<html>

    <head>

      <base href="https://bugs.llvm.org/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Need indirect_return function attribute"

   href="https://bugs.llvm.org/show_bug.cgi?id=38207">38207</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Need indirect_return function attribute

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>new-bugs

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>new bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>hjl.tools@gmail.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>On x86, swapcontext may return via indirect branch when shadow stack

is enabled.  To support code instrumentation of control-flow transfers

with -fcf-protection, add indirect_return function attribute to inform

compiler that a function may return via indirect branch.

Note: Unlike setjmp, swapcontext only returns once.  Mark it return

twice will unnecessarily disable compiler optimization as shown in

the testcase here.

This has been implemented in GCC 9:

<a href="https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=d4d9fba553cd199f422fbd10cf3de72a9b0eafa8">https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=d4d9fba553cd199f422fbd10cf3de72a9b0eafa8</a>

We need a way to generate ENDBR in compiler-rt:

INTERCEPTOR(int, swapcontext, struct ucontext_t *oucp,

            struct ucontext_t *ucp) {

  static bool reported_warning = false;

  if (!reported_warning) {

    Report("WARNING: ASan doesn't fully support makecontext/swapcontext "

           "functions and may produce false positives in some cases!\n");

    reported_warning = true;

  }

  // Clear shadow memory for new context (it may share stack

  // with current context).

  uptr stack, ssize;

  ReadContextStack(ucp, &stack, &ssize);

  ClearShadowMemoryForContextStack(stack, ssize);

  int res = REAL(swapcontext)(oucp, ucp);

<<<< Need ENDBR here.

  // swapcontext technically does not return, but program may swap context to

  // "oucp" later, that would look as if swapcontext() returned 0.

  // We need to clear shadow for ucp once again, as it may be in arbitrary

  // state.

  ClearShadowMemoryForContextStack(stack, ssize);

  return res;

}</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>