[PATCH 1/5] libcc1: Enable Intel CET on Intel CET enabled host
H.J. Lu
hjl.tools@gmail.com
Sat May 9 15:43:04 GMT 2020
Since on Intel CET enabled host, dlopen in Intel CET enabled applications
fails on shared libraries which aren't Intel CET enabled, enable Intel
CET in libcc1 on Intel CET enabled host.
* Makefile.am (AM_CXXFLAGS): Add $(CET_HOST_FLAGS).
* configure.ac: Add GCC_CET_HOST_FLAGS(CET_HOST_FLAGS) and
AC_SUBST(CET_HOST_FLAGS).
* Makefile.in: Regenerated.
* aclocal.m4: Likewise.
* configure: Likewise.
---
libcc1/Makefile.am | 2 +-
libcc1/Makefile.in | 3 +-
libcc1/aclocal.m4 | 2 +
libcc1/configure | 149 +++++++++++++++++++++++++++++++++++++++++++-
libcc1/configure.ac | 3 +
5 files changed, 155 insertions(+), 4 deletions(-)
diff --git a/libcc1/Makefile.am b/libcc1/Makefile.am
index c005b0dad4a..ab6f839ecae 100644
--- a/libcc1/Makefile.am
+++ b/libcc1/Makefile.am
@@ -24,7 +24,7 @@ CPPFLAGS_FOR_C_FAMILY = -I $(srcdir)/../gcc/c-family \
-I $(srcdir)/../libcpp/include
CPPFLAGS_FOR_C = $(CPPFLAGS_FOR_C_FAMILY) -I $(srcdir)/../gcc/c
CPPFLAGS_FOR_CXX = $(CPPFLAGS_FOR_C_FAMILY) -I $(srcdir)/../gcc/cp
-AM_CXXFLAGS = $(WARN_FLAGS) $(WERROR) $(visibility)
+AM_CXXFLAGS = $(WARN_FLAGS) $(WERROR) $(visibility) $(CET_HOST_FLAGS)
override CXXFLAGS := $(filter-out -fsanitize=address,$(CXXFLAGS))
override LDFLAGS := $(filter-out -fsanitize=address,$(LDFLAGS))
# Can be simplified when libiberty becomes a normal convenience library.
diff --git a/libcc1/Makefile.in b/libcc1/Makefile.in
index 7104b649026..7d1cada1c09 100644
--- a/libcc1/Makefile.in
+++ b/libcc1/Makefile.in
@@ -248,6 +248,7 @@ AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
+CET_HOST_FLAGS = @CET_HOST_FLAGS@
CFLAGS = @CFLAGS@
CONFIG_STATUS_DEPENDENCIES = @CONFIG_STATUS_DEPENDENCIES@
CPP = @CPP@
@@ -382,7 +383,7 @@ CPPFLAGS_FOR_C_FAMILY = -I $(srcdir)/../gcc/c-family \
CPPFLAGS_FOR_C = $(CPPFLAGS_FOR_C_FAMILY) -I $(srcdir)/../gcc/c
CPPFLAGS_FOR_CXX = $(CPPFLAGS_FOR_C_FAMILY) -I $(srcdir)/../gcc/cp
-AM_CXXFLAGS = $(WARN_FLAGS) $(WERROR) $(visibility)
+AM_CXXFLAGS = $(WARN_FLAGS) $(WERROR) $(visibility) $(CET_HOST_FLAGS)
# Can be simplified when libiberty becomes a normal convenience library.
libiberty_normal = ../libiberty/libiberty.a
libiberty_noasan = ../libiberty/noasan/libiberty.a
diff --git a/libcc1/aclocal.m4 b/libcc1/aclocal.m4
index 3224b04dd13..2348721062e 100644
--- a/libcc1/aclocal.m4
+++ b/libcc1/aclocal.m4
@@ -1168,7 +1168,9 @@ AC_SUBST([am__untar])
]) # _AM_PROG_TAR
m4_include([../config/acx.m4])
+m4_include([../config/cet.m4])
m4_include([../config/depstand.m4])
+m4_include([../config/enable.m4])
m4_include([../config/gcc-plugin.m4])
m4_include([../config/lead-dot.m4])
m4_include([../config/override.m4])
diff --git a/libcc1/configure b/libcc1/configure
index 64fdc445163..76377a2b3eb 100755
--- a/libcc1/configure
+++ b/libcc1/configure
@@ -642,6 +642,7 @@ WARN_FLAGS
CONFIG_STATUS_DEPENDENCIES
gcc_version
get_gcc_base_ver
+CET_HOST_FLAGS
visibility
CXXCPP
am__fastdepCXX_FALSE
@@ -784,6 +785,7 @@ with_pic
enable_fast_install
with_gnu_ld
enable_libtool_lock
+enable_cet
with_gcc_major_version_only
enable_werror_always
enable_plugin
@@ -1435,6 +1437,7 @@ Optional Features:
--enable-fast-install[=PKGS]
optimize for fast installation [default=yes]
--disable-libtool-lock avoid locking (might break parallel builds)
+ --enable-cet enable Intel CET in host libraries [default=auto]
--enable-werror-always enable -Werror despite compiler version
--enable-plugin enable plugin support
@@ -10780,7 +10783,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 10783 "configure"
+#line 10786 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -10886,7 +10889,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 10889 "configure"
+#line 10892 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -14538,6 +14541,148 @@ if test "$GXX" = yes; then
fi
+ # Check whether --enable-cet was given.
+if test "${enable_cet+set}" = set; then :
+ enableval=$enable_cet;
+ case "$enableval" in
+ yes|no|auto) ;;
+ *) as_fn_error $? "Unknown argument to enable/disable cet" "$LINENO" 5 ;;
+ esac
+
+else
+ enable_cet=auto
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for CET support" >&5
+$as_echo_n "checking for CET support... " >&6; }
+
+case "$host" in
+ i[34567]86-*-linux* | x86_64-*-linux*)
+ may_have_cet=yes
+ save_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -fcf-protection"
+ case "$enable_cet" in
+ auto)
+ # Check if target supports multi-byte NOPs
+ # and if assembler supports CET insn.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+#if !defined(__SSE2__)
+#error target does not support multi-byte NOPs
+#else
+asm ("setssbsy");
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ enable_cet=yes
+else
+ enable_cet=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ;;
+ yes)
+ # Check if assembler supports CET.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+asm ("setssbsy");
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ as_fn_error $? "assembler with CET support is required for --enable-cet" "$LINENO" 5
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ;;
+ esac
+ CFLAGS="$save_CFLAGS"
+ ;;
+ *)
+ may_have_cet=no
+ enable_cet=no
+ ;;
+esac
+
+if test x$may_have_cet = xyes; then
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -Wl,-z,ibt,-z,shstk"
+ if test "$cross_compiling" = yes; then :
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run test program while cross compiling
+See \`config.log' for more details" "$LINENO" 5; }
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+static void
+foo (void)
+{
+}
+
+static void
+__attribute__ ((noinline, noclone))
+xxx (void (*f) (void))
+{
+ f ();
+}
+
+static void
+__attribute__ ((noinline, noclone))
+bar (void)
+{
+ xxx (foo);
+}
+
+int
+main ()
+{
+ bar ();
+ return 0;
+}
+
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ have_cet=no
+else
+ have_cet=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ LDFLAGS="$save_LDFLAGS"
+ if test x$enable_cet = xno -a x$have_cet = xyes; then
+ as_fn_error $? "Intel CET must be enabled on Intel CET enabled host" "$LINENO" 5
+ fi
+fi
+if test x$enable_cet = xyes; then
+ CET_HOST_FLAGS="-fcf-protection"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
ac_fn_c_check_decl "$LINENO" "basename" "ac_cv_have_decl_basename" "$ac_includes_default"
if test "x$ac_cv_have_decl_basename" = xyes; then :
ac_have_decl=1
diff --git a/libcc1/configure.ac b/libcc1/configure.ac
index 7f20f0b6f68..8d3b8d14748 100644
--- a/libcc1/configure.ac
+++ b/libcc1/configure.ac
@@ -45,6 +45,9 @@ if test "$GXX" = yes; then
fi
AC_SUBST(visibility)
+GCC_CET_HOST_FLAGS(CET_HOST_FLAGS)
+AC_SUBST(CET_HOST_FLAGS)
+
AC_CHECK_DECLS([basename])
GCC_BASE_VER
--
2.26.2
More information about the Gcc-patches
mailing list