[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1014851: marked as done (Missing SLS mitigation (-mharden-sls) for x86)

Your message dated Mon, 18 Jul 2022 14:36:00 +0000
with message-id <E1oDRqq-000FKc-Us@fasolo.debian.org>
and subject line Bug#1014851: fixed in gcc-10 10.4.0-2
has caused the Debian Bug report #1014851,
regarding Missing SLS mitigation (-mharden-sls) for x86
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1014851: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014851
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: gcc-10
Version: 10.2.1-6
Severity: normal
Tags: patch bullseye
X-Debbugs-Cc: debian-kernel@lists.debian.org

In an upcoming kernel update I would like to add mitigation of
Straight Line Speculation (SLS) for amd64.  This depends partly on
compiler support, enabled with the -mharden-sls option, which is
currently only available in gcc 11 and 12.

Attached is a debdiff that adds this to gcc-10.  I have:

- Rebuilt the package, with no test regressions
- Built a working kernel package with SLS (and return thunks) enabled

The debdiff is against the bullseye version.  I haven't tested the
latest version since we are using gcc-11 in testing/unstable.

I still have to check whether the kernel really still needs this
option in the compiler, since it also builds with retpolines and
rethunks and can replace those jumps with SLS mitigation instead where
appropriate.

Ben.

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'oldstable-updates'), (500, 'unstable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.18.0-2-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gcc-10 depends on:
ii  binutils       2.38.50.20220629-2
ii  cpp-10         10.4.0-1
ii  gcc-10-base    10.4.0-1
ii  libc6          2.33-7
ii  libcc1-0       12.1.0-5
ii  libgcc-10-dev  10.4.0-1
ii  libgcc-s1      12.1.0-5
ii  libgmp10       2:6.2.1+dfsg1-1
ii  libisl23       0.24-2
ii  libmpc3        1.2.1-2
ii  libmpfr6       4.1.0-3
ii  libstdc++6     12.1.0-5
ii  libzstd1       1.5.2+dfsg-1
ii  zlib1g         1:1.2.11.dfsg-4

Versions of packages gcc-10 recommends:
ii  libc6-dev  2.33-7

Versions of packages gcc-10 suggests:
ii  gcc-10-doc       10.3.0-2
pn  gcc-10-locales   <none>
ii  gcc-10-multilib  10.4.0-1

-- debconf-show failed

diff -Nru gcc-10-10.2.1/debian/changelog gcc-10-10.2.1/debian/changelog
--- gcc-10-10.2.1/debian/changelog	2021-01-10 12:35:39.000000000 +0100
+++ gcc-10-10.2.1/debian/changelog	2022-07-11 15:02:37.000000000 +0200
@@ -1,3 +1,9 @@
+gcc-10 (10.2.1-6.1) UNRELEASED; urgency=medium
+
+  * Backport support for -mharden-sls for x86
+
+ -- Ben Hutchings <benh@debian.org>  Mon, 11 Jul 2022 15:02:37 +0200
+
 gcc-10 (10.2.1-6) unstable; urgency=medium
 
   * Update to git 20210110 from the gcc-10 branch.
diff -Nru gcc-10-10.2.1/debian/patches/x86-add-mharden-sls-none-all-return-indirect-branch.diff gcc-10-10.2.1/debian/patches/x86-add-mharden-sls-none-all-return-indirect-branch.diff
--- gcc-10-10.2.1/debian/patches/x86-add-mharden-sls-none-all-return-indirect-branch.diff	1970-01-01 01:00:00.000000000 +0100
+++ gcc-10-10.2.1/debian/patches/x86-add-mharden-sls-none-all-return-indirect-branch.diff	2022-07-11 15:02:37.000000000 +0200
@@ -0,0 +1,247 @@
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Wed, 27 Oct 2021 07:48:54 -0700
+Subject: [PATCH] x86: Add -mharden-sls=[none|all|return|indirect-branch]
+Origin: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=39d944c4237e5d35e28a2668d3b9a2e0f6f7bd01
+
+Add -mharden-sls= to mitigate against straight line speculation (SLS)
+for function return and indirect branch by adding an INT3 instruction
+after function return and indirect branch.
+
+gcc/
+
+	PR target/102952
+	* config/i386/i386-opts.h (harden_sls): New enum.
+	* config/i386/i386.c (output_indirect_thunk): Mitigate against
+	SLS for function return.
+	(ix86_output_function_return): Likewise.
+	(ix86_output_jmp_thunk_or_indirect): Mitigate against indirect
+	branch.
+	(ix86_output_indirect_jmp): Likewise.
+	(ix86_output_call_insn): Likewise.
+	* config/i386/i386.opt: Add -mharden-sls=.
+	* doc/invoke.texi: Document -mharden-sls=.
+
+gcc/testsuite/
+
+	PR target/102952
+	* gcc.target/i386/harden-sls-1.c: New test.
+	* gcc.target/i386/harden-sls-2.c: Likewise.
+	* gcc.target/i386/harden-sls-3.c: Likewise.
+	* gcc.target/i386/harden-sls-4.c: Likewise.
+	* gcc.target/i386/harden-sls-5.c: Likewise.
+
+(cherry picked from commit 53a643f8568067d7700a9f2facc8ba39974973d3)
+[benh:
+ - Drop changes in gcc/doc/invoke.texi, which is not included in the
+   Debian package
+ - Use NULL instead of nullptr]
+---
+ gcc/config/i386/i386-opts.h                  |  7 +++++++
+ gcc/config/i386/i386.c                       | 21 +++++++++++++-------
+ gcc/config/i386/i386.opt                     | 20 +++++++++++++++++++
+ gcc/doc/invoke.texi                          | 10 +++++++++-
+ gcc/testsuite/gcc.target/i386/harden-sls-1.c | 14 +++++++++++++
+ gcc/testsuite/gcc.target/i386/harden-sls-2.c | 14 +++++++++++++
+ gcc/testsuite/gcc.target/i386/harden-sls-3.c | 14 +++++++++++++
+ gcc/testsuite/gcc.target/i386/harden-sls-4.c | 16 +++++++++++++++
+ gcc/testsuite/gcc.target/i386/harden-sls-5.c | 17 ++++++++++++++++
+ 9 files changed, 125 insertions(+), 8 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-1.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-2.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-3.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-4.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-5.c
+
+--- a/src/gcc/config/i386/i386-opts.h
++++ b/src/gcc/config/i386/i386-opts.h
+@@ -125,4 +125,11 @@ enum instrument_return {
+   instrument_return_nop5
+ };
+ 
++enum harden_sls {
++  harden_sls_none = 0,
++  harden_sls_return = 1 << 0,
++  harden_sls_indirect_branch = 1 << 1,
++  harden_sls_all = harden_sls_return | harden_sls_indirect_branch
++};
++
+ #endif
+--- a/src/gcc/config/i386/i386.c
++++ b/src/gcc/config/i386/i386.c
+@@ -5478,6 +5478,8 @@ output_indirect_thunk (unsigned int regn
+     }
+ 
+   fputs ("\tret\n", asm_out_file);
++  if ((ix86_harden_sls & harden_sls_return))
++    fputs ("\tint3\n", asm_out_file);
+ }
+ 
+ /* Output a funtion with a call and return thunk for indirect branch.
+@@ -15426,6 +15428,8 @@ ix86_output_jmp_thunk_or_indirect (const
+       fprintf (asm_out_file, "\tjmp\t");
+       assemble_name (asm_out_file, thunk_name);
+       putc ('\n', asm_out_file);
++      if ((ix86_harden_sls & harden_sls_indirect_branch))
++	fputs ("\tint3\n", asm_out_file);
+     }
+   else
+     output_indirect_thunk (regno);
+@@ -15648,10 +15652,10 @@ ix86_output_indirect_jmp (rtx call_op)
+ 	gcc_unreachable ();
+ 
+       ix86_output_indirect_branch (call_op, "%0", true);
+-      return "";
+     }
+   else
+-    return "%!jmp\t%A0";
++    output_asm_insn ("%!jmp\t%A0", &call_op);
++  return (ix86_harden_sls & harden_sls_indirect_branch) ? "int3" : "";
+ }
+ 
+ /* Output return instrumentation for current function if needed.  */
+@@ -15719,10 +15723,8 @@ ix86_output_function_return (bool long_p
+       return "";
+     }
+ 
+-  if (!long_p)
+-    return "ret";
+-
+-  return "rep%; ret";
++  output_asm_insn (long_p ? "rep%; ret" : "ret", NULL);
++  return (ix86_harden_sls & harden_sls_return) ? "int3" : "";
+ }
+ 
+ /* Output indirect function return.  RET_OP is the function return
+@@ -15817,7 +15819,12 @@ ix86_output_call_insn (rtx_insn *insn, r
+       if (output_indirect_p && !direct_p)
+ 	ix86_output_indirect_branch (call_op, xasm, true);
+       else
+-	output_asm_insn (xasm, &call_op);
++	{
++	  output_asm_insn (xasm, &call_op);
++	  if (!direct_p
++	      && (ix86_harden_sls & harden_sls_indirect_branch))
++	    return "int3";
++	}
+       return "";
+     }
+ 
+--- a/src/gcc/config/i386/i386.opt
++++ b/src/gcc/config/i386/i386.opt
+@@ -1109,6 +1109,26 @@ mrecord-return
+ Target Report Var(ix86_flag_record_return) Init(0)
+ Generate a __return_loc section pointing to all return instrumentation code.
+ 
++mharden-sls=
++Target RejectNegative Joined Enum(harden_sls) Var(ix86_harden_sls) Init(harden_sls_none)
++Generate code to mitigate against straight line speculation.
++
++Enum
++Name(harden_sls) Type(enum harden_sls)
++Known choices for mitigation against straight line speculation with -mharden-sls=:
++
++EnumValue
++Enum(harden_sls) String(none) Value(harden_sls_none)
++
++EnumValue
++Enum(harden_sls) String(return) Value(harden_sls_return)
++
++EnumValue
++Enum(harden_sls) String(indirect-branch) Value(harden_sls_indirect_branch)
++
++EnumValue
++Enum(harden_sls) String(all) Value(harden_sls_all)
++
+ mavx512bf16
+ Target Report Mask(ISA2_AVX512BF16) Var(ix86_isa_flags2) Save
+ Support MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AVX, AVX2, AVX512F and
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/harden-sls-1.c
+@@ -0,0 +1,14 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-extern -mharden-sls=all" } */
++/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
++
++extern void foo (void);
++
++void
++bar (void)
++{
++  foo ();
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]+_?foo" } } */
++/* { dg-final { scan-assembler-not {int3} } } */
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/harden-sls-2.c
+@@ -0,0 +1,14 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk-extern -mharden-sls=all" } */
++/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
++
++extern void (*fptr) (void);
++
++void
++foo (void)
++{
++  fptr ();
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]+_?__x86_indirect_thunk_(r|e)ax" } } */
++/* { dg-final { scan-assembler-times "int3" 1 } } */
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/harden-sls-3.c
+@@ -0,0 +1,14 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=thunk -mharden-sls=all" } */
++/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
++
++extern void (*fptr) (void);
++
++void
++foo (void)
++{
++  fptr ();
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]+_?__x86_indirect_thunk_(r|e)ax" } } */
++/* { dg-final { scan-assembler-times "int3" 2 } } */
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/harden-sls-4.c
+@@ -0,0 +1,16 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mindirect-branch=keep -mharden-sls=all" } */
++/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
++
++extern void (*fptr) (void);
++
++void
++foo (void)
++{
++  fptr ();
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]+\\*_?fptr" { target { ! x32 } } } } */
++/* { dg-final { scan-assembler "movl\[ \t\]+fptr\\(%rip\\), %eax" { target x32 } } } */
++/* { dg-final { scan-assembler "jmp\[ \t\]+\\*%rax" { target x32 } } } */
++/* { dg-final { scan-assembler-times "int3" 1 } } */
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/harden-sls-5.c
+@@ -0,0 +1,17 @@
++/* { dg-do compile } */
++/* { dg-options "-O2 -mno-indirect-branch-register -mfunction-return=keep -mindirect-branch=thunk-extern -mharden-sls=return" } */
++/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
++
++typedef void (*dispatch_t)(long offset);
++
++dispatch_t dispatch;
++
++int
++male_indirect_jump (long offset)
++{
++  dispatch(offset);
++  return 0;
++}
++
++/* { dg-final { scan-assembler-times "ret" 1 } } */
++/* { dg-final { scan-assembler-times "int3" 1 } } */
diff -Nru gcc-10-10.2.1/debian/patches/x86-add-mindirect-branch-cs-prefix.diff gcc-10-10.2.1/debian/patches/x86-add-mindirect-branch-cs-prefix.diff
--- gcc-10-10.2.1/debian/patches/x86-add-mindirect-branch-cs-prefix.diff	1970-01-01 01:00:00.000000000 +0100
+++ gcc-10-10.2.1/debian/patches/x86-add-mindirect-branch-cs-prefix.diff	2022-07-11 15:02:37.000000000 +0200
@@ -0,0 +1,108 @@
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Wed, 27 Oct 2021 06:27:15 -0700
+Subject: [PATCH 1/1] x86: Add -mindirect-branch-cs-prefix
+Origin: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=5d928740a533cd9e78673fad7ea86d20b2142277
+
+Add -mindirect-branch-cs-prefix to add CS prefix to call and jmp to
+indirect thunk with branch target in r8-r15 registers so that the call
+and jmp instruction length is 6 bytes to allow them to be replaced with
+"lfence; call *%r8-r15" or "lfence; jmp *%r8-r15" at run-time.
+
+gcc/
+
+	PR target/102952
+	* config/i386/i386.c (ix86_output_jmp_thunk_or_indirect): Emit
+	CS prefix for -mindirect-branch-cs-prefix.
+	(ix86_output_indirect_branch_via_reg): Likewise.
+	* config/i386/i386.opt: Add -mindirect-branch-cs-prefix.
+	* doc/invoke.texi: Document -mindirect-branch-cs-prefix.
+
+gcc/testsuite/
+
+	PR target/102952
+	* gcc.target/i386/indirect-thunk-cs-prefix-1.c: New test.
+	* gcc.target/i386/indirect-thunk-cs-prefix-2.c: Likewise.
+
+(cherry picked from commit 2196a681d7810ad8b227bf983f38ba716620545e)
+[benh: Drop changes in gcc/doc/invoke.texi, which is not included in
+ the Debian package]
+---
+ gcc/config/i386/i386.c                            |  6 ++++++
+ gcc/config/i386/i386.opt                          |  4 ++++
+ gcc/doc/invoke.texi                               | 10 +++++++++-
+ .../gcc.target/i386/indirect-thunk-cs-prefix-1.c  | 14 ++++++++++++++
+ .../gcc.target/i386/indirect-thunk-cs-prefix-2.c  | 15 +++++++++++++++
+ 5 files changed, 48 insertions(+), 1 deletion(-)
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-1.c
+ create mode 100644 gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-2.c
+
+--- a/src/gcc/config/i386/i386.c
++++ b/src/gcc/config/i386/i386.c
+@@ -15425,6 +15425,9 @@ ix86_output_jmp_thunk_or_indirect (const
+ {
+   if (thunk_name != NULL)
+     {
++      if (REX_INT_REGNO_P (regno)
++	  && ix86_indirect_branch_cs_prefix)
++	fprintf (asm_out_file, "\tcs\n");
+       fprintf (asm_out_file, "\tjmp\t");
+       assemble_name (asm_out_file, thunk_name);
+       putc ('\n', asm_out_file);
+@@ -15478,6 +15481,9 @@ ix86_output_indirect_branch_via_reg (rtx
+     {
+       if (thunk_name != NULL)
+ 	{
++	  if (REX_INT_REGNO_P (regno)
++	      && ix86_indirect_branch_cs_prefix)
++	    fprintf (asm_out_file, "\tcs\n");
+ 	  fprintf (asm_out_file, "\tcall\t");
+ 	  assemble_name (asm_out_file, thunk_name);
+ 	  putc ('\n', asm_out_file);
+--- a/src/gcc/config/i386/i386.opt
++++ b/src/gcc/config/i386/i386.opt
+@@ -1068,6 +1068,10 @@ Enum(indirect_branch) String(thunk-inlin
+ EnumValue
+ Enum(indirect_branch) String(thunk-extern) Value(indirect_branch_thunk_extern)
+ 
++mindirect-branch-cs-prefix
++Target Var(ix86_indirect_branch_cs_prefix) Init(0)
++Add CS prefix to call and jmp to indirect thunk with branch target in r8-r15 registers.
++
+ mindirect-branch-register
+ Target Report Var(ix86_indirect_branch_register) Init(0)
+ Force indirect call and jump via register.
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-1.c
+@@ -0,0 +1,14 @@
++/* { dg-do compile { target { ! ia32 } } } */
++/* { dg-options "-O2 -ffixed-rax -ffixed-rbx -ffixed-rcx -ffixed-rdx -ffixed-rdi -ffixed-rsi -mindirect-branch-cs-prefix -mindirect-branch=thunk-extern" } */
++/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
++
++extern void (*fptr) (void);
++
++void
++foo (void)
++{
++  fptr ();
++}
++
++/* { dg-final { scan-assembler-times "jmp\[ \t\]+_?__x86_indirect_thunk_r\[0-9\]+" 1 } } */
++/* { dg-final { scan-assembler-times "\tcs" 1 } } */
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/indirect-thunk-cs-prefix-2.c
+@@ -0,0 +1,15 @@
++/* { dg-do compile { target { ! ia32 } } } */
++/* { dg-options "-O2 -ffixed-rax -ffixed-rbx -ffixed-rcx -ffixed-rdx -ffixed-rdi -ffixed-rsi -mindirect-branch-cs-prefix -mindirect-branch=thunk-extern" } */
++/* { dg-additional-options "-fno-pic" { target { ! *-*-darwin* } } } */
++
++extern void (*bar) (void);
++
++int
++foo (void)
++{
++  bar ();
++  return 0;
++}
++
++/* { dg-final { scan-assembler-times "call\[ \t\]+_?__x86_indirect_thunk_r\[0-9\]+" 1 } } */
++/* { dg-final { scan-assembler-times "\tcs" 1 } } */
diff -Nru gcc-10-10.2.1/debian/patches/x86-generate-int3-for-__builtin_eh_return.diff gcc-10-10.2.1/debian/patches/x86-generate-int3-for-__builtin_eh_return.diff
--- gcc-10-10.2.1/debian/patches/x86-generate-int3-for-__builtin_eh_return.diff	1970-01-01 01:00:00.000000000 +0100
+++ gcc-10-10.2.1/debian/patches/x86-generate-int3-for-__builtin_eh_return.diff	2022-07-11 15:02:37.000000000 +0200
@@ -0,0 +1,67 @@
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Wed, 5 Jan 2022 18:04:21 -0800
+Subject: [PATCH 1/1] x86: Generate INT3 for __builtin_eh_return
+Origin: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=978956485a663493130b02f787095095d163290e
+
+Generate INT3 after indirect jmp in exception return for -fcf-protection
+with -mharden-sls=indirect-jmp.
+
+gcc/
+
+	PR target/103925
+	* config/i386/i386.c (ix86_output_indirect_function_return):
+	Generate INT3 after indirect jmp for -mharden-sls=indirect-jmp.
+
+gcc/testsuite/
+
+	PR target/103925
+	* gcc.target/i386/harden-sls-6.c: New test.
+
+(cherry picked from commit c2e5c4feed32c808591b5278f680bbabe63eb225)
+---
+ gcc/config/i386/i386.c                       |  9 ++++++---
+ gcc/testsuite/gcc.target/i386/harden-sls-6.c | 18 ++++++++++++++++++
+ 2 files changed, 24 insertions(+), 3 deletions(-)
+ create mode 100644 gcc/testsuite/gcc.target/i386/harden-sls-6.c
+
+--- a/src/gcc/config/i386/i386.c
++++ b/src/gcc/config/i386/i386.c
+@@ -15765,11 +15765,14 @@ ix86_output_indirect_function_return (rt
+ 	}
+       else
+ 	output_indirect_thunk (regno);
+-
+-      return "";
+     }
+   else
+-    return "%!jmp\t%A0";
++    {
++      output_asm_insn ("%!jmp\t%A0", &ret_op);
++      if (ix86_harden_sls & harden_sls_indirect_jmp)
++	fputs ("\tint3\n", asm_out_file);
++    }
++  return "";
+ }
+ 
+ /* Output the assembly for a call instruction.  */
+--- /dev/null
++++ b/src/gcc/testsuite/gcc.target/i386/harden-sls-6.c
+@@ -0,0 +1,18 @@
++/* { dg-do compile { target { ! ia32 } } } */
++/* { dg-options "-O2 -fcf-protection -mharden-sls=indirect-jmp" } */
++
++struct _Unwind_Context _Unwind_Resume_or_Rethrow_this_context;
++
++void offset (int);
++
++struct _Unwind_Context {
++  void *reg[7];
++} _Unwind_Resume_or_Rethrow() {
++  struct _Unwind_Context cur_contextcur_context =
++      _Unwind_Resume_or_Rethrow_this_context;
++  offset(0);
++  __builtin_eh_return ((long) offset, 0);
++}
++
++/* { dg-final { scan-assembler "jmp\[ \t\]+\\*%rcx" } } */
++/* { dg-final { scan-assembler-times "int3" 1 } } */
diff -Nru gcc-10-10.2.1/debian/patches/x86-remove-before-ret.diff gcc-10-10.2.1/debian/patches/x86-remove-before-ret.diff
--- gcc-10-10.2.1/debian/patches/x86-remove-before-ret.diff	1970-01-01 01:00:00.000000000 +0100
+++ gcc-10-10.2.1/debian/patches/x86-remove-before-ret.diff	2022-07-11 15:02:37.000000000 +0200
@@ -0,0 +1,65 @@
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Wed, 17 Nov 2021 11:41:12 -0800
+Subject: [PATCH] x86: Remove "%!" before ret
+Origin: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=c604b03126722b419073a97e97ed844677058714
+
+Before MPX was removed, "%!" was mapped to
+
+        case '!':
+          if (ix86_bnd_prefixed_insn_p (current_output_insn))
+            fputs ("bnd ", file);
+          return;
+
+After CET was added and MPX was removed, "%!" was mapped to
+
+       case '!':
+          if (ix86_notrack_prefixed_insn_p (current_output_insn))
+            fputs ("notrack ", file);
+          return;
+
+ix86_notrack_prefixed_insn_p always returns false on ret since the
+notrack prefix is only for indirect branches.  Remove the unused "%!"
+before ret.
+
+	PR target/103307
+	* config/i386/i386.c (ix86_code_end): Remove "%!" before ret.
+	(ix86_output_function_return): Likewise.
+	* config/i386/i386.md (simple_return_pop_internal): Likewise.
+
+(cherry picked from commit 8e410de43ce039bbe08f1e0195e3b6ec24f68cae)
+---
+ gcc/config/i386/i386.c  | 4 ++--
+ gcc/config/i386/i386.md | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/src/gcc/config/i386/i386.c
++++ b/src/gcc/config/i386/i386.c
+@@ -5680,7 +5680,7 @@ ix86_code_end (void)
+       xops[0] = gen_rtx_REG (Pmode, regno);
+       xops[1] = gen_rtx_MEM (Pmode, stack_pointer_rtx);
+       output_asm_insn ("mov%z0\t{%1, %0|%0, %1}", xops);
+-      output_asm_insn ("%!ret", NULL);
++      fputs ("\tret\n", asm_out_file);
+       final_end_function ();
+       init_insn_lengths ();
+       free_after_compilation (cfun);
+@@ -15720,7 +15720,7 @@ ix86_output_function_return (bool long_p
+     }
+ 
+   if (!long_p)
+-    return "%!ret";
++    return "ret";
+ 
+   return "rep%; ret";
+ }
+--- a/src/gcc/config/i386/i386.md
++++ b/src/gcc/config/i386/i386.md
+@@ -13363,7 +13363,7 @@
+   [(simple_return)
+    (use (match_operand:SI 0 "const_int_operand"))]
+   "reload_completed"
+-  "%!ret\t%0"
++  "ret\t%0"
+   "&& cfun->machine->function_return_type != indirect_branch_keep"
+   [(const_int 0)]
+   "ix86_split_simple_return_pop_internal (operands[0]); DONE;"
diff -Nru gcc-10-10.2.1/debian/patches/x86-rename-harden-sls-indirect-branch-to--harden-sls-indirect-jmp.diff gcc-10-10.2.1/debian/patches/x86-rename-harden-sls-indirect-branch-to--harden-sls-indirect-jmp.diff
--- gcc-10-10.2.1/debian/patches/x86-rename-harden-sls-indirect-branch-to--harden-sls-indirect-jmp.diff	1970-01-01 01:00:00.000000000 +0100
+++ gcc-10-10.2.1/debian/patches/x86-rename-harden-sls-indirect-branch-to--harden-sls-indirect-jmp.diff	2022-07-11 15:02:37.000000000 +0200
@@ -0,0 +1,86 @@
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Wed, 5 Jan 2022 16:33:16 -0800
+Subject: [PATCH 1/1] x86: Rename -harden-sls=indirect-branch to
+ -harden-sls=indirect-jmp
+Origin: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=58a4e292e8507a2968bfd2b10631ba95d5440c97
+
+Indirect branch also includes indirect call instructions.  Rename
+-harden-sls=indirect-branch to -harden-sls=indirect-jmp to match its
+intended behavior.
+
+	PR target/102952
+	* config/i386/i386-opts.h (harden_sls): Replace
+	harden_sls_indirect_branch with harden_sls_indirect_jmp.
+	* config/i386/i386.c (ix86_output_jmp_thunk_or_indirect):
+	Likewise.
+	(ix86_output_indirect_jmp): Likewise.
+	(ix86_output_call_insn): Likewise.
+	* config/i386/i386.opt: Replace indirect-branch with
+	indirect-jmp.  Replace harden_sls_indirect_branch with
+	harden_sls_indirect_jmp.
+	* doc/invoke.texi (-harden-sls=): Replace indirect-branch with
+	indirect-jmp.
+
+(cherry picked from commit ed8060950c64f2e449aaf90e438aa26d0d9d0b31)
+[benh: Drop changes in gcc/doc/invoke.texi, which is not included in
+ the Debian package]
+---
+ gcc/config/i386/i386-opts.h | 4 ++--
+ gcc/config/i386/i386.c      | 6 +++---
+ gcc/config/i386/i386.opt    | 2 +-
+ gcc/doc/invoke.texi         | 4 ++--
+ 4 files changed, 8 insertions(+), 8 deletions(-)
+
+--- a/src/gcc/config/i386/i386-opts.h
++++ b/src/gcc/config/i386/i386-opts.h
+@@ -128,8 +128,8 @@ enum instrument_return {
+ enum harden_sls {
+   harden_sls_none = 0,
+   harden_sls_return = 1 << 0,
+-  harden_sls_indirect_branch = 1 << 1,
+-  harden_sls_all = harden_sls_return | harden_sls_indirect_branch
++  harden_sls_indirect_jmp = 1 << 1,
++  harden_sls_all = harden_sls_return | harden_sls_indirect_jmp
+ };
+ 
+ #endif
+--- a/src/gcc/config/i386/i386.c
++++ b/src/gcc/config/i386/i386.c
+@@ -15431,7 +15431,7 @@ ix86_output_jmp_thunk_or_indirect (const
+       fprintf (asm_out_file, "\tjmp\t");
+       assemble_name (asm_out_file, thunk_name);
+       putc ('\n', asm_out_file);
+-      if ((ix86_harden_sls & harden_sls_indirect_branch))
++      if ((ix86_harden_sls & harden_sls_indirect_jmp))
+ 	fputs ("\tint3\n", asm_out_file);
+     }
+   else
+@@ -15661,7 +15661,7 @@ ix86_output_indirect_jmp (rtx call_op)
+     }
+   else
+     output_asm_insn ("%!jmp\t%A0", &call_op);
+-  return (ix86_harden_sls & harden_sls_indirect_branch) ? "int3" : "";
++  return (ix86_harden_sls & harden_sls_indirect_jmp) ? "int3" : "";
+ }
+ 
+ /* Output return instrumentation for current function if needed.  */
+@@ -15828,7 +15828,7 @@ ix86_output_call_insn (rtx_insn *insn, r
+ 	{
+ 	  output_asm_insn (xasm, &call_op);
+ 	  if (!direct_p
+-	      && (ix86_harden_sls & harden_sls_indirect_branch))
++	      && (ix86_harden_sls & harden_sls_indirect_jmp))
+ 	    return "int3";
+ 	}
+       return "";
+--- a/src/gcc/config/i386/i386.opt
++++ b/src/gcc/config/i386/i386.opt
+@@ -1128,7 +1128,7 @@ EnumValue
+ Enum(harden_sls) String(return) Value(harden_sls_return)
+ 
+ EnumValue
+-Enum(harden_sls) String(indirect-branch) Value(harden_sls_indirect_branch)
++Enum(harden_sls) String(indirect-jmp) Value(harden_sls_indirect_jmp)
+ 
+ EnumValue
+ Enum(harden_sls) String(all) Value(harden_sls_all)
diff -Nru gcc-10-10.2.1/debian/rules.patch gcc-10-10.2.1/debian/rules.patch
--- gcc-10-10.2.1/debian/rules.patch	2021-01-10 12:35:39.000000000 +0100
+++ gcc-10-10.2.1/debian/rules.patch	2022-07-11 15:02:18.000000000 +0200
@@ -124,6 +124,15 @@
   debian_patches += pr39491
 endif
 
+ifneq (,$(findstring gcc-10, $(PKGSOURCE)))
+  debian_patches += \
+	x86-remove-before-ret \
+	x86-add-mharden-sls-none-all-return-indirect-branch \
+	x86-add-mindirect-branch-cs-prefix \
+	x86-rename-harden-sls-indirect-branch-to--harden-sls-indirect-jmp \
+	x86-generate-int3-for-__builtin_eh_return
+endif
+
 # Patches for non-core languages.
 
 debian_patches += gm2 gm2-texinfo gm2-bootstrap-compare

--- End Message ---
--- Begin Message --- 
Source: gcc-10
Source-Version: 10.4.0-2
Done: Matthias Klose <doko@debian.org>

We believe that the bug you reported is fixed in the latest version of
gcc-10, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1014851@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated gcc-10 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 18 Jul 2022 09:33:00 +0200
Source: gcc-10
Architecture: source
Version: 10.4.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian GCC Maintainers <debian-gcc@lists.debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Closes: 1014851
Changes:
 gcc-10 (10.4.0-2) unstable; urgency=medium
 .
   * Update to git 20220718 from the gcc-10 branch.
     - Fix PR tree-optimization/105860, PR d/106139, PR fortran/104313,
       PR fortran/103137, PR fortran/103138, PR fortran/103693,
       PR fortran/105243, PR fortran/106121, PR fortran/105954,
       PR fortran/105691, PR fortran/105813.
   * Backport PR target/102952, support for -mharden-sls and
     -mindirect-branch-cs-prefix for x86, suggested by Ben Hutchings.
     Closes: #1014851.
Checksums-Sha1:
 aa837bbf435f63c817e3280136ee14e210538678 21835 gcc-10_10.4.0-2.dsc
 73b1d1d67bc2a37cdfad7620333465a38587851b 592608 gcc-10_10.4.0-2.debian.tar.xz
 7e6e8858e00f5c6d87f3abb2a2a067fcaae2af56 9011 gcc-10_10.4.0-2_source.buildinfo
Checksums-Sha256:
 9f8089dfdeb178324e257929aada3056f6ee79b31c4de4561620ea7f8bfcbefd 21835 gcc-10_10.4.0-2.dsc
 0a4abf5795c58c2abc9c6ca2679045693d84d4fc03e03d9dd81562cb3a42c8d6 592608 gcc-10_10.4.0-2.debian.tar.xz
 bb0f6a9fa26b21debe3a0621c5880dcc6c62297dd6943ff87001b8740c0f1ae4 9011 gcc-10_10.4.0-2_source.buildinfo
Files:
 11fe8bcc8ed7705692414e2f61e4e231 21835 devel optional gcc-10_10.4.0-2.dsc
 56bc7c7250e3ae62494648a7a7be0d7d 592608 devel optional gcc-10_10.4.0-2.debian.tar.xz
 73fed226aa1bc7e76b9ed7691c7c7aac 9011 devel optional gcc-10_10.4.0-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAmLVYLsQHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9Z0sD/4yjZqKS/e3zaymly6tJ3BE8ghJa8U9I5SD
fpsNhdzJ3C9sHDQy6+MQPR4txNuUpkkBFI6QkliO05JP9aNcVjXT6Jbh4vUqHIM6
9uYX1eS1vG/fN/c9u1Ec2yspxVxfTgxdV4bxK2UcQSDqBmlCjIS5wPrRjGm0GxWy
I/yVmxl74LC1jguejtMaYmkWqFmcgbZe8ItwuFe12Xm7atUJUnK66MrHC0lcbLNK
BvzFeMYUdvnQJwNVQaKqpQMMppHdgfzlnr4bxLqyFWnPJx9VqlcE2nw2S68jFcQN
6UVPCCkzzucrKNhyjJW/ASKxeUv9nbIjgUERhMsX+9hZm4ShF9nDFl6yZEmixyqf
OqLo+D0FxcHZQ1Cakpl7Jjl0n1tMYy+KzsxxU2At78XtIxXxeXwF8LfKNAR3x48k
aIUv3Uak34g8/wRy/ifDg4bQm83O3JEQBb4yN4/qBfM70pwnVFgGkV+3Jclk5xq7
/HoNUT3aTkGhHHpbDW5MB3XzOuwd+R9rouJaetQzdpONnpszaM9FldBUCKOJkhFk
cM1l8QJHqwc/vD6TeJEN3s8EsXyPzTjObXCrpsH3zIPOQHMNLp3W1lbIPlQw/rKU
s4VFEXhKXl8JUS4l58QeLomXUb17IAM0Bm4siGfY0YasklmAig84Sn/y7++00M26
SwZV55T1DA==
=bS1R
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: