libphobos: libdruntime doesn't support shadow stack (PR95680)

The first implementation hit a front-end implementation bug where
version conditions are resolved ahead of static if confitions.

The logic for whether to use asm implemented fiber_switchContext or
libc's swapcontext has been moved from GNU_Enable_CET to version CET.

libphobos/ChangeLog:

	PR d/95680
	PR d/97007
	* Makefile.am (AM_MAKEFLAGS): Remove $(CET_FLAGS).
	* Makefile.in: Regenerate.
	* configure: Regenerate.
	* configure.ac (DCFG_ENABLE_CET): Remove substitution.
	(CET_DFLAGS): Substitute.
	* libdruntime/Makefile.am (AM_DFLAGS): Add $(CET_DFLAGS).
	(AM_CFLAGS): Add $(CET_FLAGS).
	(AM_CCASFLAGS): Likewise.
	* libdruntime/Makefile.in: Regenerate.
	* libdruntime/core/thread.d: Replace static if GNU_Enable_CET
	condition with `version (CET)'.
	* libdruntime/gcc/config.d.in (GNU_Enable_CET): Remove.
	* src/Makefile.am (AM_DFLAGS): Add $(CET_DFLAGS).
	(AM_CFLAGS): Add $(CET_FLAGS).
	* src/Makefile.in: Regenerate.
	* testsuite/Makefile.in: Regenerate.
	* testsuite/testsuite_flags.in: Add $(CET_DFLAGS) to --gdcflags.
This commit is contained in:
Iain Buclaw 2020-09-10 01:30:20 +02:00
parent ead85749b0
commit 0ed757604f
12 changed files with 66 additions and 55 deletions

View File

@ -33,14 +33,14 @@ AM_MAKEFLAGS = \
"AR_FLAGS=$(AR_FLAGS)" \
"CC_FOR_BUILD=$(CC_FOR_BUILD)" \
"CC_FOR_TARGET=$(CC_FOR_TARGET)" \
"CCASFLAGS=$(CCASFLAGS) $(CET_FLAGS)" \
"CFLAGS=$(CFLAGS) $(CET_FLAGS)" \
"CXXFLAGS=$(CXXFLAGS) $(CET_FLAGS)" \
"CCASFLAGS=$(CCASFLAGS)" \
"CFLAGS=$(CFLAGS)" \
"CXXFLAGS=$(CXXFLAGS)" \
"CFLAGS_FOR_BUILD=$(CFLAGS_FOR_BUILD)" \
"CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET) $(CET_FLAGS)" \
"CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET)" \
"GDC_FOR_TARGET=$(GDC_FOR_TARGET)" \
"GDC=$(GDC)" \
"GDCFLAGS=$(GDCFLAGS) $(CET_FLAGS)" \
"GDCFLAGS=$(GDCFLAGS)" \
"INSTALL=$(INSTALL)" \
"INSTALL_DATA=$(INSTALL_DATA)" \
"INSTALL_PROGRAM=$(INSTALL_PROGRAM)" \

View File

@ -207,6 +207,7 @@ CC = @CC@
CCAS = @CCAS@
CCASFLAGS = @CCASFLAGS@
CC_FOR_BUILD = @CC_FOR_BUILD@
CET_DFLAGS = @CET_DFLAGS@
CET_FLAGS = @CET_FLAGS@
CFLAGS = @CFLAGS@
CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@
@ -216,7 +217,6 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@
@ -355,14 +355,14 @@ AM_MAKEFLAGS = \
"AR_FLAGS=$(AR_FLAGS)" \
"CC_FOR_BUILD=$(CC_FOR_BUILD)" \
"CC_FOR_TARGET=$(CC_FOR_TARGET)" \
"CCASFLAGS=$(CCASFLAGS) $(CET_FLAGS)" \
"CFLAGS=$(CFLAGS) $(CET_FLAGS)" \
"CXXFLAGS=$(CXXFLAGS) $(CET_FLAGS)" \
"CCASFLAGS=$(CCASFLAGS)" \
"CFLAGS=$(CFLAGS)" \
"CXXFLAGS=$(CXXFLAGS)" \
"CFLAGS_FOR_BUILD=$(CFLAGS_FOR_BUILD)" \
"CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET) $(CET_FLAGS)" \
"CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET)" \
"GDC_FOR_TARGET=$(GDC_FOR_TARGET)" \
"GDC=$(GDC)" \
"GDCFLAGS=$(GDCFLAGS) $(CET_FLAGS)" \
"GDCFLAGS=$(GDCFLAGS)" \
"INSTALL=$(INSTALL)" \
"INSTALL_DATA=$(INSTALL_DATA)" \
"INSTALL_PROGRAM=$(INSTALL_PROGRAM)" \

15
libphobos/configure vendored
View File

@ -722,7 +722,7 @@ LIBTOOL
CFLAGS_FOR_BUILD
CC_FOR_BUILD
AR
DCFG_ENABLE_CET
CET_DFLAGS
CET_FLAGS
RANLIB
MAINT
@ -5651,12 +5651,11 @@ $as_echo "no" >&6; }
fi
if test x$enable_cet = xyes; then :
DCFG_ENABLE_CET=true
else
DCFG_ENABLE_CET=false
fi
# To ensure that runtime code for CET is compiled in, add in D version flags.
if test "$enable_cet" = yes; then
CET_DFLAGS="$CET_FLAGS -fversion=CET"
fi
# This should be inherited in the recursive make, but ensure it is defined.
test "$AR" || AR=ar
@ -11745,7 +11744,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
#line 11748 "configure"
#line 11747 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@ -11851,7 +11850,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
#line 11854 "configure"
#line 11853 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H

View File

@ -68,9 +68,11 @@ AC_PROG_MAKE_SET
# Add CET specific flags if CET is enabled
GCC_CET_FLAGS(CET_FLAGS)
AC_SUBST(CET_FLAGS)
AS_IF([test x$enable_cet = xyes],
[DCFG_ENABLE_CET=true], [DCFG_ENABLE_CET=false])
AC_SUBST(DCFG_ENABLE_CET)
# To ensure that runtime code for CET is compiled in, add in D version flags.
if test "$enable_cet" = yes; then
CET_DFLAGS="$CET_FLAGS -fversion=CET"
AC_SUBST(CET_DFLAGS)
fi
# This should be inherited in the recursive make, but ensure it is defined.
test "$AR" || AR=ar

View File

@ -24,7 +24,11 @@ D_EXTRA_DFLAGS=-nostdinc -I $(srcdir) -I .
# D flags for compilation
AM_DFLAGS= \
$(phobos_compiler_pic_flag) \
$(WARN_DFLAGS) $(CHECKING_DFLAGS)
$(WARN_DFLAGS) $(CHECKING_DFLAGS) $(CET_DFLAGS)
# Flags for other kinds of sources
AM_CFLAGS=$(CET_FLAGS)
AM_CCASFLAGS=$(CET_FLAGS)
# Install all D and DI files
ALL_DRUNTIME_INSTALL_DSOURCES = $(DRUNTIME_DSOURCES) \

View File

@ -567,6 +567,7 @@ CC = @CC@
CCAS = @CCAS@
CCASFLAGS = @CCASFLAGS@
CC_FOR_BUILD = @CC_FOR_BUILD@
CET_DFLAGS = @CET_DFLAGS@
CET_FLAGS = @CET_FLAGS@
CFLAGS = @CFLAGS@
CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@
@ -576,7 +577,6 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@
@ -719,9 +719,13 @@ D_EXTRA_DFLAGS = -nostdinc -I $(srcdir) -I .
# D flags for compilation
AM_DFLAGS = \
$(phobos_compiler_pic_flag) \
$(WARN_DFLAGS) $(CHECKING_DFLAGS)
$(WARN_DFLAGS) $(CHECKING_DFLAGS) $(CET_DFLAGS)
# Flags for other kinds of sources
AM_CFLAGS = $(CET_FLAGS)
AM_CCASFLAGS = $(CET_FLAGS)
# Install all D and DI files
ALL_DRUNTIME_INSTALL_DSOURCES = $(DRUNTIME_DSOURCES) \
$(DRUNTIME_DSOURCES_BIONIC) $(DRUNTIME_DSOURCES_DARWIN) \

View File

@ -3586,45 +3586,44 @@ private
}
else version (X86)
{
import gcc.config;
version = AlignFiberStackTo16Byte;
static if (!GNU_Enable_CET)
version (CET)
{
// fiber_switchContext does not support shadow stack from
// Intel CET. So use ucontext implementation.
}
else
{
version = AsmExternal;
version (MinGW)
{
version = GNU_AsmX86_Windows;
}
else version (Posix)
{
version = AsmX86_Posix;
}
}
}
else version (X86_64)
{
import gcc.config;
version = AlignFiberStackTo16Byte;
static if (!GNU_Enable_CET)
version (CET)
{
version (D_X32)
{
// let X32 be handled by ucontext swapcontext
}
else
{
version = AsmExternal;
// fiber_switchContext does not support shadow stack from
// Intel CET. So use ucontext implementation.
}
else version (D_X32)
{
// let X32 be handled by ucontext swapcontext
}
else
{
version = AsmExternal;
version (MinGW)
version = GNU_AsmX86_64_Windows;
else version (Posix)
version = AsmX86_64_Posix;
}
version (MinGW)
version = GNU_AsmX86_64_Windows;
else version (Posix)
version = AsmX86_64_Posix;
}
}
else version (PPC)

View File

@ -49,6 +49,3 @@ enum GNU_Have_LibAtomic = @DCFG_HAVE_LIBATOMIC@;
// Do we have qsort_r function
enum Have_Qsort_R = @DCFG_HAVE_QSORT_R@;
// Whether libphobos been configured with --enable-cet.
enum GNU_Enable_CET = @DCFG_ENABLE_CET@;

View File

@ -25,7 +25,10 @@ D_EXTRA_DFLAGS=-nostdinc -I $(srcdir) \
# D flags for compilation
AM_DFLAGS= \
$(phobos_compiler_pic_flag) \
$(WARN_DFLAGS) $(CHECKING_DFLAGS)
$(WARN_DFLAGS) $(CHECKING_DFLAGS) $(CET_DFLAGS)
# Flags for other kinds of sources
AM_CFLAGS=$(CET_FLAGS)
# Install all D files
ALL_PHOBOS_INSTALL_DSOURCES = $(PHOBOS_DSOURCES)

View File

@ -323,6 +323,7 @@ CC = @CC@
CCAS = @CCAS@
CCASFLAGS = @CCASFLAGS@
CC_FOR_BUILD = @CC_FOR_BUILD@
CET_DFLAGS = @CET_DFLAGS@
CET_FLAGS = @CET_FLAGS@
CFLAGS = @CFLAGS@
CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@
@ -332,7 +333,6 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@
@ -477,9 +477,12 @@ D_EXTRA_DFLAGS = -nostdinc -I $(srcdir) \
# D flags for compilation
AM_DFLAGS = \
$(phobos_compiler_pic_flag) \
$(WARN_DFLAGS) $(CHECKING_DFLAGS)
$(WARN_DFLAGS) $(CHECKING_DFLAGS) $(CET_DFLAGS)
# Flags for other kinds of sources
AM_CFLAGS = $(CET_FLAGS)
# Install all D files
ALL_PHOBOS_INSTALL_DSOURCES = $(PHOBOS_DSOURCES)

View File

@ -151,6 +151,7 @@ CC = @CC@
CCAS = @CCAS@
CCASFLAGS = @CCASFLAGS@
CC_FOR_BUILD = @CC_FOR_BUILD@
CET_DFLAGS = @CET_DFLAGS@
CET_FLAGS = @CET_FLAGS@
CFLAGS = @CFLAGS@
CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@
@ -160,7 +161,6 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@

View File

@ -28,7 +28,7 @@ case ${query} in
;;
--gdcflags)
GDCFLAGS_default="-fmessage-length=0 -fno-show-column"
GDCFLAGS_config="@WARN_DFLAGS@ @GDCFLAGS@ -fno-release -funittest"
GDCFLAGS_config="@WARN_DFLAGS@ @GDCFLAGS@ @CET_DFLAGS@ -fno-release -funittest"
echo ${GDCFLAGS_default} ${GDCFLAGS_config}
;;
--gdcpaths)