Bug 264497 - -fcf-protection causes 'illegal hardware instruction' on Geode
Summary: -fcf-protection causes 'illegal hardware instruction' on Geode
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 13.1-RELEASE
Hardware: i386 Any
: --- Affects Some People
Assignee: freebsd-toolchain (Nobody)
URL:
Keywords: crash, needs-qa
Depends on:
Blocks:
 
Reported: 2022-06-06 12:10 UTC by Kristof Provost
Modified: 2022-11-10 21:49 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback? (toolchain)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kristof Provost freebsd_committer freebsd_triage 2022-06-06 12:10:18 UTC
I have an (old) Geode(TM) Integrated Processor by AMD PCS based i386 machine, and noticed that sudo started crashing with 'illegal hardware instruction'.

I've narrowed it down to being triggered by the '-fcf-protection ' compiler flag.

The following test code reproduces the issue:

#include <stdio.h>

int
main(void)
{
    printf("In main\n");
    return (0);
}

# cc -Wall -fcf-protection test.c -o t ; ./t
[7]    66939 illegal hardware instruction (core dumped)  ./t
Comment 1 Kristof Provost freebsd_committer freebsd_triage 2022-06-06 12:11:13 UTC
The illegal instruction appears to be:

00401710 <main>:
  401710:       f3 0f 1e fb             endbr32
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2022-06-07 00:11:04 UTC
Had an issue with Python ctype tests segfaulting [1] a few weeks ago, isolated to libffi issue [2][3]. 

See also: 

Missing ENDBR on Linux/x86 ... requires ENDBR32/ENDBR64 at indirect branch 
targets: https://github.com/libffi/libffi/issues/474 

Perhaps relevent

[1] https://github.com/python/cpython/issues/92752
[2] https://github.com/libffi/libffi/issues/710
[3] https://github.com/libffi/libffi/pull/711
Comment 3 commit-hook freebsd_committer freebsd_triage 2022-11-05 00:44:30 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=9c231325e77b1989c006daf083a3e9bd143c3d07

commit 9c231325e77b1989c006daf083a3e9bd143c3d07
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-11-04 15:59:49 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-11-05 00:42:26 +0000

    Clang: Add Diags for targets pre to i686 for -fcf-protection

    Intel Control-flow Enforcement Technology (CET) provides new
    instructions `endbr32/64` for the indirect branch control.
    They are NOPs on i686 and new targets.  We need to check for that
    in case it crashes on older targets.

    PR:             264497
    Reviewed by:    dim
    MFC after:      1 week
    Obtained from:  LLVM commit 52516782972730ff065a34123a9d8876da08c254
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D37268

 contrib/llvm-project/clang/lib/Basic/Targets/X86.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
Comment 4 commit-hook freebsd_committer freebsd_triage 2022-11-10 21:49:02 UTC
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=b0da3d887c4b3e9e1b35f4c0e9696fa6d339e82f

commit b0da3d887c4b3e9e1b35f4c0e9696fa6d339e82f
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-11-04 15:59:49 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-11-10 21:47:48 +0000

    Clang: Add Diags for targets pre to i686 for -fcf-protection

    Intel Control-flow Enforcement Technology (CET) provides new
    instructions `endbr32/64` for the indirect branch control.
    They are NOPs on i686 and new targets.  We need to check for that
    in case it crashes on older targets.

    PR:             264497, 267401
    Reviewed by:    dim
    MFC after:      1 week
    Obtained from:  LLVM commit 52516782972730ff065a34123a9d8876da08c254
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D37268

    (cherry picked from commit 9c231325e77b1989c006daf083a3e9bd143c3d07)

 contrib/llvm-project/clang/lib/Basic/Targets/X86.h | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)