From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1353198-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by finch.gentoo.org (Postfix) with ESMTPS id 64B41158086
for <garchives@archives.gentoo.org>; Tue, 28 Dec 2021 05:57:52 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 8AD8A2BC012;
Tue, 28 Dec 2021 05:57:51 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id 728EE2BC012
for <gentoo-commits@lists.gentoo.org>; Tue, 28 Dec 2021 05:57:50 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits))
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id 39E55342AB7
for <gentoo-commits@lists.gentoo.org>; Tue, 28 Dec 2021 05:57:49 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
by oystercatcher.gentoo.org (Postfix) with ESMTP id E368F1BD
for <gentoo-commits@lists.gentoo.org>; Tue, 28 Dec 2021 05:57:47 +0000 (UTC)
From: "Sam James" <sam@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" <sam@gentoo.org>
Message-ID: <1640663744.2b36f3ad2ba0114eae1d32bae5e395e098b3714b.sam@gentoo>
Subject: [gentoo-commits] proj/gcc-patches:master commit in: 11.3.0/gentoo/
X-VCS-Repository: proj/gcc-patches
X-VCS-Files: 11.3.0/gentoo/26_all_enable-cet.patch
X-VCS-Directories: 11.3.0/gentoo/
X-VCS-Committer: sam
X-VCS-Committer-Name: Sam James
X-VCS-Revision: 2b36f3ad2ba0114eae1d32bae5e395e098b3714b
X-VCS-Branch: master
Date: Tue, 28 Dec 2021 05:57:47 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 3b07447e-cb78-4baa-bcc3-aebe58977aea
X-Archives-Hash: 1752201df83d28e46b745668b1a32b44
commit: 2b36f3ad2ba0114eae1d32bae5e395e098b3714b
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Tue Dec 28 03:44:47 2021 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Dec 28 03:55:44 2021 +0000
URL: https://gitweb.gentoo.org/proj/gcc-patches.git/commit/?id=2b36f3ad
11.3.0: fix CET patch
Our patch was causing unhandled state to leak into the LTO metadata writer,
it shouldn't have got that far though. Instead of messing about with GCC's
option handling, use the macro they provide for purposes like this, which
makes things far simpler (and less fragile).
Bug: https://bugs.gentoo.org/828400
Bug: https://bugs.gentoo.org/822036
Thanks-to: Sergei Trofimovich <slyich <AT> gmail.com> (debugging help in #gentoo-toolchain)
Thanks-to: Georgy Yakovlev <gyakovlev <AT> gentoo.org> (debugging)
Reported-by: matoro <matoro <AT> airmail.cc>
Signed-off-by: Sam James <sam <AT> gentoo.org>
11.3.0/gentoo/26_all_enable-cet.patch | 65 +++++------------------------------
1 file changed, 9 insertions(+), 56 deletions(-)
diff --git a/11.3.0/gentoo/26_all_enable-cet.patch b/11.3.0/gentoo/26_all_enable-cet.patch
index f3d189d..f6a1dce 100644
--- a/11.3.0/gentoo/26_all_enable-cet.patch
+++ b/11.3.0/gentoo/26_all_enable-cet.patch
@@ -1,6 +1,6 @@
-From ed1d323dc821e906144f4fc4c39bc16695495f73 Mon Sep 17 00:00:00 2001
+From 83efc6ce009021f27b602c1dfcf65338f761b095 Mon Sep 17 00:00:00 2001
From: Sam James <sam@gentoo.org>
-Date: Thu, 9 Dec 2021 02:39:19 +0000
+Date: Tue, 28 Dec 2021 03:42:53 +0000
Subject: [PATCH] Enable CET (-fcf-protection=full) by default
Needs:
@@ -9,42 +9,22 @@ Needs:
for now to avoid accidentally enabling it on other arches.
Only supported on amd64.
+
---
- gcc/common.opt | 2 +-
- gcc/config/i386/i386-options.c | 8 ++++++++
+ gcc/config/i386/i386-options.c | 3 +++
gcc/defaults.h | 13 +++++++++++++
- gcc/flag-types.h | 1 +
- gcc/toplev.c | 4 +++-
- 5 files changed, 26 insertions(+), 2 deletions(-)
+ 2 files changed, 16 insertions(+)
-diff --git a/gcc/common.opt b/gcc/common.opt
-index a88778b..4993a7e 100644
---- a/gcc/common.opt
-+++ b/gcc/common.opt
-@@ -1783,7 +1783,7 @@ fcf-protection
- Common RejectNegative Alias(fcf-protection=,full)
-
- fcf-protection=
--Common Joined RejectNegative Enum(cf_protection_level) Var(flag_cf_protection) Init(CF_NONE)
-+Common Joined RejectNegative Enum(cf_protection_level) Var(flag_cf_protection) Init(CF_UNSET)
- -fcf-protection=[full|branch|return|none|check] Instrument functions with checks to verify jump/call/return control-flow transfer
- instructions have valid targets.
-
diff --git a/gcc/config/i386/i386-options.c b/gcc/config/i386/i386-options.c
-index 19632b5..8ee36fe 100644
+index 19632b5..fac61af 100644
--- a/gcc/config/i386/i386-options.c
+++ b/gcc/config/i386/i386-options.c
-@@ -3049,6 +3049,14 @@ ix86_option_override_internal (bool main_args_p,
+@@ -3049,6 +3049,9 @@ ix86_option_override_internal (bool main_args_p,
= build_target_option_node (opts, opts_set);
}
-+ if (opts->x_flag_cf_protection == CF_UNSET)
-+ {
-+ if (TARGET_64BIT && TARGET_CMOV)
-+ opts->x_flag_cf_protection = DEFAULT_FLAG_CF;
-+ else
-+ opts->x_flag_cf_protection = CF_NONE;
-+ }
++ if (TARGET_64BIT && TARGET_CMOV)
++ SET_OPTION_IF_UNSET (opts, opts_set, flag_cf_protection, DEFAULT_FLAG_CF);
+
if (opts->x_flag_cf_protection != CF_NONE)
{
@@ -73,33 +53,6 @@ index 0f6cd78..5694412 100644
/* By default, the C++ compiler will use function addresses in the
vtable entries. Setting this nonzero tells the compiler to use
function descriptors instead. The value of this macro says how
-diff --git a/gcc/flag-types.h b/gcc/flag-types.h
-index a038c8f..61be0b1 100644
---- a/gcc/flag-types.h
-+++ b/gcc/flag-types.h
-@@ -389,6 +389,7 @@ enum gfc_convert
- /* Control-Flow Protection values. */
- enum cf_protection_level
- {
-+ CF_UNSET = -1,
- CF_NONE = 0,
- CF_BRANCH = 1 << 0,
- CF_RETURN = 1 << 1,
-diff --git a/gcc/toplev.c b/gcc/toplev.c
-index ea0a2a1..bac60eb 100644
---- a/gcc/toplev.c
-+++ b/gcc/toplev.c
-@@ -1297,7 +1297,9 @@ process_options (void)
- "%<-floop-nest-optimize%>, %<-floop-parallelize-all%>)");
- #endif
-
-- if (flag_cf_protection != CF_NONE
-+ /* Gentoo: we add CF_UNSET here just to be safe, but we only patch the default
-+ for amd64 + when CET is definitely enabled anyway. */
-+ if ((flag_cf_protection != CF_NONE) && (flag_cf_protection != CF_UNSET)
- && !(flag_cf_protection & CF_SET))
- {
- if (flag_cf_protection == CF_FULL)
--
2.34.1