From patchwork Fri Dec  1 19:33:59 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marek Polacek <polacek@redhat.com>
X-Patchwork-Id: 172631
Return-Path: <gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp1366970vqy;
        Fri, 1 Dec 2023 11:37:27 -0800 (PST)
X-Google-Smtp-Source: 
 AGHT+IEg4v+FFxHdEF/jcEOEnTPeJBmhFetEObM4Y1qaTtWvI4NTpFQe2Kgll3nkO+i4H+UK0t8N
X-Received: by 2002:a0c:e983:0:b0:67a:9a94:449a with SMTP id
 z3-20020a0ce983000000b0067a9a94449amr129843qvn.54.1701459388650;
        Fri, 01 Dec 2023 11:36:28 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1701459388; cv=pass;
        d=google.com; s=arc-20160816;
        b=F/95T56l0QdaAy1UkcvqZgG1rWQaGWw/32+l7i7RB3esLf0QuO+U17TJoK4gFTgzKt
         V4ZLS2uSF+tNg/Uc4ShS8pODkawISkOS/9QI7PqiGgL5mBRZCFRolnEQEWyqM1xd/tVs
         TWrMSEPVN86msFsntrh0zeFTifLE7qimAYqPyx0v2EbsEg9GMzVRAN42o7vlq14CdW8E
         KrjkYmrZbTWlpcxLT5KzScJRHMDhC5a5FL+q3iuy3D2TBD3WWmBiDMEtm5Na8OngtgZz
         zRYXqsXVBFGzEJTdfx4yWPq+w9kVTzZ1MvkqDeEyImCnYX77oKsCHCSxOGFqSOd7UlRY
         gBVA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=errors-to:list-subscribe:list-help:list-post:list-archive
         :list-unsubscribe:list-id:precedence:content-transfer-encoding
         :mime-version:message-id:date:subject:to:from:dkim-signature
         :arc-filter:dmarc-filter:delivered-to;
        bh=njgmTA82QnQL6zondju1InIY4nOGBgvGduCsC6xjh9c=;
        fh=1L2/IiukS00vgiXcKREcvt+pFBEM8GuYOng2C1a9k1k=;
        b=VFNuWljQIdbPJARaTLd1dAFyl9lUvsfZtf9cVr9g4PE51zk9unZuilI0rns6s/y/Jr
         GMXS2HqfTzxxa2Y7BREF/he7rCNq45Eb5r8WPNzhRLmdp8HgvZLEi1yOikS6HOOFuWUX
         W+WDOH5Tx5H5kdcQLyEjKwBMmO6ZvCyQYlvQWaAea/rqa9ia5sw2MKGGpTply6h97KFt
         Zdpy9z3QfGRKLzdc6b0rZ+8fYB0phrqk0B4+KYGp1PsLRm8LGCkFrRcWMBlfm9tJHjyv
         RfkrBqlT9u/uqSnWOiYM33ITVIzlIGtDekJjSei27SjQUuWFUwkbw0KA7p+hmemcDkJk
         KlFg==
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=EQSKW+qz;
       arc=pass (i=1);
       spf=pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97])
        by mx.google.com with ESMTPS id
 j18-20020a05620a0a5200b0077dbdbeec5esi3690945qka.80.2023.12.01.11.36.28
        for <ouuuleilei@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 01 Dec 2023 11:36:28 -0800 (PST)
Received-SPF: pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as
 permitted sender) client-ip=8.43.85.97;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=EQSKW+qz;
       arc=pass (i=1);
       spf=pass (google.com: domain of
 gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as
 permitted sender)
 smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 071F338618B5
	for <ouuuleilei@gmail.com>; Fri,  1 Dec 2023 19:34:41 +0000 (GMT)
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
 by sourceware.org (Postfix) with ESMTPS id 5B9B53858C2C
 for <gcc-patches@gcc.gnu.org>; Fri,  1 Dec 2023 19:34:11 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5B9B53858C2C
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5B9B53858C2C
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=170.10.129.124
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1701459255; cv=none;
 b=kKP9z19l7gzbufWaBQp1mA58Fx3xEccP8AjSwA5oKFFgXl0yKeX/BJJ+x4lV+lwNDob0K/rUtrxVfi8BSfj/xnZJbMhig8gVujxbap5eibhQJ+RIYZptNpRXHJvcbDP2JRnQ7j6b35f7iozLzRexixObWOhVciKYa7tGfjeOxvs=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1701459255; c=relaxed/simple;
 bh=wTwx9s99yM9jIKrWuuoSOaBvX6ozAxdZGAHOQnfw/z8=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=rhpF6lH5fksYtp+diZSMjXza1Y/Xi1vq7KG4rnoV3Dsm1Fwtb8zUcadeNOkROgCJW/0g1RlQugdaMVSjwYtv4BQSIEbob2rO/uaa1WJOzlNc8hmBrLPMTvAWvPvRINBkIV5SnjK0i89YjRt9//l2eeL/KWkP7ZCRDZm71owsZ/c=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1701459251;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=njgmTA82QnQL6zondju1InIY4nOGBgvGduCsC6xjh9c=;
 b=EQSKW+qzLpxBuikdd2NL0Kv975G8QlztNs2aRegJXOm5moCd4uPUc5fXdZ6bPNbqWiqjlB
 5J2DdizGuKhGh7k2syS4VIvRsiZ1tcr/bB2DDCAQJnnEbHPKmAX9AmuZHOVpahYtiRpDyw
 skFa0nC5YaWDx7vChFEzoQViS+KkvUk=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-671-9y1rqAbNMHOADQC0SY0iTQ-1; Fri, 01 Dec 2023 14:34:09 -0500
X-MC-Unique: 9y1rqAbNMHOADQC0SY0iTQ-1
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
 [10.11.54.7])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5FAF0101A52D
 for <gcc-patches@gcc.gnu.org>; Fri,  1 Dec 2023 19:34:09 +0000 (UTC)
Received: from pdp-11.redhat.com (unknown [10.22.33.92])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 46EA11C060B1
 for <gcc-patches@gcc.gnu.org>; Fri,  1 Dec 2023 19:34:09 +0000 (UTC)
From: Marek Polacek <polacek@redhat.com>
To: GCC Patches <gcc-patches@gcc.gnu.org>
Subject: [PATCH] gcc: Disallow trampolines when -fhardened
Date: Fri,  1 Dec 2023 14:33:59 -0500
Message-ID: <20231201193359.108618-1-polacek@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.7
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
X-Spam-Status: No, score=-12.1 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
 SPF_NONE, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1784109479969668453
X-GMAIL-MSGID: 1784109479969668453

Bootstrapped/regtested on x86_64-pc-linux-gnu, ok for trunk?

-- >8 --
It came up that a good hardening strategy is to disable trampolines
which may require executable stack.  Therefore the following patch
adds -Werror=trampolines to -fhardened.

gcc/ChangeLog:

	* common.opt (Wtrampolines): Enable by -fhardened.
	* doc/invoke.texi: Reflect that -fhardened enables -Werror=trampolines.
	* opts.cc (print_help_hardened): Add -Werror=trampolines.
	* toplev.cc (process_options): Enable -Werror=trampolines for
	-fhardened.

gcc/testsuite/ChangeLog:

	* gcc.dg/fhardened-1.c: New test.
	* gcc.dg/fhardened-2.c: New test.
	* gcc.dg/fhardened-3.c: New test.
	* gcc.dg/fhardened-4.c: New test.
	* gcc.dg/fhardened-5.c: New test.
---
 gcc/common.opt                     |  2 +-
 gcc/doc/invoke.texi                |  1 +
 gcc/opts.cc                        |  1 +
 gcc/testsuite/gcc.dg/fhardened-1.c | 27 +++++++++++++++++++++++++++
 gcc/testsuite/gcc.dg/fhardened-2.c | 25 +++++++++++++++++++++++++
 gcc/testsuite/gcc.dg/fhardened-3.c | 25 +++++++++++++++++++++++++
 gcc/testsuite/gcc.dg/fhardened-4.c | 25 +++++++++++++++++++++++++
 gcc/testsuite/gcc.dg/fhardened-5.c | 27 +++++++++++++++++++++++++++
 gcc/toplev.cc                      |  8 +++++++-
 9 files changed, 139 insertions(+), 2 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/fhardened-1.c
 create mode 100644 gcc/testsuite/gcc.dg/fhardened-2.c
 create mode 100644 gcc/testsuite/gcc.dg/fhardened-3.c
 create mode 100644 gcc/testsuite/gcc.dg/fhardened-4.c
 create mode 100644 gcc/testsuite/gcc.dg/fhardened-5.c


base-commit: b8edb812ff4934c609fdfafe2e1c7f932bc18305

diff --git a/gcc/common.opt b/gcc/common.opt
index 161a035d736..9b09c7cb3df 100644
--- a/gcc/common.opt
+++ b/gcc/common.opt
@@ -807,7 +807,7 @@ Common Var(warn_system_headers) Warning
 Do not suppress warnings from system headers.
 
 Wtrampolines
-Common Var(warn_trampolines) Warning
+Common Var(warn_trampolines) Warning EnabledBy(fhardened)
 Warn whenever a trampoline is generated.
 
 Wtrivial-auto-var-init
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 2fab4c5d71f..c1664a1a0f1 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -17745,6 +17745,7 @@ may change between major releases of GCC, but are currently:
 -fstack-protector-strong
 -fstack-clash-protection
 -fcf-protection=full @r{(x86 GNU/Linux only)}
+-Werror=trampolines
 }
 
 The list of options enabled by @option{-fhardened} can be generated using
diff --git a/gcc/opts.cc b/gcc/opts.cc
index 5d5efaf1b9e..aa062b87cef 100644
--- a/gcc/opts.cc
+++ b/gcc/opts.cc
@@ -2517,6 +2517,7 @@ print_help_hardened ()
   printf ("  %s\n", "-fstack-protector-strong");
   printf ("  %s\n", "-fstack-clash-protection");
   printf ("  %s\n", "-fcf-protection=full");
+  printf ("  %s\n", "-Werror=trampolines");
   putchar ('\n');
 }
 
diff --git a/gcc/testsuite/gcc.dg/fhardened-1.c b/gcc/testsuite/gcc.dg/fhardened-1.c
new file mode 100644
index 00000000000..8710959b6f1
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/fhardened-1.c
@@ -0,0 +1,27 @@
+/* { dg-do compile { target *-*-linux* *-*-gnu* } } */
+/* { dg-require-effective-target trampolines } */
+/* { dg-options "-fhardened -O" } */
+
+static void
+baz (int (*bar) (void))
+{
+  bar ();
+}
+
+int
+main (void)
+{
+  int a = 6;
+
+  int
+  bar (void)	// { dg-error "trampoline" }
+  {
+    return a;
+  }
+
+  baz (bar);
+
+  return 0;
+}
+
+/* { dg-prune-output "some warnings being treated as errors" } */
diff --git a/gcc/testsuite/gcc.dg/fhardened-2.c b/gcc/testsuite/gcc.dg/fhardened-2.c
new file mode 100644
index 00000000000..d47512aa47f
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/fhardened-2.c
@@ -0,0 +1,25 @@
+/* { dg-do compile { target *-*-linux* *-*-gnu* } } */
+/* { dg-require-effective-target trampolines } */
+/* { dg-options "-fhardened -O -Wno-trampolines" } */
+
+static void
+baz (int (*bar) (void))
+{
+  bar ();
+}
+
+int
+main (void)
+{
+  int a = 6;
+
+  int
+  bar (void)	// { dg-bogus "trampoline" }
+  {
+    return a;
+  }
+
+  baz (bar);
+
+  return 0;
+}
diff --git a/gcc/testsuite/gcc.dg/fhardened-3.c b/gcc/testsuite/gcc.dg/fhardened-3.c
new file mode 100644
index 00000000000..cebae13d8be
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/fhardened-3.c
@@ -0,0 +1,25 @@
+/* { dg-do compile { target *-*-linux* *-*-gnu* } } */
+/* { dg-require-effective-target trampolines } */
+/* { dg-options "-fhardened -O -Wno-error" } */
+
+static void
+baz (int (*bar) (void))
+{
+  bar ();
+}
+
+int
+main (void)
+{
+  int a = 6;
+
+  int
+  bar (void)	// { dg-warning "trampoline" }
+  {
+    return a;
+  }
+
+  baz (bar);
+
+  return 0;
+}
diff --git a/gcc/testsuite/gcc.dg/fhardened-4.c b/gcc/testsuite/gcc.dg/fhardened-4.c
new file mode 100644
index 00000000000..7e62ed3385d
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/fhardened-4.c
@@ -0,0 +1,25 @@
+/* { dg-do compile { target *-*-linux* *-*-gnu* } } */
+/* { dg-require-effective-target trampolines } */
+/* { dg-options "-fhardened -O -Wno-error=trampolines" } */
+
+static void
+baz (int (*bar) (void))
+{
+  bar ();
+}
+
+int
+main (void)
+{
+  int a = 6;
+
+  int
+  bar (void)	// { dg-warning "trampoline" }
+  {
+    return a;
+  }
+
+  baz (bar);
+
+  return 0;
+}
diff --git a/gcc/testsuite/gcc.dg/fhardened-5.c b/gcc/testsuite/gcc.dg/fhardened-5.c
new file mode 100644
index 00000000000..5d3f0dcae8e
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/fhardened-5.c
@@ -0,0 +1,27 @@
+/* { dg-do compile { target *-*-linux* *-*-gnu* } } */
+/* { dg-require-effective-target trampolines } */
+/* { dg-options "-fhardened -O -Wtrampolines" } */
+
+static void
+baz (int (*bar) (void))
+{
+  bar ();
+}
+
+int
+main (void)
+{
+  int a = 6;
+
+  int
+  bar (void)	// { dg-error "trampoline" }
+  {
+    return a;
+  }
+
+  baz (bar);
+
+  return 0;
+}
+
+/* { dg-prune-output "some warnings being treated as errors" } */
diff --git a/gcc/toplev.cc b/gcc/toplev.cc
index 85450d97a1a..2f0ac74dee0 100644
--- a/gcc/toplev.cc
+++ b/gcc/toplev.cc
@@ -1682,7 +1682,7 @@ process_options ()
     flag_ipa_ra = 0;
 
   /* Enable -Werror=coverage-mismatch when -Werror and -Wno-error
-     have not been set.  */
+     have not been set.  Also enable -Werror=trampolines for -fhardened.  */
   if (!OPTION_SET_P (warnings_are_errors))
     {
       if (warn_coverage_mismatch
@@ -1693,6 +1693,12 @@ process_options ()
 	  && option_unspecified_p (OPT_Wcoverage_invalid_line_number))
 	diagnostic_classify_diagnostic (global_dc, OPT_Wcoverage_invalid_line_number,
 					DK_ERROR, UNKNOWN_LOCATION);
+
+      if (flag_hardened
+	  && warn_trampolines
+	  && option_unspecified_p (OPT_Wtrampolines))
+	diagnostic_classify_diagnostic (global_dc, OPT_Wtrampolines,
+					DK_ERROR, UNKNOWN_LOCATION);
     }
 
   /* Save the current optimization options.  */