From patchwork Thu Jul 14 17:42:44 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hjl.tools@gmail.com>
X-Patchwork-Id: 1656575
Return-Path: <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: bilbo.ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256
 header.s=default header.b=c0CJGsq9;
	dkim-atps=neutral
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org
 (client-ip=8.43.85.97; helo=sourceware.org;
 envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org;
 receiver=<UNKNOWN>)
Received: from sourceware.org (ip-8-43-85-97.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LkML255d3z9sFs
	for <incoming@patchwork.ozlabs.org>; Fri, 15 Jul 2022 03:43:54 +1000 (AEST)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id B58803858403
	for <incoming@patchwork.ozlabs.org>; Thu, 14 Jul 2022 17:43:48 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B58803858403
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1657820628;
	bh=X0ucciGC2VlaYiBIqllSHKKYyrAUZKeRjW4pYDyvbaQ=;
	h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:Cc:From;
	b=c0CJGsq9EzKiuGfj8F9uwU0W6a/jUbFsbT+BhmI3nCkxDGrRb6akTkJmRWVyc+Us1
	 5yLa//mPEN7djPyyiZAzjSOtxYj//bUitHN0N0fVhTURwKaYNCndm1GqfY83GTVNuM
	 UoibvBJFZ2TyGzKvJM88eIxEI0GzVBhrytWEkagU=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com
 [IPv6:2607:f8b0:4864:20::62f])
 by sourceware.org (Postfix) with ESMTPS id C8CB63856950
 for <gcc-patches@gcc.gnu.org>; Thu, 14 Jul 2022 17:42:47 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C8CB63856950
Received: by mail-pl1-x62f.google.com with SMTP id c6so1051445pla.6
 for <gcc-patches@gcc.gnu.org>; Thu, 14 Jul 2022 10:42:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=X0ucciGC2VlaYiBIqllSHKKYyrAUZKeRjW4pYDyvbaQ=;
 b=LE6ymhrkLViByUeMhDpe6i7WciEDMTimEpTjnUI7pKixPH7/CsPW4Faiv8LD93CXWZ
 MVvim0bnxxy3mvC/zPFCJx8xdEyxcEKlwNo3ShQVKgZC+eaX2DThhjtiEznn5OkEjvIw
 xUqf3p/vhHtNJZl/hkKu9NMeHAzzADyNfdxGQHw7JBxr6bgBD6d7Opl1tDuRKVeEA3kx
 TenVSgJMlbjTeGqGe7KYAArp/ufHmEuZxs2mfLX4JxVq7VmGKAjsLBkYFedxnqYWdbOb
 7HGDOXsDKBFYbSQqQj1mE3QWKAh0UQaEbp+ld2hSiQ0A7qtwzV+io0pRVQObnYcwdJ9g
 Xr4w==
X-Gm-Message-State: AJIora+/UtfLNc1CFdtPZgXmAtCqkUgLExSxZt3QIfWPtLgFhhHxvhCc
 UC1WtlSWqHOGloefH2S+p2w=
X-Google-Smtp-Source: 
 AGRyM1tPRButUmSryTbIrvwha4IYwdDaiLcZyaAvkvBEMhAagB7v7kmjNjwl+wybTtPSCQ84XSI4xA==
X-Received: by 2002:a17:90b:4c0b:b0:1ef:f525:97ba with SMTP id
 na11-20020a17090b4c0b00b001eff52597bamr11209717pjb.44.1657820566561;
 Thu, 14 Jul 2022 10:42:46 -0700 (PDT)
Received: from gnu-tgl-3.localdomain ([172.58.37.102])
 by smtp.gmail.com with ESMTPSA id
 125-20020a621583000000b00528f9597fb3sm1961802pfv.197.2022.07.14.10.42.45
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 14 Jul 2022 10:42:45 -0700 (PDT)
Received: from gnu-tgl-3.. (localhost [IPv6:::1])
 by gnu-tgl-3.localdomain (Postfix) with ESMTP id D479DC03FE;
 Thu, 14 Jul 2022 10:42:44 -0700 (PDT)
To: gcc-patches@gcc.gnu.org
Subject: [PATCH] x86: Disable sibcall if indirect_return attribute doesn't
 match
Date: Thu, 14 Jul 2022 10:42:44 -0700
Message-Id: <20220714174244.295605-1-hjl.tools@gmail.com>
X-Mailer: git-send-email 2.36.1
MIME-Version: 1.0
X-Spam-Status: No, score=-3027.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: "H.J. Lu via Gcc-patches" <gcc-patches@gcc.gnu.org>
From: "H.J. Lu" <hjl.tools@gmail.com>
Reply-To: "H.J. Lu" <hjl.tools@gmail.com>
Cc: Alexandre Oliva <oliva@adacore.com>, liuhongt <hongtao.liu@intel.com>
Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>

When shadow stack is enabled, function with indirect_return attribute
may return via indirect jump.  In this case, we need to disable sibcall
if caller doesn't have indirect_return attribute and indirect branch
tracking is enabled since compiler won't generate ENDBR when calling the
caller.

gcc/

	PR target/85620
	* config/i386/i386.cc (ix86_function_ok_for_sibcall): Return
	false if callee has indirect_return attribute and caller
	doesn't.

gcc/testsuite/

	PR target/85620
	* gcc.target/i386/pr85620-2.c: Updated.
	* gcc.target/i386/pr85620-5.c: New test.
	* gcc.target/i386/pr85620-6.c: Likewise.
	* gcc.target/i386/pr85620-7.c: Likewise.
---
 gcc/config/i386/i386.cc                   | 10 ++++++++++
 gcc/testsuite/gcc.target/i386/pr85620-2.c |  3 ++-
 gcc/testsuite/gcc.target/i386/pr85620-5.c | 13 +++++++++++++
 gcc/testsuite/gcc.target/i386/pr85620-6.c | 14 ++++++++++++++
 gcc/testsuite/gcc.target/i386/pr85620-7.c | 14 ++++++++++++++
 5 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 gcc/testsuite/gcc.target/i386/pr85620-5.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr85620-6.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr85620-7.c

diff --git a/gcc/config/i386/i386.cc b/gcc/config/i386/i386.cc
index 3a3c7299eb4..e03f86d4a23 100644
--- a/gcc/config/i386/i386.cc
+++ b/gcc/config/i386/i386.cc
@@ -1024,6 +1024,16 @@ ix86_function_ok_for_sibcall (tree decl, tree exp)
 	 return false;
     }
 
+  /* Disable sibcall if callee has indirect_return attribute and
+     caller doesn't since callee will return to the caller's caller
+     via an indirect jump.  */
+  if (((flag_cf_protection & (CF_RETURN | CF_BRANCH))
+       == (CF_RETURN | CF_BRANCH))
+      && lookup_attribute ("indirect_return", TYPE_ATTRIBUTES (type))
+      && !lookup_attribute ("indirect_return",
+			    TYPE_ATTRIBUTES (TREE_TYPE (cfun->decl))))
+    return false;
+
   /* Otherwise okay.  That also includes certain types of indirect calls.  */
   return true;
 }
diff --git a/gcc/testsuite/gcc.target/i386/pr85620-2.c b/gcc/testsuite/gcc.target/i386/pr85620-2.c
index b2e680fa1fe..14ce0ffd1e1 100644
--- a/gcc/testsuite/gcc.target/i386/pr85620-2.c
+++ b/gcc/testsuite/gcc.target/i386/pr85620-2.c
@@ -1,6 +1,7 @@
 /* { dg-do compile } */
 /* { dg-options "-O2 -fcf-protection" } */
-/* { dg-final { scan-assembler-times {\mendbr} 1 } } */
+/* { dg-final { scan-assembler-times {\mendbr} 2 } } */
+/* { dg-final { scan-assembler-not "jmp" } } */
 
 struct ucontext;
 
diff --git a/gcc/testsuite/gcc.target/i386/pr85620-5.c b/gcc/testsuite/gcc.target/i386/pr85620-5.c
new file mode 100644
index 00000000000..04537702d09
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/pr85620-5.c
@@ -0,0 +1,13 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -fcf-protection" } */
+/* { dg-final { scan-assembler-not "jmp" } } */
+
+struct ucontext;
+
+extern int (*bar) (struct ucontext *) __attribute__((__indirect_return__));
+
+int
+foo (struct ucontext *oucp)
+{
+  return bar (oucp);
+}
diff --git a/gcc/testsuite/gcc.target/i386/pr85620-6.c b/gcc/testsuite/gcc.target/i386/pr85620-6.c
new file mode 100644
index 00000000000..0b6a64e8454
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/pr85620-6.c
@@ -0,0 +1,14 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -fcf-protection" } */
+/* { dg-final { scan-assembler "jmp" } } */
+
+struct ucontext;
+
+extern int bar (struct ucontext *) __attribute__((__indirect_return__));
+
+__attribute__((__indirect_return__))
+int
+foo (struct ucontext *oucp)
+{
+  return bar (oucp);
+}
diff --git a/gcc/testsuite/gcc.target/i386/pr85620-7.c b/gcc/testsuite/gcc.target/i386/pr85620-7.c
new file mode 100644
index 00000000000..fa62d56decf
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/pr85620-7.c
@@ -0,0 +1,14 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -fcf-protection" } */
+/* { dg-final { scan-assembler "jmp" } } */
+
+struct ucontext;
+
+extern int (*bar) (struct ucontext *) __attribute__((__indirect_return__));
+extern int foo (struct ucontext *) __attribute__((__indirect_return__));
+
+int
+foo (struct ucontext *oucp)
+{
+  return bar (oucp);
+}