diff options
| author | Igor Tsimbalist <igor.v.tsimbalist@intel.com> | 2017-10-20 15:09:38 +0200 |
|---|---|---|
| committer | Igor Tsimbalist <itsimbal@gcc.gnu.org> | 2017-10-20 15:09:38 +0200 |
| commit | 5c5f0b65eebe36489d5c44a3d138c2844049d4c0 (patch) | |
| tree | 07ee35844abbf2889c4ed953d998c4fe78bf9dd9 /gcc/c-family | |
| parent | e64944ac65c3e0bb4115873f17b9c48f06c3813a (diff) | |
| download | gcc-5c5f0b65eebe36489d5c44a3d138c2844049d4c0.zip gcc-5c5f0b65eebe36489d5c44a3d138c2844049d4c0.tar.gz gcc-5c5f0b65eebe36489d5c44a3d138c2844049d4c0.tar.bz2 | |
Add generic part for Intel CET enabling. The spec is available at
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
A proposal is to introduce a target independent flag
-fcf-protection=[none|branch|return|full] with a semantic to
instrument a code to control validness or integrity of control-flow
transfers using jump and call instructions. The main goal is to detect
and block a possible malware execution through transfer the execution
to unknown target address. Implementation could be either software or
target based. Any target platforms can provide their implementation
for instrumentation under this option.
The compiler should instrument any control-flow transfer points in a
program (ex. call/jmp/ret) as well as any landing pads, which are
targets of control-flow transfers.
A new 'nocf_check' attribute is introduced to provide hand tuning
support. The attribute directs the compiler to skip a call to a
function and a function's landing pad from instrumentation. The
attribute can be used for function and pointer to function types,
otherwise it will be ignored.
Currently all platforms except i386 will report the error and do no
instrumentation. i386 will provide the implementation based on a
specification published by Intel for a new technology called
Control-flow Enforcement Technology (CET).
gcc/c-family/
* c-attribs.c (handle_nocf_check_attribute): New function.
(c_common_attribute_table): Add 'nocf_check' handling.
gcc/c/
* gimple-parser.c: Add second argument NULL to
gimple_build_call_from_tree.
gcc/
* attrib.c (comp_type_attributes): Check nocf_check attribute.
* cfgexpand.c (expand_call_stmt): Set REG_CALL_NOCF_CHECK for
call insn.
* combine.c (distribute_notes): Add REG_CALL_NOCF_CHECK handling.
* common.opt: Add fcf-protection flag.
* emit-rtl.c (try_split): Add REG_CALL_NOCF_CHECK handling.
* flag-types.h: Add enum cf_protection_level.
* gimple.c (gimple_build_call_from_tree): Add second parameter.
Add 'nocf_check' attribute propagation to gimple call.
* gimple.h (gf_mask): Add GF_CALL_NOCF_CHECK.
(gimple_build_call_from_tree): Update prototype.
(gimple_call_nocf_check_p): New function.
(gimple_call_set_nocf_check): Likewise.
* gimplify.c: Add second argument to gimple_build_call_from_tree.
* ipa-icf.c: Add nocf_check attribute in statement hash.
* recog.c (peep2_attempt): Add REG_CALL_NOCF_CHECK handling.
* reg-notes.def: Add REG_NOTE (CALL_NOCF_CHECK).
* toplev.c (process_options): Add flag_cf_protection handling.
From-SVN: r253936
Diffstat (limited to 'gcc/c-family')
| -rw-r--r-- | gcc/c-family/c-attribs.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/gcc/c-family/c-attribs.c b/gcc/c-family/c-attribs.c index bd8ca30..bb75cba 100644 --- a/gcc/c-family/c-attribs.c +++ b/gcc/c-family/c-attribs.c @@ -65,6 +65,7 @@ static tree handle_asan_odr_indicator_attribute (tree *, tree, tree, int, static tree handle_stack_protect_attribute (tree *, tree, tree, int, bool *); static tree handle_noinline_attribute (tree *, tree, tree, int, bool *); static tree handle_noclone_attribute (tree *, tree, tree, int, bool *); +static tree handle_nocf_check_attribute (tree *, tree, tree, int, bool *); static tree handle_noicf_attribute (tree *, tree, tree, int, bool *); static tree handle_noipa_attribute (tree *, tree, tree, int, bool *); static tree handle_leaf_attribute (tree *, tree, tree, int, bool *); @@ -367,6 +368,8 @@ const struct attribute_spec c_common_attribute_table[] = { "patchable_function_entry", 1, 2, true, false, false, handle_patchable_function_entry_attribute, false }, + { "nocf_check", 0, 0, false, true, true, + handle_nocf_check_attribute, true }, { NULL, 0, 0, false, false, false, NULL, false } }; @@ -772,6 +775,30 @@ handle_noclone_attribute (tree *node, tree name, return NULL_TREE; } +/* Handle a "nocf_check" attribute; arguments as in + struct attribute_spec.handler. */ + +static tree +handle_nocf_check_attribute (tree *node, tree name, + tree ARG_UNUSED (args), + int ARG_UNUSED (flags), bool *no_add_attrs) +{ + if (TREE_CODE (*node) != FUNCTION_TYPE + && TREE_CODE (*node) != METHOD_TYPE) + { + warning (OPT_Wattributes, "%qE attribute ignored", name); + *no_add_attrs = true; + } + else if (!(flag_cf_protection & CF_BRANCH)) + { + warning (OPT_Wattributes, "%qE attribute ignored. Use " + "-fcf-protection option to enable it", name); + *no_add_attrs = true; + } + + return NULL_TREE; +} + /* Handle a "no_icf" attribute; arguments as in struct attribute_spec.handler. */ |