From b5dcccfb12385ee492eb074f6beb9ead56b5e5fd Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Mon, 1 Jan 2024 07:55:18 -0800 Subject: x86/cet: Add -fcf-protection=none before -fcf-protection=branch When shadow stack is enabled, some CET tests failed when compiled with GCC 14: FAIL: elf/tst-cet-legacy-4 FAIL: elf/tst-cet-legacy-5a FAIL: elf/tst-cet-legacy-6a which are caused by https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113039 These tests use -fcf-protection -fcf-protection=branch and assume that -fcf-protection=branch will override -fcf-protection. But this GCC 14 commit: https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1c6231c05bdcca changed the -fcf-protection behavior such that -fcf-protection -fcf-protection=branch is treated the same as -fcf-protection Use -fcf-protection -fcf-protection=none -fcf-protection=branch as the workaround. This fixes BZ #31187. Tested with GCC 13 and GCC 14 on Intel Tiger Lake. Reviewed-by: Noah Goldstein --- sysdeps/x86/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile index a49b13c595..5c8ab64c4d 100644 --- a/sysdeps/x86/Makefile +++ b/sysdeps/x86/Makefile @@ -215,12 +215,12 @@ modules-names += \ tst-cet-legacy-mod-6c \ # modules-names -CFLAGS-tst-cet-legacy-2.c += -fcf-protection=branch +CFLAGS-tst-cet-legacy-2.c += -fcf-protection=none -fcf-protection=branch CFLAGS-tst-cet-legacy-2a.c += -fcf-protection CFLAGS-tst-cet-legacy-mod-1.c += -fcf-protection=none CFLAGS-tst-cet-legacy-mod-2.c += -fcf-protection=none CFLAGS-tst-cet-legacy-3.c += -fcf-protection=none -CFLAGS-tst-cet-legacy-4.c += -fcf-protection=branch +CFLAGS-tst-cet-legacy-4.c += -fcf-protection=none -fcf-protection=branch CPPFLAGS-tst-cet-legacy-4a.c += -DCET_IS_PERMISSIVE=1 CFLAGS-tst-cet-legacy-4a.c += -fcf-protection CFLAGS-tst-cet-legacy-4b.c += -fcf-protection @@ -231,7 +231,7 @@ CPPFLAGS-tst-cet-legacy-5a.c += -DCET_IS_PERMISSIVE=1 endif CFLAGS-tst-cet-legacy-5b.c += -fcf-protection -mshstk CPPFLAGS-tst-cet-legacy-5b.c += -DCET_DISABLED_BY_ENV=1 -CFLAGS-tst-cet-legacy-mod-5a.c += -fcf-protection=branch +CFLAGS-tst-cet-legacy-mod-5a.c += -fcf-protection=none -fcf-protection=branch CFLAGS-tst-cet-legacy-mod-5b.c += -fcf-protection CFLAGS-tst-cet-legacy-mod-5c.c += -fcf-protection CFLAGS-tst-cet-legacy-6a.c += -fcf-protection -mshstk @@ -240,7 +240,7 @@ CPPFLAGS-tst-cet-legacy-6a.c += -DCET_IS_PERMISSIVE=1 endif CFLAGS-tst-cet-legacy-6b.c += -fcf-protection -mshstk CPPFLAGS-tst-cet-legacy-6b.c += -DCET_DISABLED_BY_ENV=1 -CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=branch +CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=none -fcf-protection=branch CFLAGS-tst-cet-legacy-mod-6b.c += -fcf-protection CFLAGS-tst-cet-legacy-mod-6c.c += -fcf-protection CFLAGS-tst-cet-legacy-7.c += -fcf-protection=none -- cgit 1.4.1