Re: [PATCH] libphobos: libdruntime doesn't support shadow stack (PR95680)
On Mon, Sep 7, 2020 at 2:35 PM Iain Buclaw wrote: > > Hi, > > This patch removes whatever CET support was in the switchContext routine > for x86 D runtime, and instead uses the ucontext fallback, which propely > handles shadow stack handling. > > Rather than implementing support within D runtime itself, use libc > getcontext/setcontext functions if CET is enabled instead. > > HJ, does this look reasonable before I commit it? The detection has > been done at configure-time, rather than adding a predefined version > condition for CET within the compiler. > > Done regression testing on x86_64-linux-gnu/-m32/-mx32. > > Regards > Iain. > > --- > libphobos/ChangeLog: > > PR d/95680 > * Makefile.in: Regenerate. > * configure: Regenerate. > * configure.ac (DCFG_ENABLE_CET): Substitute. > * libdruntime/Makefile.in: Regenerate. > * libdruntime/config/x86/switchcontext.S: Remove CET support code. > * libdruntime/core/thread.d: Import gcc.config. Don't set version > AsmExternal when GNU_Enable_CET is true. > * libdruntime/gcc/config.d.in (GNU_Enable_CET): Define. > * src/Makefile.in: Regenerate. > * testsuite/Makefile.in: Regenerate. Looks good. I can try it on Tiger Lake after it has been checked in. Thanks. -- H.J.
Re: [PATCH] libphobos: libdruntime doesn't support shadow stack (PR95680)
Excerpts from H.J. Lu's message of September 8, 2020 4:09 am: > On Mon, Sep 7, 2020 at 2:35 PM Iain Buclaw wrote: >> >> Hi, >> >> This patch removes whatever CET support was in the switchContext routine >> for x86 D runtime, and instead uses the ucontext fallback, which propely >> handles shadow stack handling. >> >> Rather than implementing support within D runtime itself, use libc >> getcontext/setcontext functions if CET is enabled instead. >> >> HJ, does this look reasonable before I commit it? The detection has >> been done at configure-time, rather than adding a predefined version >> condition for CET within the compiler. >> >> Done regression testing on x86_64-linux-gnu/-m32/-mx32. >> >> Regards >> Iain. >> >> --- >> libphobos/ChangeLog: >> >> PR d/95680 >> * Makefile.in: Regenerate. >> * configure: Regenerate. >> * configure.ac (DCFG_ENABLE_CET): Substitute. >> * libdruntime/Makefile.in: Regenerate. >> * libdruntime/config/x86/switchcontext.S: Remove CET support code. >> * libdruntime/core/thread.d: Import gcc.config. Don't set version >> AsmExternal when GNU_Enable_CET is true. >> * libdruntime/gcc/config.d.in (GNU_Enable_CET): Define. >> * src/Makefile.in: Regenerate. >> * testsuite/Makefile.in: Regenerate. > > Looks good. I can try it on Tiger Lake after it has been checked in. > OK, I have committed it as r11-3047. Iain.
Re: [PATCH] libphobos: libdruntime doesn't support shadow stack (PR95680)
Hi Iain, >>> --- >>> libphobos/ChangeLog: >>> >>> PR d/95680 >>> * Makefile.in: Regenerate. >>> * configure: Regenerate. >>> * configure.ac (DCFG_ENABLE_CET): Substitute. >>> * libdruntime/Makefile.in: Regenerate. >>> * libdruntime/config/x86/switchcontext.S: Remove CET support code. >>> * libdruntime/core/thread.d: Import gcc.config. Don't set version >>> AsmExternal when GNU_Enable_CET is true. >>> * libdruntime/gcc/config.d.in (GNU_Enable_CET): Define. >>> * src/Makefile.in: Regenerate. >>> * testsuite/Makefile.in: Regenerate. >> >> Looks good. I can try it on Tiger Lake after it has been checked in. >> > > OK, I have committed it as r11-3047. this patch broke Solaris/x86 bootstrap: /vol/gcc/src/hg/master/local/libphobos/libdruntime/core/thread.d:3595:23: error: version AsmExternal defined after use 3595 | version = AsmExternal; | ^ /vol/gcc/src/hg/master/local/libphobos/libdruntime/core/thread.d:3603:27: error: version AsmX86_Posix defined after use 3603 | version = AsmX86_Posix; | ^ and similarly for the 64-bit version. libdruntime/gcc/config.d has // Whether libphobos been configured with --enable-cet. enum GNU_Enable_CET = false; Rainer -- - Rainer Orth, Center for Biotechnology, Bielefeld University
Re: [PATCH] libphobos: libdruntime doesn't support shadow stack (PR95680)
Excerpts from Rainer Orth's message of September 8, 2020 11:34 pm: > Hi Iain, > --- libphobos/ChangeLog: PR d/95680 * Makefile.in: Regenerate. * configure: Regenerate. * configure.ac (DCFG_ENABLE_CET): Substitute. * libdruntime/Makefile.in: Regenerate. * libdruntime/config/x86/switchcontext.S: Remove CET support code. * libdruntime/core/thread.d: Import gcc.config. Don't set version AsmExternal when GNU_Enable_CET is true. * libdruntime/gcc/config.d.in (GNU_Enable_CET): Define. * src/Makefile.in: Regenerate. * testsuite/Makefile.in: Regenerate. >>> >>> Looks good. I can try it on Tiger Lake after it has been checked in. >>> >> >> OK, I have committed it as r11-3047. > > this patch broke Solaris/x86 bootstrap: > > /vol/gcc/src/hg/master/local/libphobos/libdruntime/core/thread.d:3595:23: > error: version AsmExternal defined after use > 3595 | version = AsmExternal; > | ^ > /vol/gcc/src/hg/master/local/libphobos/libdruntime/core/thread.d:3603:27: > error: version AsmX86_Posix defined after use > 3603 | version = AsmX86_Posix; > | ^ > > and similarly for the 64-bit version. libdruntime/gcc/config.d has > > // Whether libphobos been configured with --enable-cet. > enum GNU_Enable_CET = false; > > Rainer > Looks like I can only use version conditions, or static if conditions. Not both at the same time. Found a related bug in upstream dmd https://issues.dlang.org/show_bug.cgi?id=7386 Fixing the front-end here will not be possible without some pervasive changes in how symbol resolving is handled. Which is a shame. I'm just testing passing -fversion=CET during compilation. Iain. --- diff --git a/libphobos/Makefile.am b/libphobos/Makefile.am index 84d80016025..874b3a25d02 100644 --- a/libphobos/Makefile.am +++ b/libphobos/Makefile.am @@ -33,14 +33,14 @@ AM_MAKEFLAGS = \ "AR_FLAGS=$(AR_FLAGS)" \ "CC_FOR_BUILD=$(CC_FOR_BUILD)" \ "CC_FOR_TARGET=$(CC_FOR_TARGET)" \ - "CCASFLAGS=$(CCASFLAGS) $(CET_FLAGS)" \ - "CFLAGS=$(CFLAGS) $(CET_FLAGS)" \ - "CXXFLAGS=$(CXXFLAGS) $(CET_FLAGS)" \ + "CCASFLAGS=$(CCASFLAGS)" \ + "CFLAGS=$(CFLAGS)" \ + "CXXFLAGS=$(CXXFLAGS)" \ "CFLAGS_FOR_BUILD=$(CFLAGS_FOR_BUILD)" \ - "CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET) $(CET_FLAGS)" \ + "CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET)" \ "GDC_FOR_TARGET=$(GDC_FOR_TARGET)" \ "GDC=$(GDC)" \ - "GDCFLAGS=$(GDCFLAGS) $(CET_FLAGS)" \ + "GDCFLAGS=$(GDCFLAGS)" \ "INSTALL=$(INSTALL)" \ "INSTALL_DATA=$(INSTALL_DATA)" \ "INSTALL_PROGRAM=$(INSTALL_PROGRAM)" \ diff --git a/libphobos/Makefile.in b/libphobos/Makefile.in index f6cba17159f..f692b2f719e 100644 --- a/libphobos/Makefile.in +++ b/libphobos/Makefile.in @@ -207,6 +207,7 @@ CC = @CC@ CCAS = @CCAS@ CCASFLAGS = @CCASFLAGS@ CC_FOR_BUILD = @CC_FOR_BUILD@ +CET_DFLAGS = @CET_DFLAGS@ CET_FLAGS = @CET_FLAGS@ CFLAGS = @CFLAGS@ CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@ @@ -216,7 +217,6 @@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@ DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@ -DCFG_ENABLE_CET = @DCFG_ENABLE_CET@ DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@ DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@ DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@ @@ -355,14 +355,14 @@ AM_MAKEFLAGS = \ "AR_FLAGS=$(AR_FLAGS)" \ "CC_FOR_BUILD=$(CC_FOR_BUILD)" \ "CC_FOR_TARGET=$(CC_FOR_TARGET)" \ - "CCASFLAGS=$(CCASFLAGS) $(CET_FLAGS)" \ - "CFLAGS=$(CFLAGS) $(CET_FLAGS)" \ - "CXXFLAGS=$(CXXFLAGS) $(CET_FLAGS)" \ + "CCASFLAGS=$(CCASFLAGS)" \ + "CFLAGS=$(CFLAGS)" \ + "CXXFLAGS=$(CXXFLAGS)" \ "CFLAGS_FOR_BUILD=$(CFLAGS_FOR_BUILD)" \ - "CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET) $(CET_FLAGS)" \ + "CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET)" \ "GDC_FOR_TARGET=$(GDC_FOR_TARGET)" \ "GDC=$(GDC)" \ - "GDCFLAGS=$(GDCFLAGS) $(CET_FLAGS)" \ + "GDCFLAGS=$(GDCFLAGS)" \ "INSTALL=$(INSTALL)" \ "INSTALL_DATA=$(INSTALL_DATA)" \ "INSTALL_PROGRAM=$(INSTALL_PROGRAM)" \ diff --git a/libphobos/configure b/libphobos/configure index 3cccee748e7..05f4d7af0d2 100755 --- a/libphobos/configure +++ b/libphobos/configure @@ -722,7 +722,7 @@ LIBTOOL CFLAGS_FOR_BUILD CC_FOR_BUILD AR -DCFG_ENABLE_CET +CET_DFLAGS CET_FLAGS RANLIB MAINT @@ -5651,12 +5651,11 @@ $as_echo "no" >&6; } fi -if test x$enable_cet = xyes; then : - DCFG_ENABLE_CET=true -else - DCFG_ENABLE_CET=false -fi +# To ensure that runtime code for CET is compiled in, add in D version flags. +if test "$enable_cet" = yes; then + CET_DFLAGS="$CET_FLAGS -fversion=CET" +fi # This should be inherited in the recu
Re: [PATCH] libphobos: libdruntime doesn't support shadow stack (PR95680)
Hi Iain, >> this patch broke Solaris/x86 bootstrap: >> >> /vol/gcc/src/hg/master/local/libphobos/libdruntime/core/thread.d:3595:23: >> error: version AsmExternal defined after use >> 3595 | version = AsmExternal; >> | ^ >> /vol/gcc/src/hg/master/local/libphobos/libdruntime/core/thread.d:3603:27: >> error: version AsmX86_Posix defined after use >> 3603 | version = AsmX86_Posix; >> | ^ >> >> and similarly for the 64-bit version. libdruntime/gcc/config.d has >> >> // Whether libphobos been configured with --enable-cet. >> enum GNU_Enable_CET = false; >> >> Rainer >> > > Looks like I can only use version conditions, or static if conditions. > Not both at the same time. Found a related bug in upstream dmd > https://issues.dlang.org/show_bug.cgi?id=7386 > > Fixing the front-end here will not be possible without some pervasive > changes in how symbol resolving is handled. Which is a shame. > > I'm just testing passing -fversion=CET during compilation. I've just tested it no i386-pc-solaris2.11: worked fine. Thanks. Rainer -- - Rainer Orth, Center for Biotechnology, Bielefeld University
