardening for function return.
-@samp{indirect-branch} enables SLS hardening for indirect branch.
+hardening.  @samp{return} enables SLS hardening for function returns.
+@samp{indirect-jmp} enables SLS hardening for indirect jumps.
 @samp{all} enables all SLS hardening.
 
 @item -mindirect-branch-cs-prefix

From patchwork Mon Jan 31 18:55:28 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hjl.tools@gmail.com>
X-Patchwork-Id: 50603
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id CCF423949087
	for <patchwork@sourceware.org>; Mon, 31 Jan 2022 19:00:48 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CCF423949087
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1643655648;
	bh=JM9W8LTfc58bdiINwQT+keFsNBiIRA7CZSTuXiNb0y4=;
	h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe:
	 List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	 From;
	b=F0jS8yTltL1eaqCEvTx9f/upaEvYHfpwI9xPtfOutALxc4etMadRl4TbnrOD++y0i
	 aEgETj4eqPJ2Bb1AMnYIsATQgKMq58t04TacBJBlWhqGiq4PIdfgrH9SBqzkbzmAO+
	 3ETT8AKXnZFWBpN6c+e3oWvTUn9KagZAUMLp9h5U=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com
 [IPv6:2607:f8b0:4864:20::1029])
 by sourceware.org (Postfix) with ESMTPS id BC45A3857815
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 18:55:32 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org BC45A3857815
Received: by mail-pj1-x1029.google.com with SMTP id
 g11-20020a17090a7d0b00b001b2c12c7273so433545pjl.0
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 10:55:32 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=JM9W8LTfc58bdiINwQT+keFsNBiIRA7CZSTuXiNb0y4=;
 b=Hh6B6pb5R6Kxrpd3ZYWVX4khb4c2GoMH6810npQmvuZAlrJW0heLpUJl7mava5dIyD
 iPlu6sBq1KBuo+PUvTOZnpZvfZtjrhbJqcpScQxX5qqa8kSeN0FYnNYRJ0IrNQXEBUNe
 cXIcizxfaasAVcAp8GbY9MFwdY7AZVQxGOvHkZU+T9gmEBKkyWWNRCZMGeBdQ2u4XsiO
 +DRwjwlyAOo2vIqJv/9RWMEnljpqY0ckhVlCZd3g/NRUWpPjF13Bzgnzwq54zAEv/PvV
 dZSAmSkKMwXia3PqC4bmCUxUOc4OMHleLkFErRhbhbSo+fv9ea5/sCT8ylcoXOoxhu6j
 JcUg==
X-Gm-Message-State: AOAM533JaEOKk3DZq3r00ssydAQtFZ6q7LUZ4tQS051MNoC7ohU4h9lA
 d+aFfspUCAuzdCpOGXcSHpkrBMi2Pvg=
X-Google-Smtp-Source: 
 ABdhPJy7T2bcP2YcLBOO/edbWM8fv8dfReME7xOoPcJhuSPBHrSTatUrQ6sOP49uUmo40/hncorxbw==
X-Received: by 2002:a17:902:ea10:: with SMTP id
 s16mr21458427plg.167.1643655331680;
 Mon, 31 Jan 2022 10:55:31 -0800 (PST)
Received: from gnu-tgl-2.localdomain ([172.58.35.133])
 by smtp.gmail.com with ESMTPSA id 8sm94883pji.4.2022.01.31.10.55.30
 for <gcc-patches@gcc.gnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 31 Jan 2022 10:55:31 -0800 (PST)
Received: from gnu-tgl-2.. (localhost [IPv6:::1])
 by gnu-tgl-2.localdomain (Postfix) with ESMTP id 336E03004A7
 for <gcc-patches@gcc.gnu.org>; Mon, 31 Jan 2022 10:55:28 -0800 (PST)
To: gcc-patches@gcc.gnu.org
Subject: [GCC 11 PATCH 5/5] x86: Generate INT3 for __builtin_eh_return
Date: Mon, 31 Jan 2022 10:55:28 -0800
Message-Id: <20220131185528.619688-6-hjl.tools@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220131185528.619688-1-hjl.tools@gmail.com>
References: <20220131185528.619688-1-hjl.tools@gmail.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-3028.5 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 KAM_SHORT, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,
 SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: "H.J. Lu via Gcc-patches" <gcc-patches@gcc.gnu.org>
From: "H.J. Lu" <hjl.tools@gmail.com>
Reply-To: "H.J. Lu" <hjl.tools@gmail.com>
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>

Generate INT3 after indirect jmp in exception return for -fcf-protection
with -mharden-sls=indirect-jmp.

gcc/

	PR target/103925
	* config/i386/i386.c (ix86_output_indirect_function_return):
	Generate INT3 after indirect jmp for -mharden-sls=indirect-jmp.

gcc/testsuite/

	PR target/103925
	* gcc.target/i386/harden-sls-6.c: New test.

(cherry picked from commit c2e5c4feed32c808591b5278f680bbabe63eb225)
---
 gcc/config/i386/i386.c                       |  9 ++++++---
 gcc/testsuite/gcc.target/i386/harden-sls-6.c | 18 ++++++++++++++++++
 2 files changed, 24 insertions(+), 3 deletions(-)
 create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-6.c

diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index 35dbe05aecd..e6261452365 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -16072,11 +16072,14 @@ ix86_output_indirect_function_return (rtx ret_op)
 	}
       else
 	output_indirect_thunk (regno);
-
-      return "";
     }
   else
-    return "%!jmp\t%A0";
+    {
+      output_asm_insn ("%!jmp\t%A0", &ret_op);
+      if (ix86_harden_sls & harden_sls_indirect_jmp)
+	fputs ("\tint3\n", asm_out_file);
+    }
+  return "";
 }
 
 /* Output the assembly for a call instruction.  */
diff --git a/gcc/testsuite/gcc.target/i386/harden-sls-6.c b/gcc/testsuite/gcc.target/i386/harden-sls-6.c
new file mode 100644
index 00000000000..9068eb64008
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/harden-sls-6.c
@@ -0,0 +1,18 @@
+/* { dg-do compile { target { ! ia32 } } } */
+/* { dg-options "-O2 -fcf-protection -mharden-sls=indirect-jmp" } */
+
+struct _Unwind_Context _Unwind_Resume_or_Rethrow_this_context;
+
+void offset (int);
+
+struct _Unwind_Context {
+  void *reg[7];
+} _Unwind_Resume_or_Rethrow() {
+  struct _Unwind_Context cur_contextcur_context =
+      _Unwind_Resume_or_Rethrow_this_context;
+  offset(0);
+  __builtin_eh_return ((long) offset, 0);
+}
+
+/* { dg-final { scan-assembler "jmp\[ \t\]+\\*%rcx" } } */
+/* { dg-final { scan-assembler-times "int3" 1 } } */