From eedc73a224df61694fe4802ddec8eb9ad1822f32 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 28 Apr 2020 05:42:34 -0700
Subject: Check whether -fcf-protection=none -Wl,-z,ibt,-z,shstk work first

GCC_CET_HOST_FLAGS uses -Wl,-z,ibt,-z,shstk to check if Linux/x86 host
has Intel CET enabled by introducing an Intel CET violation on purpose.
To avoid false positive, check whether -Wl,-z,ibt,-z,shstk works first.
-fcf-protection=none is added to avoid false negative when -fcf-protection
is enabled by default.

config/

	PR bootstrap/94739
	* cet.m4 (GCC_CET_HOST_FLAGS): Add -fcf-protection=none to
	-Wl,-z,ibt,-z,shstk.  Check whether -fcf-protection=none
	-Wl,-z,ibt,-z,shstk works first.

libiberty/

	PR bootstrap/94739
	* configure: Regenerated.

lto-plugin/

	PR bootstrap/94739
	* configure: Regenerated.
---
 config/ChangeLog |  7 +++++++
 config/cet.m4    | 17 ++++++++++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)

(limited to 'config')

diff --git a/config/ChangeLog b/config/ChangeLog
index bd650f5..5ab14d9 100644
--- a/config/ChangeLog
+++ b/config/ChangeLog
@@ -1,3 +1,10 @@
+2020-04-28  H.J. Lu  <hongjiu.lu@intel.com>
+
+	PR bootstrap/94739
+	* cet.m4 (GCC_CET_HOST_FLAGS): Add -fcf-protection=none to
+	-Wl,-z,ibt,-z,shstk.  Check whether -fcf-protection=none
+	-Wl,-z,ibt,-z,shstk works first.
+
 2020-04-25  H.J. Lu  <hongjiu.lu@intel.com>
 
 	PR bootstrap/94739
diff --git a/config/cet.m4 b/config/cet.m4
index 8b9e01f..ea616b7 100644
--- a/config/cet.m4
+++ b/config/cet.m4
@@ -98,9 +98,19 @@ asm ("setssbsy");
     ;;
 esac
 
+save_CFLAGS="$CFLAGS"
+CFLAGS="$CFLAGS -fcf-protection=none"
+save_LDFLAGS="$LDFLAGS"
+LDFLAGS="$LDFLAGS -Wl,-z,ibt,-z,shstk"
+if test x$may_have_cet = xyes; then
+  # Check whether -fcf-protection=none -Wl,-z,ibt,-z,shstk work.
+  AC_TRY_LINK(
+    [],[return 0;],
+    [may_have_cet=yes],
+    [may_have_cet=no])
+fi
+
 if test x$may_have_cet = xyes; then
-  save_LDFLAGS="$LDFLAGS"
-  LDFLAGS="$LDFLAGS -Wl,-z,ibt,-z,shstk"
   AC_TRY_RUN([
 static void
 foo (void)
@@ -130,7 +140,6 @@ main ()
   ],
   [have_cet=no],
   [have_cet=yes])
-  LDFLAGS="$save_LDFLAGS"
   if test x$enable_cet = xno -a x$have_cet = xyes; then
     AC_MSG_ERROR([Intel CET must be enabled on Intel CET enabled host])
   fi
@@ -141,4 +150,6 @@ if test x$enable_cet = xyes; then
 else
   AC_MSG_RESULT([no])
 fi
+CFLAGS="$save_CFLAGS"
+LDFLAGS="$save_LDFLAGS"
 ])
-- 
cgit v1.1