2017-11-17 21:34:39 +08:00
|
|
|
dnl
|
|
|
|
dnl GCC_CET_FLAGS
|
|
|
|
dnl (SHELL-CODE_HANDLER)
|
|
|
|
dnl
|
|
|
|
AC_DEFUN([GCC_CET_FLAGS],[dnl
|
2018-04-19 15:45:51 +08:00
|
|
|
GCC_ENABLE(cet, no, ,[enable Intel CET in target libraries],
|
|
|
|
permit yes|no|auto)
|
2018-02-20 00:25:49 +08:00
|
|
|
AC_MSG_CHECKING([for CET support])
|
|
|
|
|
2017-11-17 21:34:39 +08:00
|
|
|
case "$host" in
|
|
|
|
i[[34567]]86-*-linux* | x86_64-*-linux*)
|
|
|
|
case "$enable_cet" in
|
2018-04-19 15:45:51 +08:00
|
|
|
auto)
|
2018-02-20 00:25:49 +08:00
|
|
|
# Check if target supports multi-byte NOPs
|
|
|
|
# and if assembler supports CET insn.
|
2017-11-17 21:34:39 +08:00
|
|
|
AC_COMPILE_IFELSE(
|
|
|
|
[AC_LANG_PROGRAM(
|
|
|
|
[],
|
2018-02-20 00:25:49 +08:00
|
|
|
[
|
|
|
|
#if !defined(__SSE2__)
|
|
|
|
#error target does not support multi-byte NOPs
|
|
|
|
#else
|
|
|
|
asm ("setssbsy");
|
|
|
|
#endif
|
|
|
|
])],
|
2017-11-17 21:34:39 +08:00
|
|
|
[enable_cet=yes],
|
|
|
|
[enable_cet=no])
|
|
|
|
;;
|
|
|
|
yes)
|
|
|
|
# Check if assembler supports CET.
|
|
|
|
AC_COMPILE_IFELSE(
|
|
|
|
[AC_LANG_PROGRAM(
|
|
|
|
[],
|
|
|
|
[asm ("setssbsy");])],
|
|
|
|
[],
|
|
|
|
[AC_MSG_ERROR([assembler with CET support is required for --enable-cet])])
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
enable_cet=no
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
if test x$enable_cet = xyes; then
|
2018-04-25 00:41:01 +08:00
|
|
|
$1="-fcf-protection -mshstk"
|
2018-02-20 00:25:49 +08:00
|
|
|
AC_MSG_RESULT([yes])
|
|
|
|
else
|
|
|
|
AC_MSG_RESULT([no])
|
2017-11-17 21:34:39 +08:00
|
|
|
fi
|
|
|
|
])
|
2020-04-26 01:06:59 +08:00
|
|
|
|
|
|
|
dnl
|
|
|
|
dnl GCC_CET_HOST_FLAGS
|
|
|
|
dnl (SHELL-CODE_HANDLER)
|
|
|
|
dnl
|
|
|
|
AC_DEFUN([GCC_CET_HOST_FLAGS],[dnl
|
|
|
|
GCC_ENABLE(cet, auto, ,[enable Intel CET in host libraries],
|
|
|
|
permit yes|no|auto)
|
|
|
|
AC_MSG_CHECKING([for CET support])
|
|
|
|
|
|
|
|
case "$host" in
|
|
|
|
i[[34567]]86-*-linux* | x86_64-*-linux*)
|
|
|
|
may_have_cet=yes
|
|
|
|
save_CFLAGS="$CFLAGS"
|
|
|
|
CFLAGS="$CFLAGS -fcf-protection"
|
|
|
|
case "$enable_cet" in
|
|
|
|
auto)
|
|
|
|
# Check if target supports multi-byte NOPs
|
|
|
|
# and if assembler supports CET insn.
|
|
|
|
AC_COMPILE_IFELSE(
|
|
|
|
[AC_LANG_PROGRAM(
|
|
|
|
[],
|
|
|
|
[
|
|
|
|
#if !defined(__SSE2__)
|
|
|
|
#error target does not support multi-byte NOPs
|
|
|
|
#else
|
|
|
|
asm ("setssbsy");
|
|
|
|
#endif
|
|
|
|
])],
|
|
|
|
[enable_cet=yes],
|
|
|
|
[enable_cet=no])
|
|
|
|
;;
|
|
|
|
yes)
|
|
|
|
# Check if assembler supports CET.
|
|
|
|
AC_COMPILE_IFELSE(
|
|
|
|
[AC_LANG_PROGRAM(
|
|
|
|
[],
|
|
|
|
[asm ("setssbsy");])],
|
|
|
|
[],
|
|
|
|
[AC_MSG_ERROR([assembler with CET support is required for --enable-cet])])
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
CFLAGS="$save_CFLAGS"
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
may_have_cet=no
|
|
|
|
enable_cet=no
|
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
Check whether -fcf-protection=none -Wl,-z,ibt,-z,shstk work first
GCC_CET_HOST_FLAGS uses -Wl,-z,ibt,-z,shstk to check if Linux/x86 host
has Intel CET enabled by introducing an Intel CET violation on purpose.
To avoid false positive, check whether -Wl,-z,ibt,-z,shstk works first.
-fcf-protection=none is added to avoid false negative when -fcf-protection
is enabled by default.
config/
PR bootstrap/94739
* cet.m4 (GCC_CET_HOST_FLAGS): Add -fcf-protection=none to
-Wl,-z,ibt,-z,shstk. Check whether -fcf-protection=none
-Wl,-z,ibt,-z,shstk works first.
libiberty/
PR bootstrap/94739
* configure: Regenerated.
lto-plugin/
PR bootstrap/94739
* configure: Regenerated.
2020-04-28 20:42:34 +08:00
|
|
|
save_CFLAGS="$CFLAGS"
|
|
|
|
CFLAGS="$CFLAGS -fcf-protection=none"
|
|
|
|
save_LDFLAGS="$LDFLAGS"
|
|
|
|
LDFLAGS="$LDFLAGS -Wl,-z,ibt,-z,shstk"
|
|
|
|
if test x$may_have_cet = xyes; then
|
|
|
|
# Check whether -fcf-protection=none -Wl,-z,ibt,-z,shstk work.
|
|
|
|
AC_TRY_LINK(
|
|
|
|
[],[return 0;],
|
|
|
|
[may_have_cet=yes],
|
|
|
|
[may_have_cet=no])
|
|
|
|
fi
|
|
|
|
|
2020-04-26 01:06:59 +08:00
|
|
|
if test x$may_have_cet = xyes; then
|
2020-05-13 01:39:42 +08:00
|
|
|
if test x$cross_compiling = xno; then
|
|
|
|
AC_TRY_RUN([
|
2020-04-26 01:06:59 +08:00
|
|
|
static void
|
|
|
|
foo (void)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
__attribute__ ((noinline, noclone))
|
|
|
|
xxx (void (*f) (void))
|
|
|
|
{
|
|
|
|
f ();
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
__attribute__ ((noinline, noclone))
|
|
|
|
bar (void)
|
|
|
|
{
|
|
|
|
xxx (foo);
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
main ()
|
|
|
|
{
|
|
|
|
bar ();
|
|
|
|
return 0;
|
|
|
|
}
|
2020-05-13 01:39:42 +08:00
|
|
|
],
|
|
|
|
[have_cet=no],
|
|
|
|
[have_cet=yes])
|
|
|
|
if test x$enable_cet = xno -a x$have_cet = xyes; then
|
|
|
|
AC_MSG_ERROR([Intel CET must be enabled on Intel CET enabled host])
|
|
|
|
fi
|
2020-04-26 01:06:59 +08:00
|
|
|
fi
|
2020-05-13 01:39:42 +08:00
|
|
|
else
|
|
|
|
# Enable CET in cross compiler if possible so that it will run on both
|
|
|
|
# CET and non-CET hosts.
|
|
|
|
have_cet=yes
|
2020-04-26 01:06:59 +08:00
|
|
|
fi
|
|
|
|
if test x$enable_cet = xyes; then
|
|
|
|
$1="-fcf-protection"
|
|
|
|
AC_MSG_RESULT([yes])
|
|
|
|
else
|
|
|
|
AC_MSG_RESULT([no])
|
|
|
|
fi
|
Check whether -fcf-protection=none -Wl,-z,ibt,-z,shstk work first
GCC_CET_HOST_FLAGS uses -Wl,-z,ibt,-z,shstk to check if Linux/x86 host
has Intel CET enabled by introducing an Intel CET violation on purpose.
To avoid false positive, check whether -Wl,-z,ibt,-z,shstk works first.
-fcf-protection=none is added to avoid false negative when -fcf-protection
is enabled by default.
config/
PR bootstrap/94739
* cet.m4 (GCC_CET_HOST_FLAGS): Add -fcf-protection=none to
-Wl,-z,ibt,-z,shstk. Check whether -fcf-protection=none
-Wl,-z,ibt,-z,shstk works first.
libiberty/
PR bootstrap/94739
* configure: Regenerated.
lto-plugin/
PR bootstrap/94739
* configure: Regenerated.
2020-04-28 20:42:34 +08:00
|
|
|
CFLAGS="$save_CFLAGS"
|
|
|
|
LDFLAGS="$save_LDFLAGS"
|
2020-04-26 01:06:59 +08:00
|
|
|
])
|