From 285d81be9725acc36dc8eca48d4df506cd5e6f6f Mon Sep 17 00:00:00 2001 From: Iain Buclaw Date: Mon, 7 Sep 2020 15:43:04 +0200 Subject: [PATCH] libphobos: libdruntime doesn't support shadow stack (PR95680) Rather than implementing support within D runtime itself, use libc getcontext/swapcontext functions if CET is enabled. Removes whatever CET support was in the switchContext routine for x86 D runtime, along with setting version AsmExternal, so that the fallback ucontext_t implementation is used, which is capable of doing shadow stack handling. libphobos/ChangeLog: PR d/95680 * Makefile.in: Regenerate. * configure: Regenerate. * configure.ac (DCFG_ENABLE_CET): Substitute. * libdruntime/Makefile.in: Regenerate. * libdruntime/config/x86/switchcontext.S: Remove CET support code. * libdruntime/core/thread.d: Import gcc.config. Don't set version AsmExternal when GNU_Enable_CET is true. * libdruntime/gcc/config.d.in (GNU_Enable_CET): Define. * src/Makefile.in: Regenerate. * testsuite/Makefile.in: Regenerate. --- libphobos/Makefile.in | 3 ++ libphobos/configure | 13 +++-- libphobos/configure.ac | 3 ++ libphobos/libdruntime/Makefile.in | 4 ++ .../libdruntime/config/x86/switchcontext.S | 12 +---- libphobos/libdruntime/core/thread.d | 54 +++++++++++-------- libphobos/libdruntime/gcc/config.d.in | 3 ++ libphobos/src/Makefile.in | 4 ++ libphobos/testsuite/Makefile.in | 4 ++ 9 files changed, 65 insertions(+), 35 deletions(-) diff --git a/libphobos/Makefile.in b/libphobos/Makefile.in index 4806f69f406..f6cba17159f 100644 --- a/libphobos/Makefile.in +++ b/libphobos/Makefile.in @@ -108,6 +108,8 @@ target_triplet = @target@ subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \ + $(top_srcdir)/../config/cet.m4 \ + $(top_srcdir)/../config/enable.m4 \ $(top_srcdir)/../config/lead-dot.m4 \ $(top_srcdir)/../config/multi.m4 \ $(top_srcdir)/../config/override.m4 \ @@ -214,6 +216,7 @@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@ DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@ +DCFG_ENABLE_CET = @DCFG_ENABLE_CET@ DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@ DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@ DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@ diff --git a/libphobos/configure b/libphobos/configure index a8d151cdccb..86a0aba6976 100755 --- a/libphobos/configure +++ b/libphobos/configure @@ -722,6 +722,7 @@ LIBTOOL CFLAGS_FOR_BUILD CC_FOR_BUILD AR +DCFG_ENABLE_CET CET_FLAGS RANLIB MAINT @@ -5586,7 +5587,7 @@ case "$host" in case "$enable_cet" in auto) # Check if target supports multi-byte NOPs - # and if assembler supports CET insn. + # and if compiler and assembler support CET insn. cet_save_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -fcf-protection" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -5650,6 +5651,12 @@ $as_echo "no" >&6; } fi +if test x$enable_cet = xyes; then : + DCFG_ENABLE_CET=true +else + DCFG_ENABLE_CET=false +fi + # This should be inherited in the recursive make, but ensure it is defined. test "$AR" || AR=ar @@ -11738,7 +11745,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11741 "configure" +#line 11748 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11844,7 +11851,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11847 "configure" +#line 11854 "configure" #include "confdefs.h" #if HAVE_DLFCN_H diff --git a/libphobos/configure.ac b/libphobos/configure.ac index ec8a30ea511..97f96934aaf 100644 --- a/libphobos/configure.ac +++ b/libphobos/configure.ac @@ -68,6 +68,9 @@ AC_PROG_MAKE_SET # Add CET specific flags if CET is enabled GCC_CET_FLAGS(CET_FLAGS) AC_SUBST(CET_FLAGS) +AS_IF([test x$enable_cet = xyes], + [DCFG_ENABLE_CET=true], [DCFG_ENABLE_CET=false]) +AC_SUBST(DCFG_ENABLE_CET) # This should be inherited in the recursive make, but ensure it is defined. test "$AR" || AR=ar diff --git a/libphobos/libdruntime/Makefile.in b/libphobos/libdruntime/Makefile.in index 3fddbc340de..28b4333838f 100644 --- a/libphobos/libdruntime/Makefile.in +++ b/libphobos/libdruntime/Makefile.in @@ -131,6 +131,8 @@ target_triplet = @target@ subdir = libdruntime ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \ + $(top_srcdir)/../config/cet.m4 \ + $(top_srcdir)/../config/enable.m4 \ $(top_srcdir)/../config/lead-dot.m4 \ $(top_srcdir)/../config/multi.m4 \ $(top_srcdir)/../config/override.m4 \ @@ -565,6 +567,7 @@ CC = @CC@ CCAS = @CCAS@ CCASFLAGS = @CCASFLAGS@ CC_FOR_BUILD = @CC_FOR_BUILD@ +CET_FLAGS = @CET_FLAGS@ CFLAGS = @CFLAGS@ CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@ CHECKING_DFLAGS = @CHECKING_DFLAGS@ @@ -573,6 +576,7 @@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@ DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@ +DCFG_ENABLE_CET = @DCFG_ENABLE_CET@ DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@ DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@ DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@ diff --git a/libphobos/libdruntime/config/x86/switchcontext.S b/libphobos/libdruntime/config/x86/switchcontext.S index 35063af491c..85f2e00d186 100644 --- a/libphobos/libdruntime/config/x86/switchcontext.S +++ b/libphobos/libdruntime/config/x86/switchcontext.S @@ -24,13 +24,7 @@ see the files COPYING3 and COPYING.RUNTIME respectively. If not, see #include "../common/threadasm.S" -#ifdef __CET__ -# include -#else -# define _CET_ENDBR -#endif - -#if defined(__i386__) +#if defined(__i386__) && !defined(__CET__) .text .globl CSYM(fiber_switchContext) @@ -38,7 +32,6 @@ see the files COPYING3 and COPYING.RUNTIME respectively. If not, see .align 16 CSYM(fiber_switchContext): .cfi_startproc - _CET_ENDBR // save current stack state push %ebp mov %esp, %ebp @@ -65,7 +58,7 @@ CSYM(fiber_switchContext): .cfi_endproc .size CSYM(fiber_switchContext),.-CSYM(fiber_switchContext) -#elif defined(__x86_64__) && !defined(__ILP32__) +#elif defined(__x86_64__) && !defined(__ILP32__) && !defined(__CET__) .text .globl CSYM(fiber_switchContext) @@ -73,7 +66,6 @@ CSYM(fiber_switchContext): .align 16 CSYM(fiber_switchContext): .cfi_startproc - _CET_ENDBR // Save current stack state.save current stack state push %rbp mov %rsp, %rbp diff --git a/libphobos/libdruntime/core/thread.d b/libphobos/libdruntime/core/thread.d index e1a68057ca1..8f4603d3d2f 100644 --- a/libphobos/libdruntime/core/thread.d +++ b/libphobos/libdruntime/core/thread.d @@ -3586,35 +3586,45 @@ private } else version (X86) { - version = AsmExternal; + import gcc.config; - version (MinGW) + version = AlignFiberStackTo16Byte; + + static if (!GNU_Enable_CET) { - version = GNU_AsmX86_Windows; - version = AlignFiberStackTo16Byte; - } - else version (Posix) - { - version = AsmX86_Posix; - version (OSX) - version = AlignFiberStackTo16Byte; + version = AsmExternal; + + version (MinGW) + { + version = GNU_AsmX86_Windows; + } + else version (Posix) + { + version = AsmX86_Posix; + } } } else version (X86_64) { - version (D_X32) - { - // let X32 be handled by ucontext swapcontext - } - else - { - version = AsmExternal; - version = AlignFiberStackTo16Byte; + import gcc.config; - version (MinGW) - version = GNU_AsmX86_64_Windows; - else version (Posix) - version = AsmX86_64_Posix; + version = AlignFiberStackTo16Byte; + + static if (!GNU_Enable_CET) + { + version (D_X32) + { + // let X32 be handled by ucontext swapcontext + } + else + { + version = AsmExternal; + + version (MinGW) + version = GNU_AsmX86_64_Windows; + else version (Posix) + version = AsmX86_64_Posix; + } } } else version (PPC) diff --git a/libphobos/libdruntime/gcc/config.d.in b/libphobos/libdruntime/gcc/config.d.in index 6301aaff069..9ac7d055271 100644 --- a/libphobos/libdruntime/gcc/config.d.in +++ b/libphobos/libdruntime/gcc/config.d.in @@ -49,3 +49,6 @@ enum GNU_Have_LibAtomic = @DCFG_HAVE_LIBATOMIC@; // Do we have qsort_r function enum Have_Qsort_R = @DCFG_HAVE_QSORT_R@; + +// Whether libphobos been configured with --enable-cet. +enum GNU_Enable_CET = @DCFG_ENABLE_CET@; diff --git a/libphobos/src/Makefile.in b/libphobos/src/Makefile.in index 4b1ae863a3f..dc5f4f5ca57 100644 --- a/libphobos/src/Makefile.in +++ b/libphobos/src/Makefile.in @@ -93,6 +93,8 @@ target_triplet = @target@ subdir = src ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \ + $(top_srcdir)/../config/cet.m4 \ + $(top_srcdir)/../config/enable.m4 \ $(top_srcdir)/../config/lead-dot.m4 \ $(top_srcdir)/../config/multi.m4 \ $(top_srcdir)/../config/override.m4 \ @@ -321,6 +323,7 @@ CC = @CC@ CCAS = @CCAS@ CCASFLAGS = @CCASFLAGS@ CC_FOR_BUILD = @CC_FOR_BUILD@ +CET_FLAGS = @CET_FLAGS@ CFLAGS = @CFLAGS@ CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@ CHECKING_DFLAGS = @CHECKING_DFLAGS@ @@ -329,6 +332,7 @@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@ DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@ +DCFG_ENABLE_CET = @DCFG_ENABLE_CET@ DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@ DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@ DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@ diff --git a/libphobos/testsuite/Makefile.in b/libphobos/testsuite/Makefile.in index 66077fc19a9..5a4c0317509 100644 --- a/libphobos/testsuite/Makefile.in +++ b/libphobos/testsuite/Makefile.in @@ -93,6 +93,8 @@ target_triplet = @target@ subdir = testsuite ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \ + $(top_srcdir)/../config/cet.m4 \ + $(top_srcdir)/../config/enable.m4 \ $(top_srcdir)/../config/lead-dot.m4 \ $(top_srcdir)/../config/multi.m4 \ $(top_srcdir)/../config/override.m4 \ @@ -149,6 +151,7 @@ CC = @CC@ CCAS = @CCAS@ CCASFLAGS = @CCASFLAGS@ CC_FOR_BUILD = @CC_FOR_BUILD@ +CET_FLAGS = @CET_FLAGS@ CFLAGS = @CFLAGS@ CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@ CHECKING_DFLAGS = @CHECKING_DFLAGS@ @@ -157,6 +160,7 @@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@ DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@ +DCFG_ENABLE_CET = @DCFG_ENABLE_CET@ DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@ DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@ DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@