From c3e45c80731672e74d638f787e80ba975279b9b9 Mon Sep 17 00:00:00 2001 From: Igor Tsimbalist Date: Mon, 3 Jul 2017 17:12:49 +0300 Subject: [PATCH 2/9] Part#2. Document -finstrument-control-flow and notrack attribute. gcc/ * doc/extend.texi: Add 'notrack' documentation. * doc/invoke.texi: Add -finstrument-control-flow documentation. * doc/rtl.texi: Add REG_CALL_NOTRACK documenation. --- gcc/doc/extend.texi | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ gcc/doc/invoke.texi | 22 ++++++++++++++++++++++ gcc/doc/rtl.texi | 15 +++++++++++++++ 3 files changed, 89 insertions(+) diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi index 6934b4c..80de8a7 100644 --- a/gcc/doc/extend.texi +++ b/gcc/doc/extend.texi @@ -5632,6 +5632,58 @@ Specify which floating-point unit to use. You must specify the @code{target("fpmath=sse,387")} option as @code{target("fpmath=sse+387")} because the comma would separate different options. + +@item notrack +@cindex @code{notrack} function attribute +The @code{notrack} attribute on a function is used to inform the +compiler that the function's prolog should not be instrumented when +compiled with the @option{-finstrument-control-flow} option. The +compiler assumes that the function's address is a valid target for a +control-flow transfer. + +The @code{notrack} attribute on a type of pointer to function is +used to inform the compiler that a call through the pointer should +not be instrumented when compiled with the +@option{-finstrument-control-flow} option. The compiler assumes +that the function's address from the pointer is a valid target for +a control-flow transfer. A direct function call through a function +name is assumed as a save call thus direct calls will not be +instrumented by the compiler. + +The @code{notrack} attribute is applied to an object's type. A +The @code{notrack} attribute is transfered to a call instruction at +the GIMPLE and RTL translation phases. The attribute is not propagated +through assignment, store and load. + +@smallexample +@{ +void (*foo)(void) __attribute__(notrack); +void (*foo1)(void) __attribute__(notrack); +void (*foo2)(void); + +int +foo (void) /* The function's address is not tracked. */ + + /* This call site is not tracked for + control-flow instrumentation. */ + (*foo1)(); + foo1 = foo2; + /* This call site is still not tracked for + control-flow instrumentation. */ + (*foo1)(); + + /* This call site is tracked for + control-flow instrumentation. */ + (*foo2)(); + foo2 = foo1; + /* This call site is still tracked for + control-flow instrumentation. */ + (*foo2)(); + + return 0; +@} +@end smallexample + @end table On the x86, the inliner does not inline a diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index 5ae9dc4..ff2ce92 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -459,6 +459,7 @@ Objective-C and Objective-C++ Dialects}. -fchkp-check-read -fchkp-check-write -fchkp-store-bounds @gol -fchkp-instrument-calls -fchkp-instrument-marked-only @gol -fchkp-use-wrappers -fchkp-flexible-struct-trailing-arrays@gol +-finstrument-control-flow @gol -fstack-protector -fstack-protector-all -fstack-protector-strong @gol -fstack-protector-explicit -fstack-check @gol -fstack-limit-register=@var{reg} -fstack-limit-symbol=@var{sym} @gol @@ -11284,6 +11285,27 @@ is used to link a program, the GCC driver automatically links against @file{libmpxwrappers}. See also @option{-static-libmpxwrappers}. Enabled by default. +@item -finstrument-control-flow +@opindex finstrument-control-flow +@opindex fno-instrument-control-flow +Enable code instrumentation of control-flow transfers to increase +a program security by checking a target address of control-flow +transfer instructions (i.e. routine call, routine return, jump) +are valid targets. This prevents diverting the control flow +instructions from its original target address to a new undesigned +target. This is intended to protect against such theats as +Return-oriented Programming (ROP), and similarly call/jmp-oriented +programming (COP/JOP). + +Each compiler, which will support the control-flow instrumentation, +is supposed to have its own target specific implementation of the +control-flow instrumentation and in case of absence of such +implementation the @option{-finstrument-control-flow} will +cause an error message. + +A user has a control through the @code{notrack} attribute to identify +which functions and calls should be skipped from instrumentation. + @item -fstack-protector @opindex fstack-protector Emit extra code to check for buffer overflows, such as stack smashing diff --git a/gcc/doc/rtl.texi b/gcc/doc/rtl.texi index 6e2799a..59b4d1a 100644 --- a/gcc/doc/rtl.texi +++ b/gcc/doc/rtl.texi @@ -4040,6 +4040,21 @@ is used in place of the actual insn pattern. This is done in cases where the pattern is either complex or misleading. @end table +The note @code{REG_CALL_NOTRACK} describe the information connected to +the code instrumentation which is done when @code{-finstrument-control-flow} +option is specified. The note is set if a @code{notrack} attribute is +specified. The note is stored in the @code{REG_NOTES} field of an insn. + +@table @code +@findex REG_CALL_NOTRACK +@item REG_CALL_NOTRACK +A user has a control through the @code{notrack} attribute to identify +which call to a function should be skipped from instrumentation. The +compiler puts a @samp{REG_CALL_NOTRACK} note on @samp{CALL_INSN} +instruction, which has a function type marked with a @code{notrack} +attribute. +@end table + For convenience, the machine mode in an @code{insn_list} or @code{expr_list} is printed using these symbolic codes in debugging dumps. -- 1.8.3.1