Re: [PATCH v2] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF

2023-04-19 Thread Brian Inglis via Cygwin-apps 

On 2023-04-18 10:47, Christoph Reiter wrote:

On Tue, Apr 18, 2023 at 9:44 AM Corinna Vinschen wrote:

Pash pushed.  I new rebase 4.6.3 release with your patch is just
building.


Extended DLL Characteristics was added for IBT/CET/CFI and AMD/Intel Shadow 
Stack support has been available since W10 [20]20H1/[20]2004 in a PE Debug 
Directory entry with Debug Type IMAGE_DEBUG_TYPE_EX_DLLCHARACTERISTICS (20.) 
with value IMAGE_DLLCHARACTERISTICS_EX_CET_COMPAT (1)


https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#extended-dll-characteristics

Are there any plans to support those debug directory entries and flags in 
genpeimg and/or peflags, and Windows shadow stack support in mingw64 and/or Cygwin?


The Linux implementation is discussed in https://lwn.net/Articles/883340/ as 
Intel architected the (soon former) Linux CoW PTE bit combo Write 0 Dirty 1 as 
Shadow Stack page flag, possibly anticipating that they could contribute kernel 
patches to work around this more quickly than has transpired.


I got interested in this as I plan to add Linux cpuinfo flag user_shstk, on 
recent CPUs and Windows releases with that support, to next Cygwin cpuinfo patch.


--
Take care. Thanks, Brian Inglis  Calgary, Alberta, Canada

La perfection est atteinte   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry

Re: [PATCH v2] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF

2023-04-18 Thread Christoph Reiter via Cygwin-apps 
On Tue, Apr 18, 2023 at 9:44 AM Corinna Vinschen
 wrote:
> Pash pushed.  I new rebase 4.6.3 release with your patch is just
> building.

Thanks!

Re: [PATCH v2] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF

2023-04-18 Thread Corinna Vinschen via Cygwin-apps 
Hi Christoph,

On Apr 17 20:40, Christoph Reiter via Cygwin-apps wrote:
> This allows for setting, clearing, and displaying the value of the
> "control flow guard" dll characteristics flag.
> 
> The flag for MSVC is called "/guard:cf" and the macro ends with "GUARD_CF".
> To keep things consistent, it would make sense to name the option "guard-cf".
> However, there's already "-c"/"control-flow-guard" in genpeimg for this flag,
> and genpeimg shares all other options with peflags so far.
> So, follow genpeimg and go with "-c" and "--control-flow-guard".
> 
> This is motivated by mingw-w64 and llvm v16 gaining support for
> CFG (Control Flow Guard).
> ---
> Renamed the option from -g/--guard-cf to -c/--control-flow-guard
> 
>  peflags.c | 12 ++--
>  1 file changed, 10 insertions(+), 2 deletions(-)

Pash pushed.  I new rebase 4.6.3 release with your patch is just
building.


Thanks,
Corinna

[PATCH v2] peflags: add support for IMAGE_DLLCHARACTERISTICS_GUARD_CF

2023-04-17 Thread Christoph Reiter via Cygwin-apps 
This allows for setting, clearing, and displaying the value of the
"control flow guard" dll characteristics flag.

The flag for MSVC is called "/guard:cf" and the macro ends with "GUARD_CF".
To keep things consistent, it would make sense to name the option "guard-cf".
However, there's already "-c"/"control-flow-guard" in genpeimg for this flag,
and genpeimg shares all other options with peflags so far.
So, follow genpeimg and go with "-c" and "--control-flow-guard".

This is motivated by mingw-w64 and llvm v16 gaining support for
CFG (Control Flow Guard).
---
Renamed the option from -g/--guard-cf to -c/--control-flow-guard

 peflags.c | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/peflags.c b/peflags.c
index b1cd7a8..93eaa0b 100644
--- a/peflags.c
+++ b/peflags.c
@@ -121,7 +121,7 @@ static const symbolic_flags_t pe_symbolic_flags[] = {
   CF(0x0800, no-bind),
 /*CF(0x1000, reserved_0x1000),*/
   CF(0x2000, wdmdriver),
-/*CF(0x4000, reserved_0x4000),*/
+  CF(0x4000, control-flow-guard),
   CF(0x8000, tsaware),
   {0, 0, 0}
 };
@@ -182,6 +182,7 @@ sizeof_values_t sizeof_vals[5] = {
 static struct option long_options[] = {
   {"dynamicbase",  optional_argument, NULL, 'd'},
   {"high-entropy-va", optional_argument, NULL, 'e'},
+  {"control-flow-guard", optional_argument, NULL, 'c'},
   {"forceinteg",   optional_argument, NULL, 'f'},
   {"nxcompat", optional_argument, NULL, 'n'},
   {"no-isolation", optional_argument, NULL, 'i'},
@@ -204,7 +205,7 @@ static struct option long_options[] = {
   {NULL, no_argument, NULL, 0}
 };
 static const char *short_options
-   = "d::e::f::n::i::s::b::W::t::w::l::S::x::X::y::Y::z::T:vhV";
+   = "d::e::c::f::n::i::s::b::W::t::w::l::S::x::X::y::Y::z::T:vhV";
 
 static void short_usage (FILE *f);
 static void help (FILE *f);
@@ -706,6 +707,11 @@ parse_args (int argc, char *argv[])
 optarg,
 IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA);
  break;
+   case 'c':
+ handle_pe_flag_option (long_options[option_index].name,
+optarg,
+IMAGE_DLLCHARACTERISTICS_GUARD_CF);
+ break;
case 'n':
  handle_pe_flag_option (long_options[option_index].name,
 optarg,
@@ -1079,6 +1085,8 @@ help (FILE *f)
 "  -e,\n"
 "  --high-entropy-va  [BOOL]   Image is compatible with 64-bit address space\n"
 "  layout randomization (ASLR).\n"
+"  -c,\n"
+"  --control-flow-guard [BOOL] Image supports Control Flow Guard.\n"
 "  -f, --forceinteg   [BOOL]   Code integrity checks are enforced.\n"
 "  -n, --nxcompat [BOOL]   Image is compatible with data execution\n"
 "  prevention (DEP).\n"
-- 
2.40.0