libphobos: libdruntime doesn't support shadow stack (PR95680)

Rather than implementing support within D runtime itself, use libc getcontext/swapcontext functions if CET is enabled. Removes whatever CET support was in the switchContext routine for x86 D runtime, along with setting version AsmExternal, so that the fallback ucontext_t implementation is used, which is capable of doing shadow stack handling. libphobos/ChangeLog: PR d/95680 * Makefile.in: Regenerate. * configure: Regenerate. * configure.ac (DCFG_ENABLE_CET): Substitute. * libdruntime/Makefile.in: Regenerate. * libdruntime/config/x86/switchcontext.S: Remove CET support code. * libdruntime/core/thread.d: Import gcc.config. Don't set version AsmExternal when GNU_Enable_CET is true. * libdruntime/gcc/config.d.in (GNU_Enable_CET): Define. * src/Makefile.in: Regenerate. * testsuite/Makefile.in: Regenerate.
2020-09-07 15:43:04 +02:00 · 2020-09-07 15:43:04 +02:00 · 285d81be97
parent cd2d3822ca
commit 285d81be97
9 changed files with 65 additions and 35 deletions
--- a/libphobos/Makefile.in
+++ b/libphobos/Makefile.in
@ -108,6 +108,8 @@ target_triplet = @target@
 subdir = .
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \
+	$(top_srcdir)/../config/cet.m4 \
+	$(top_srcdir)/../config/enable.m4 \
 	$(top_srcdir)/../config/lead-dot.m4 \
 	$(top_srcdir)/../config/multi.m4 \
 	$(top_srcdir)/../config/override.m4 \
@ -214,6 +216,7 @@ CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
 DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
+DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
 DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
 DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
 DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@
--- a/libphobos/configure
+++ b/libphobos/configure
@ -722,6 +722,7 @@ LIBTOOL
 CFLAGS_FOR_BUILD
 CC_FOR_BUILD
 AR
+DCFG_ENABLE_CET
 CET_FLAGS
 RANLIB
 MAINT
@ -5586,7 +5587,7 @@ case "$host" in
    case "$enable_cet" in
      auto)
 	# Check if target supports multi-byte NOPs
-	# and if assembler supports CET insn.
+	# and if compiler and assembler support CET insn.
 	cet_save_CFLAGS="$CFLAGS"
 	CFLAGS="$CFLAGS -fcf-protection"
 	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@ -5650,6 +5651,12 @@ $as_echo "no" >&6; }
 fi


+if test x$enable_cet = xyes; then :
+  DCFG_ENABLE_CET=true
+else
+  DCFG_ENABLE_CET=false
+fi
+

 # This should be inherited in the recursive make, but ensure it is defined.
 test "$AR" || AR=ar
@ -11738,7 +11745,7 @@ else
  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
  lt_status=$lt_dlunknown
  cat > conftest.$ac_ext <<_LT_EOF
-#line 11741 "configure"
+#line 11748 "configure"
 #include "confdefs.h"

 #if HAVE_DLFCN_H
@ -11844,7 +11851,7 @@ else
  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
  lt_status=$lt_dlunknown
  cat > conftest.$ac_ext <<_LT_EOF
-#line 11847 "configure"
+#line 11854 "configure"
 #include "confdefs.h"

 #if HAVE_DLFCN_H
--- a/libphobos/configure.ac
+++ b/libphobos/configure.ac
@ -68,6 +68,9 @@ AC_PROG_MAKE_SET
 # Add CET specific flags if CET is enabled
 GCC_CET_FLAGS(CET_FLAGS)
 AC_SUBST(CET_FLAGS)
+AS_IF([test x$enable_cet = xyes],
+  [DCFG_ENABLE_CET=true], [DCFG_ENABLE_CET=false])
+AC_SUBST(DCFG_ENABLE_CET)

 # This should be inherited in the recursive make, but ensure it is defined.
 test "$AR" || AR=ar
--- a/libphobos/libdruntime/Makefile.in
+++ b/libphobos/libdruntime/Makefile.in
@ -131,6 +131,8 @@ target_triplet = @target@
 subdir = libdruntime
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \
+	$(top_srcdir)/../config/cet.m4 \
+	$(top_srcdir)/../config/enable.m4 \
 	$(top_srcdir)/../config/lead-dot.m4 \
 	$(top_srcdir)/../config/multi.m4 \
 	$(top_srcdir)/../config/override.m4 \
@ -565,6 +567,7 @@ CC = @CC@
 CCAS = @CCAS@
 CCASFLAGS = @CCASFLAGS@
 CC_FOR_BUILD = @CC_FOR_BUILD@
+CET_FLAGS = @CET_FLAGS@
 CFLAGS = @CFLAGS@
 CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@
 CHECKING_DFLAGS = @CHECKING_DFLAGS@
@ -573,6 +576,7 @@ CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
 DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
+DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
 DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
 DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
 DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@
--- a/libphobos/libdruntime/config/x86/switchcontext.S
+++ b/libphobos/libdruntime/config/x86/switchcontext.S
@ -24,13 +24,7 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see

 #include "../common/threadasm.S"

-#ifdef __CET__
-# include <cet.h>
-#else
-# define _CET_ENDBR
-#endif
-
-#if defined(__i386__)
+#if defined(__i386__) && !defined(__CET__)

    .text
    .globl CSYM(fiber_switchContext)
@ -38,7 +32,6 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
    .align 16
 CSYM(fiber_switchContext):
    .cfi_startproc
-    _CET_ENDBR
    // save current stack state
    push %ebp
    mov  %esp, %ebp
@ -65,7 +58,7 @@ CSYM(fiber_switchContext):
    .cfi_endproc
    .size CSYM(fiber_switchContext),.-CSYM(fiber_switchContext)

-#elif defined(__x86_64__) && !defined(__ILP32__)
+#elif defined(__x86_64__) && !defined(__ILP32__) && !defined(__CET__)

    .text
    .globl CSYM(fiber_switchContext)
@ -73,7 +66,6 @@ CSYM(fiber_switchContext):
    .align 16
 CSYM(fiber_switchContext):
    .cfi_startproc
-    _CET_ENDBR
    // Save current stack state.save current stack state
    push %rbp
    mov  %rsp, %rbp
--- a/libphobos/libdruntime/core/thread.d
+++ b/libphobos/libdruntime/core/thread.d
@ -3586,35 +3586,45 @@ private
    }
    else version (X86)
    {
-        version = AsmExternal;
+        import gcc.config;

-        version (MinGW)
+        version = AlignFiberStackTo16Byte;
+
+        static if (!GNU_Enable_CET)
        {
-            version = GNU_AsmX86_Windows;
-            version = AlignFiberStackTo16Byte;
-        }
-        else version (Posix)
-        {
-            version = AsmX86_Posix;
-            version (OSX)
-                version = AlignFiberStackTo16Byte;
+            version = AsmExternal;
+
+            version (MinGW)
+            {
+                version = GNU_AsmX86_Windows;
+            }
+            else version (Posix)
+            {
+                version = AsmX86_Posix;
+            }
        }
    }
    else version (X86_64)
    {
-        version (D_X32)
-        {
-            // let X32 be handled by ucontext swapcontext
-        }
-        else
-        {
-            version = AsmExternal;
-            version = AlignFiberStackTo16Byte;
+        import gcc.config;

-            version (MinGW)
-                version = GNU_AsmX86_64_Windows;
-            else version (Posix)
-                version = AsmX86_64_Posix;
+        version = AlignFiberStackTo16Byte;
+
+        static if (!GNU_Enable_CET)
+        {
+            version (D_X32)
+            {
+                // let X32 be handled by ucontext swapcontext
+            }
+            else
+            {
+                version = AsmExternal;
+
+                version (MinGW)
+                    version = GNU_AsmX86_64_Windows;
+                else version (Posix)
+                    version = AsmX86_64_Posix;
+            }
        }
    }
    else version (PPC)
--- a/libphobos/libdruntime/gcc/config.d.in
+++ b/libphobos/libdruntime/gcc/config.d.in
@ -49,3 +49,6 @@ enum GNU_Have_LibAtomic = @DCFG_HAVE_LIBATOMIC@;

 // Do we have qsort_r function
 enum Have_Qsort_R = @DCFG_HAVE_QSORT_R@;
+
+// Whether libphobos been configured with --enable-cet.
+enum GNU_Enable_CET = @DCFG_ENABLE_CET@;
--- a/libphobos/src/Makefile.in
+++ b/libphobos/src/Makefile.in
@ -93,6 +93,8 @@ target_triplet = @target@
 subdir = src
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \
+	$(top_srcdir)/../config/cet.m4 \
+	$(top_srcdir)/../config/enable.m4 \
 	$(top_srcdir)/../config/lead-dot.m4 \
 	$(top_srcdir)/../config/multi.m4 \
 	$(top_srcdir)/../config/override.m4 \
@ -321,6 +323,7 @@ CC = @CC@
 CCAS = @CCAS@
 CCASFLAGS = @CCASFLAGS@
 CC_FOR_BUILD = @CC_FOR_BUILD@
+CET_FLAGS = @CET_FLAGS@
 CFLAGS = @CFLAGS@
 CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@
 CHECKING_DFLAGS = @CHECKING_DFLAGS@
@ -329,6 +332,7 @@ CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
 DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
+DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
 DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
 DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
 DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@
--- a/libphobos/testsuite/Makefile.in
+++ b/libphobos/testsuite/Makefile.in
@ -93,6 +93,8 @@ target_triplet = @target@
 subdir = testsuite
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \
+	$(top_srcdir)/../config/cet.m4 \
+	$(top_srcdir)/../config/enable.m4 \
 	$(top_srcdir)/../config/lead-dot.m4 \
 	$(top_srcdir)/../config/multi.m4 \
 	$(top_srcdir)/../config/override.m4 \
@ -149,6 +151,7 @@ CC = @CC@
 CCAS = @CCAS@
 CCASFLAGS = @CCASFLAGS@
 CC_FOR_BUILD = @CC_FOR_BUILD@
+CET_FLAGS = @CET_FLAGS@
 CFLAGS = @CFLAGS@
 CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@
 CHECKING_DFLAGS = @CHECKING_DFLAGS@
@ -157,6 +160,7 @@ CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
 DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
+DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
 DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
 DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
 DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@