From patchwork Thu Jul 14 17:42:44 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Li, Pan2 via Gcc-patches" <gcc-patches@gcc.gnu.org>
X-Patchwork-Id: 5
Return-Path: <gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a98:d5ce:0:b0:178:cc93:bf7d with SMTP id g14csp458108eik;
        Thu, 14 Jul 2022 10:44:27 -0700 (PDT)
X-Google-Smtp-Source: 
 AGRyM1vliJgb7RXllsw29TBjjmHZKGi8XgFsKrSbrIqfZbxtYUbFkByfTayPBsTqwG5MS+4FEcpB
X-Received: by 2002:a05:6402:370c:b0:435:cb14:9aa8 with SMTP id
 ek12-20020a056402370c00b00435cb149aa8mr13726246edb.35.1657820667419;
        Thu, 14 Jul 2022 10:44:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1657820667; cv=none;
        d=google.com; s=arc-20160816;
        b=c8kL3YwiU4GrFT4vPiNd6DR2kK3a+sry/TMPEw8GVJ8JV6KQmSQavsxKweFkwdci6L
         Gy4l9jxR4q//qXiYj5O1BFjj4NAd64aibXthpezxrjn5zWwKdQm69jek48fBph7m320E
         5uWOOR1ql3SxCqyewNt13bsPXMWA5w5fJHGP3QS0k/S6Zng3P//u0fqyD/YfgbsaEnnb
         dPQs7CLtp73HpBGQ65336ii8C4Tgkaam2RV/5Zn2WD9bEd1bcVPhpeo6jiYi1LT+SZiC
         PnYtFLfmiy4+bJ+lG5WVqlsGnTcehAhRuILNib8xaVHM+WL7715x8sb9UURBQx2biOnQ
         MnBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:cc:reply-to:from:list-subscribe:list-help
         :list-post:list-archive:list-unsubscribe:list-id:precedence
         :content-transfer-encoding:mime-version:message-id:date:subject:to
         :dmarc-filter:delivered-to:dkim-signature:dkim-filter;
        bh=X0ucciGC2VlaYiBIqllSHKKYyrAUZKeRjW4pYDyvbaQ=;
        b=EgddoEeknEAct3ZfEg1u7oC50ftqk46fYdnVB3fuNlqYc6UixpN7w6pXihcdpg7BQl
         Jp3J2yEKjzqqUhBR7vYNybtg9Ygrz8N3pO3cFdrCpbw8H0U75V658p7aShjKwcBz7MmE
         JISMFq1UkVwm9dbqxbfziwjwWuGlH6fdkxaZDml0OY0HfdMKGQ3AdCQ+QWlmA5K5Sjim
         wiCx2D0+RrKGRmgAKgPbnJZ1frXfZRj4GzGOKJxtJTw25YoEc+/Uz1Q/AnzPI4W84Sdw
         E4JCPuhe/6JgYaqRzqgyAWlZZRmf8dFqtMXtCObHGa0yGQFOnOZnEceKMLztbNDOLtSG
         Ps4g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gcc.gnu.org header.s=default header.b=OertVfZS;
       spf=pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org
Received: from sourceware.org (ip-8-43-85-97.sourceware.org. [8.43.85.97])
        by mx.google.com with ESMTPS id
 dz19-20020a0564021d5300b0043a9041dd22si3478181edb.297.2022.07.14.10.44.27
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 14 Jul 2022 10:44:27 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as
 permitted sender) client-ip=8.43.85.97;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gcc.gnu.org header.s=default header.b=OertVfZS;
       spf=pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id ECCFC3858C54
	for <ouuuleilei@gmail.com>; Thu, 14 Jul 2022 17:44:11 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org ECCFC3858C54
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1657820652;
	bh=X0ucciGC2VlaYiBIqllSHKKYyrAUZKeRjW4pYDyvbaQ=;
	h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:Cc:From;
	b=OertVfZSAigPKRtuVudzOObxXDDGjJyYHAAYdKlTXej8a76j3wX4znZPu7czs/pre
	 iS3Dfhl5SRuu41AjyP2bce/l+oAysU/fE00eoc2UCYplsVIB31/JhpJiHUY9EwH7dA
	 u2z9QJZgOZxzm0JWmtzF2WNccIYRo/5tjO7bQDtU=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from mail-pl1-x62f.google.com (mail-pl1-x62f.google.com
 [IPv6:2607:f8b0:4864:20::62f])
 by sourceware.org (Postfix) with ESMTPS id C8CB63856950
 for <gcc-patches@gcc.gnu.org>; Thu, 14 Jul 2022 17:42:47 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C8CB63856950
Received: by mail-pl1-x62f.google.com with SMTP id c6so1051445pla.6
 for <gcc-patches@gcc.gnu.org>; Thu, 14 Jul 2022 10:42:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=X0ucciGC2VlaYiBIqllSHKKYyrAUZKeRjW4pYDyvbaQ=;
 b=LE6ymhrkLViByUeMhDpe6i7WciEDMTimEpTjnUI7pKixPH7/CsPW4Faiv8LD93CXWZ
 MVvim0bnxxy3mvC/zPFCJx8xdEyxcEKlwNo3ShQVKgZC+eaX2DThhjtiEznn5OkEjvIw
 xUqf3p/vhHtNJZl/hkKu9NMeHAzzADyNfdxGQHw7JBxr6bgBD6d7Opl1tDuRKVeEA3kx
 TenVSgJMlbjTeGqGe7KYAArp/ufHmEuZxs2mfLX4JxVq7VmGKAjsLBkYFedxnqYWdbOb
 7HGDOXsDKBFYbSQqQj1mE3QWKAh0UQaEbp+ld2hSiQ0A7qtwzV+io0pRVQObnYcwdJ9g
 Xr4w==
X-Gm-Message-State: AJIora+/UtfLNc1CFdtPZgXmAtCqkUgLExSxZt3QIfWPtLgFhhHxvhCc
 UC1WtlSWqHOGloefH2S+p2w=
X-Received: by 2002:a17:90b:4c0b:b0:1ef:f525:97ba with SMTP id
 na11-20020a17090b4c0b00b001eff52597bamr11209717pjb.44.1657820566561;
 Thu, 14 Jul 2022 10:42:46 -0700 (PDT)
Received: from gnu-tgl-3.localdomain ([172.58.37.102])
 by smtp.gmail.com with ESMTPSA id
 125-20020a621583000000b00528f9597fb3sm1961802pfv.197.2022.07.14.10.42.45
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 14 Jul 2022 10:42:45 -0700 (PDT)
Received: from gnu-tgl-3.. (localhost [IPv6:::1])
 by gnu-tgl-3.localdomain (Postfix) with ESMTP id D479DC03FE;
 Thu, 14 Jul 2022 10:42:44 -0700 (PDT)
To: gcc-patches@gcc.gnu.org
Subject: [PATCH] x86: Disable sibcall if indirect_return attribute doesn't
 match
Date: Thu, 14 Jul 2022 10:42:44 -0700
Message-Id: <20220714174244.295605-1-hjl.tools@gmail.com>
X-Mailer: git-send-email 2.36.1
MIME-Version: 1.0
X-Spam-Status: No, score=-3027.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: "H.J. Lu via Gcc-patches" <gcc-patches@gcc.gnu.org>
From: "Li, Pan2 via Gcc-patches" <gcc-patches@gcc.gnu.org>
Reply-To: "H.J. Lu" <hjl.tools@gmail.com>
Cc: Alexandre Oliva <oliva@adacore.com>, liuhongt <hongtao.liu@intel.com>
Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org
Sender: "Gcc-patches" <gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org>
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1738350964597803365?=
X-GMAIL-MSGID: =?utf-8?q?1738350964597803365?=

When shadow stack is enabled, function with indirect_return attribute
may return via indirect jump.  In this case, we need to disable sibcall
if caller doesn't have indirect_return attribute and indirect branch
tracking is enabled since compiler won't generate ENDBR when calling the
caller.

gcc/

	PR target/85620
	* config/i386/i386.cc (ix86_function_ok_for_sibcall): Return
	false if callee has indirect_return attribute and caller
	doesn't.

gcc/testsuite/

	PR target/85620
	* gcc.target/i386/pr85620-2.c: Updated.
	* gcc.target/i386/pr85620-5.c: New test.
	* gcc.target/i386/pr85620-6.c: Likewise.
	* gcc.target/i386/pr85620-7.c: Likewise.
---
 gcc/config/i386/i386.cc                   | 10 ++++++++++
 gcc/testsuite/gcc.target/i386/pr85620-2.c |  3 ++-
 gcc/testsuite/gcc.target/i386/pr85620-5.c | 13 +++++++++++++
 gcc/testsuite/gcc.target/i386/pr85620-6.c | 14 ++++++++++++++
 gcc/testsuite/gcc.target/i386/pr85620-7.c | 14 ++++++++++++++
 5 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 gcc/testsuite/gcc.target/i386/pr85620-5.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr85620-6.c
 create mode 100644 gcc/testsuite/gcc.target/i386/pr85620-7.c

diff --git a/gcc/config/i386/i386.cc b/gcc/config/i386/i386.cc
index 3a3c7299eb4..e03f86d4a23 100644
--- a/gcc/config/i386/i386.cc
+++ b/gcc/config/i386/i386.cc
@@ -1024,6 +1024,16 @@ ix86_function_ok_for_sibcall (tree decl, tree exp)
 	 return false;
     }
 
+  /* Disable sibcall if callee has indirect_return attribute and
+     caller doesn't since callee will return to the caller's caller
+     via an indirect jump.  */
+  if (((flag_cf_protection & (CF_RETURN | CF_BRANCH))
+       == (CF_RETURN | CF_BRANCH))
+      && lookup_attribute ("indirect_return", TYPE_ATTRIBUTES (type))
+      && !lookup_attribute ("indirect_return",
+			    TYPE_ATTRIBUTES (TREE_TYPE (cfun->decl))))
+    return false;
+
   /* Otherwise okay.  That also includes certain types of indirect calls.  */
   return true;
 }
diff --git a/gcc/testsuite/gcc.target/i386/pr85620-2.c b/gcc/testsuite/gcc.target/i386/pr85620-2.c
index b2e680fa1fe..14ce0ffd1e1 100644
--- a/gcc/testsuite/gcc.target/i386/pr85620-2.c
+++ b/gcc/testsuite/gcc.target/i386/pr85620-2.c
@@ -1,6 +1,7 @@
 /* { dg-do compile } */
 /* { dg-options "-O2 -fcf-protection" } */
-/* { dg-final { scan-assembler-times {\mendbr} 1 } } */
+/* { dg-final { scan-assembler-times {\mendbr} 2 } } */
+/* { dg-final { scan-assembler-not "jmp" } } */
 
 struct ucontext;
 
diff --git a/gcc/testsuite/gcc.target/i386/pr85620-5.c b/gcc/testsuite/gcc.target/i386/pr85620-5.c
new file mode 100644
index 00000000000..04537702d09
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/pr85620-5.c
@@ -0,0 +1,13 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -fcf-protection" } */
+/* { dg-final { scan-assembler-not "jmp" } } */
+
+struct ucontext;
+
+extern int (*bar) (struct ucontext *) __attribute__((__indirect_return__));
+
+int
+foo (struct ucontext *oucp)
+{
+  return bar (oucp);
+}
diff --git a/gcc/testsuite/gcc.target/i386/pr85620-6.c b/gcc/testsuite/gcc.target/i386/pr85620-6.c
new file mode 100644
index 00000000000..0b6a64e8454
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/pr85620-6.c
@@ -0,0 +1,14 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -fcf-protection" } */
+/* { dg-final { scan-assembler "jmp" } } */
+
+struct ucontext;
+
+extern int bar (struct ucontext *) __attribute__((__indirect_return__));
+
+__attribute__((__indirect_return__))
+int
+foo (struct ucontext *oucp)
+{
+  return bar (oucp);
+}
diff --git a/gcc/testsuite/gcc.target/i386/pr85620-7.c b/gcc/testsuite/gcc.target/i386/pr85620-7.c
new file mode 100644
index 00000000000..fa62d56decf
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/pr85620-7.c
@@ -0,0 +1,14 @@
+/* { dg-do compile } */
+/* { dg-options "-O2 -fcf-protection" } */
+/* { dg-final { scan-assembler "jmp" } } */
+
+struct ucontext;
+
+extern int (*bar) (struct ucontext *) __attribute__((__indirect_return__));
+extern int foo (struct ucontext *) __attribute__((__indirect_return__));
+
+int
+foo (struct ucontext *oucp)
+{
+  return bar (oucp);
+}