From: H.J. Lu Date: Mon, 1 Jan 2024 15:55:18 +0000 (-0800) Subject: x86/cet: Add -fcf-protection=none before -fcf-protection=branch X-Git-Tag: glibc-2.39~146 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b5dcccfb12385ee492eb074f6beb9ead56b5e5fd;p=thirdparty%2Fglibc.git x86/cet: Add -fcf-protection=none before -fcf-protection=branch When shadow stack is enabled, some CET tests failed when compiled with GCC 14: FAIL: elf/tst-cet-legacy-4 FAIL: elf/tst-cet-legacy-5a FAIL: elf/tst-cet-legacy-6a which are caused by https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113039 These tests use -fcf-protection -fcf-protection=branch and assume that -fcf-protection=branch will override -fcf-protection. But this GCC 14 commit: https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=1c6231c05bdcca changed the -fcf-protection behavior such that -fcf-protection -fcf-protection=branch is treated the same as -fcf-protection Use -fcf-protection -fcf-protection=none -fcf-protection=branch as the workaround. This fixes BZ #31187. Tested with GCC 13 and GCC 14 on Intel Tiger Lake. Reviewed-by: Noah Goldstein --- diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile index a49b13c5955..5c8ab64c4d6 100644 --- a/sysdeps/x86/Makefile +++ b/sysdeps/x86/Makefile @@ -215,12 +215,12 @@ modules-names += \ tst-cet-legacy-mod-6c \ # modules-names -CFLAGS-tst-cet-legacy-2.c += -fcf-protection=branch +CFLAGS-tst-cet-legacy-2.c += -fcf-protection=none -fcf-protection=branch CFLAGS-tst-cet-legacy-2a.c += -fcf-protection CFLAGS-tst-cet-legacy-mod-1.c += -fcf-protection=none CFLAGS-tst-cet-legacy-mod-2.c += -fcf-protection=none CFLAGS-tst-cet-legacy-3.c += -fcf-protection=none -CFLAGS-tst-cet-legacy-4.c += -fcf-protection=branch +CFLAGS-tst-cet-legacy-4.c += -fcf-protection=none -fcf-protection=branch CPPFLAGS-tst-cet-legacy-4a.c += -DCET_IS_PERMISSIVE=1 CFLAGS-tst-cet-legacy-4a.c += -fcf-protection CFLAGS-tst-cet-legacy-4b.c += -fcf-protection @@ -231,7 +231,7 @@ CPPFLAGS-tst-cet-legacy-5a.c += -DCET_IS_PERMISSIVE=1 endif CFLAGS-tst-cet-legacy-5b.c += -fcf-protection -mshstk CPPFLAGS-tst-cet-legacy-5b.c += -DCET_DISABLED_BY_ENV=1 -CFLAGS-tst-cet-legacy-mod-5a.c += -fcf-protection=branch +CFLAGS-tst-cet-legacy-mod-5a.c += -fcf-protection=none -fcf-protection=branch CFLAGS-tst-cet-legacy-mod-5b.c += -fcf-protection CFLAGS-tst-cet-legacy-mod-5c.c += -fcf-protection CFLAGS-tst-cet-legacy-6a.c += -fcf-protection -mshstk @@ -240,7 +240,7 @@ CPPFLAGS-tst-cet-legacy-6a.c += -DCET_IS_PERMISSIVE=1 endif CFLAGS-tst-cet-legacy-6b.c += -fcf-protection -mshstk CPPFLAGS-tst-cet-legacy-6b.c += -DCET_DISABLED_BY_ENV=1 -CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=branch +CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=none -fcf-protection=branch CFLAGS-tst-cet-legacy-mod-6b.c += -fcf-protection CFLAGS-tst-cet-legacy-mod-6c.c += -fcf-protection CFLAGS-tst-cet-legacy-7.c += -fcf-protection=none