aarch64: ensure bti c is emitted at function start [PR94697]

The bti pass currently first emits bti c at function start
if there is no paciasp (which also acts as indirect call
landing pad), then bti j is emitted at jump labels, however
if there is a label right before paciasp then the function
start can end up like

  foo:
  label:
    bti j
    paciasp
    ...

This patch is a minimal fix that just moves the bti c handling
after the bti j handling so we end up with

  foo:
    bti c
  label:
    bti j
    paciasp
    ...

This could be improved by emitting bti jc in this case, or by
detecting that the label is not in fact an indirect jump target
and then this situation would be much less common.

Needs to be backported to gcc-9 branch.

Backported without the testcase because of missing infrastructure
for check-function-bodies.

gcc/ChangeLog:

	Backport from mainline.
	2020-04-23  Szabolcs Nagy  <szabolcs.nagy@arm.com>

	PR target/94697
	* config/aarch64/aarch64-bti-insert.c (rest_of_insert_bti): Swap
	bti c and bti j handling.

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index b36c9d53d26bd606c9f59c24830244aa68d0d727..1b814c7308bdf93e5455c2b88f613eb3505403b6 100644 (file)
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,12 @@
+2020-05-14  Szabolcs Nagy  <szabolcs.nagy@arm.com>
+
+       Backport from mainline.
+       2020-04-23  Szabolcs Nagy  <szabolcs.nagy@arm.com>
+
+       PR target/94697
+       * config/aarch64/aarch64-bti-insert.c (rest_of_insert_bti): Swap
+       bti c and bti j handling.
+
 2020-05-14  Szabolcs Nagy  <szabolcs.nagy@arm.com>
 
        Backport from mainline.

diff --git a/gcc/config/aarch64/aarch64-bti-insert.c b/gcc/config/aarch64/aarch64-bti-insert.c
index e519a0f0ac1751f4268e03381757bc1a10c13144..9e0fc168435db4ed77f0954ddc40f0df2d2b6251 100644 (file)
--- a/gcc/config/aarch64/aarch64-bti-insert.c
+++ b/gcc/config/aarch64/aarch64-bti-insert.c
@@ -130,22 +130,6 @@ rest_of_insert_bti (void)
   rtx_insn *insn;
   basic_block bb;
 
-  /* Since a Branch Target Exception can only be triggered by an indirect call,
-     we exempt function that are only called directly.  We also exempt
-     functions that are already protected by Return Address Signing (PACIASP/
-     PACIBSP).  For all other cases insert a BTI C at the beginning of the
-     function.  */
-  if (!cgraph_node::get (cfun->decl)->only_called_directly_p ())
-    {
-      bb = ENTRY_BLOCK_PTR_FOR_FN (cfun)->next_bb;
-      insn = BB_HEAD (bb);
-      if (!aarch64_pac_insn_p (get_first_nonnote_insn ()))
-       {
-         bti_insn = gen_bti_c ();
-         emit_insn_before (bti_insn, insn);
-       }
-    }
-
   bb = 0;
   FOR_EACH_BB_FN (bb, cfun)
     {
@@ -201,6 +185,22 @@ rest_of_insert_bti (void)
        }
     }
 
+  /* Since a Branch Target Exception can only be triggered by an indirect call,
+     we exempt function that are only called directly.  We also exempt
+     functions that are already protected by Return Address Signing (PACIASP/
+     PACIBSP).  For all other cases insert a BTI C at the beginning of the
+     function.  */
+  if (!cgraph_node::get (cfun->decl)->only_called_directly_p ())
+    {
+      bb = ENTRY_BLOCK_PTR_FOR_FN (cfun)->next_bb;
+      insn = BB_HEAD (bb);
+      if (!aarch64_pac_insn_p (get_first_nonnote_insn ()))
+       {
+         bti_insn = gen_bti_c ();
+         emit_insn_before (bti_insn, insn);
+       }
+    }
+
   timevar_pop (TV_MACH_DEP);
   return 0;
 }