subject:"arm64 BTI for libgcrypt"

Re: arm64 BTI for libgcrypt

2023-11-20 Thread Jeremie Courreges-Anglas

On Mon, Nov 20 2023, Tobias Heider  wrote:
> On Mon, Nov 20, 2023 at 12:11:42PM +0100, Mark Kettenis wrote:
>> > Date: Mon, 20 Nov 2023 11:55:43 +0100
>> > From: Tobias Heider 
>> > Cc: Jeremie Courreges-Anglas , ports@openbsd.org,
>> >kette...@openbsd.org, ajacou...@openbsd.org
>> > Content-Type: text/plain; charset=us-ascii
>> > Content-Disposition: inline
>> > 
>> > On Mon, Nov 20, 2023 at 11:37:17AM +0100, Mark Kettenis wrote:
>> > > > From: Jeremie Courreges-Anglas 
>> > > > Date: Mon, 20 Nov 2023 08:22:13 +0100
>> > > > 
>> > > > On Sun, Nov 19 2023, Tobias Heider  wrote:
>> > > > > Diff below fixes libgcrypt/gnupg on my m2.
>> > > > >
>> > > > > CFI_STARTPROC() seemed like a good place to add the bti instructions
>> > > > > since it is called in all the right places.
>> > > > 
>> > > > It's not something that makes sense for upstream IMHO, but for ports
>> > > > that use it, it's an obvious place for us to tuck in "endbr64" or
>> > > > "bti c".  (eg I've been tempted to use such macros in lang/ocaml)
>> > > > 
>> > > > Using a macro named CFI_STARTPROC() can be considered either 
>> > > > appropriate
>> > > > or misleading, since the .cfi_* directives are about "Call Frame
>> > > > Information", and endbr64/bti are about "Control-flow Integrity"...
>> > > > 
>> > > > > If this is too hacky I'm also fine with adding explicit instructions
>> > > > > everywhere or even a new macro.
>> > > > 
>> > > > I'd say it's fine for our port.
>> > > > 
>> > > > I have one doubt: wouldn't it look more correct to have "bti c" *after*
>> > > > .cfi_startproc:
>> > > > 
>> > > >   # define CFI_STARTPROC().cfi_startproc; bti c;
>> > > > 
>> > > > since "bti c" is intended to be part of the function?
>> > > 
>> > > yes!
>> > > 
>> > 
>> > Sure, ok like this?
>> > 
>> 
>> I think you don't need the semicolon at the end.
>
> experimental evaluation says you are right.

Can't test this but LGTM.

> Index: Makefile
> ===
> RCS file: /cvs/ports/security/libgcrypt/Makefile,v
> retrieving revision 1.92
> diff -u -p -r1.92 Makefile
> --- Makefile  15 Nov 2023 08:00:14 -  1.92
> +++ Makefile  20 Nov 2023 11:21:52 -
> @@ -6,6 +6,7 @@ USE_NOEXECONLY=   Yes
>  COMMENT= crypto library based on code used in GnuPG
>  
>  DISTNAME=libgcrypt-1.10.3
> +REVISION=0
>  
>  CATEGORIES=  security
>  
> Index: patches/patch-cipher_asm-common-aarch64_h
> ===
> RCS file: patches/patch-cipher_asm-common-aarch64_h
> diff -N patches/patch-cipher_asm-common-aarch64_h
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-cipher_asm-common-aarch64_h 20 Nov 2023 11:21:52 -
> @@ -0,0 +1,21 @@
> +Index: cipher/asm-common-aarch64.h
> +--- cipher/asm-common-aarch64.h.orig
>  cipher/asm-common-aarch64.h
> +@@ -45,7 +45,7 @@
> + 
> + #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
> + /* CFI directives to emit DWARF stack unwinding information. */
> +-# define CFI_STARTPROC().cfi_startproc
> ++# define CFI_STARTPROC().cfi_startproc; bti c
> + # define CFI_ENDPROC()  .cfi_endproc
> + # define CFI_REMEMBER_STATE()   .cfi_remember_state
> + # define CFI_RESTORE_STATE().cfi_restore_state
> +@@ -87,7 +87,7 @@
> + DW_SLEB128_28BIT(rsp_offs)
> + 
> + #else
> +-# define CFI_STARTPROC()
> ++# define CFI_STARTPROC() bti c
> + # define CFI_ENDPROC()
> + # define CFI_REMEMBER_STATE()
> + # define CFI_RESTORE_STATE()
>

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: arm64 BTI for libgcrypt

2023-11-20 Thread Tobias Heider

On Mon, Nov 20, 2023 at 12:11:42PM +0100, Mark Kettenis wrote:
> > Date: Mon, 20 Nov 2023 11:55:43 +0100
> > From: Tobias Heider 
> > Cc: Jeremie Courreges-Anglas , ports@openbsd.org,
> > kette...@openbsd.org, ajacou...@openbsd.org
> > Content-Type: text/plain; charset=us-ascii
> > Content-Disposition: inline
> > 
> > On Mon, Nov 20, 2023 at 11:37:17AM +0100, Mark Kettenis wrote:
> > > > From: Jeremie Courreges-Anglas 
> > > > Date: Mon, 20 Nov 2023 08:22:13 +0100
> > > > 
> > > > On Sun, Nov 19 2023, Tobias Heider  wrote:
> > > > > Diff below fixes libgcrypt/gnupg on my m2.
> > > > >
> > > > > CFI_STARTPROC() seemed like a good place to add the bti instructions
> > > > > since it is called in all the right places.
> > > > 
> > > > It's not something that makes sense for upstream IMHO, but for ports
> > > > that use it, it's an obvious place for us to tuck in "endbr64" or
> > > > "bti c".  (eg I've been tempted to use such macros in lang/ocaml)
> > > > 
> > > > Using a macro named CFI_STARTPROC() can be considered either appropriate
> > > > or misleading, since the .cfi_* directives are about "Call Frame
> > > > Information", and endbr64/bti are about "Control-flow Integrity"...
> > > > 
> > > > > If this is too hacky I'm also fine with adding explicit instructions
> > > > > everywhere or even a new macro.
> > > > 
> > > > I'd say it's fine for our port.
> > > > 
> > > > I have one doubt: wouldn't it look more correct to have "bti c" *after*
> > > > .cfi_startproc:
> > > > 
> > > >   # define CFI_STARTPROC().cfi_startproc; bti c;
> > > > 
> > > > since "bti c" is intended to be part of the function?
> > > 
> > > yes!
> > > 
> > 
> > Sure, ok like this?
> > 
> 
> I think you don't need the semicolon at the end.

experimental evaluation says you are right.

Index: Makefile
===
RCS file: /cvs/ports/security/libgcrypt/Makefile,v
retrieving revision 1.92
diff -u -p -r1.92 Makefile
--- Makefile15 Nov 2023 08:00:14 -  1.92
+++ Makefile20 Nov 2023 11:21:52 -
@@ -6,6 +6,7 @@ USE_NOEXECONLY= Yes
 COMMENT=   crypto library based on code used in GnuPG
 
 DISTNAME=  libgcrypt-1.10.3
+REVISION=  0
 
 CATEGORIES=security
 
Index: patches/patch-cipher_asm-common-aarch64_h
===
RCS file: patches/patch-cipher_asm-common-aarch64_h
diff -N patches/patch-cipher_asm-common-aarch64_h
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-cipher_asm-common-aarch64_h   20 Nov 2023 11:21:52 -
@@ -0,0 +1,21 @@
+Index: cipher/asm-common-aarch64.h
+--- cipher/asm-common-aarch64.h.orig
 cipher/asm-common-aarch64.h
+@@ -45,7 +45,7 @@
+ 
+ #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
+ /* CFI directives to emit DWARF stack unwinding information. */
+-# define CFI_STARTPROC().cfi_startproc
++# define CFI_STARTPROC().cfi_startproc; bti c
+ # define CFI_ENDPROC()  .cfi_endproc
+ # define CFI_REMEMBER_STATE()   .cfi_remember_state
+ # define CFI_RESTORE_STATE().cfi_restore_state
+@@ -87,7 +87,7 @@
+   DW_SLEB128_28BIT(rsp_offs)
+ 
+ #else
+-# define CFI_STARTPROC()
++# define CFI_STARTPROC() bti c
+ # define CFI_ENDPROC()
+ # define CFI_REMEMBER_STATE()
+ # define CFI_RESTORE_STATE()

Re: arm64 BTI for libgcrypt

2023-11-20 Thread Mark Kettenis

> Date: Mon, 20 Nov 2023 11:55:43 +0100
> From: Tobias Heider 
> Cc: Jeremie Courreges-Anglas , ports@openbsd.org,
>   kette...@openbsd.org, ajacou...@openbsd.org
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> 
> On Mon, Nov 20, 2023 at 11:37:17AM +0100, Mark Kettenis wrote:
> > > From: Jeremie Courreges-Anglas 
> > > Date: Mon, 20 Nov 2023 08:22:13 +0100
> > > 
> > > On Sun, Nov 19 2023, Tobias Heider  wrote:
> > > > Diff below fixes libgcrypt/gnupg on my m2.
> > > >
> > > > CFI_STARTPROC() seemed like a good place to add the bti instructions
> > > > since it is called in all the right places.
> > > 
> > > It's not something that makes sense for upstream IMHO, but for ports
> > > that use it, it's an obvious place for us to tuck in "endbr64" or
> > > "bti c".  (eg I've been tempted to use such macros in lang/ocaml)
> > > 
> > > Using a macro named CFI_STARTPROC() can be considered either appropriate
> > > or misleading, since the .cfi_* directives are about "Call Frame
> > > Information", and endbr64/bti are about "Control-flow Integrity"...
> > > 
> > > > If this is too hacky I'm also fine with adding explicit instructions
> > > > everywhere or even a new macro.
> > > 
> > > I'd say it's fine for our port.
> > > 
> > > I have one doubt: wouldn't it look more correct to have "bti c" *after*
> > > .cfi_startproc:
> > > 
> > >   # define CFI_STARTPROC().cfi_startproc; bti c;
> > > 
> > > since "bti c" is intended to be part of the function?
> > 
> > yes!
> > 
> 
> Sure, ok like this?
> 
> Index: Makefile
> ===
> RCS file: /cvs/ports/security/libgcrypt/Makefile,v
> retrieving revision 1.92
> diff -u -p -r1.92 Makefile
> --- Makefile  15 Nov 2023 08:00:14 -  1.92
> +++ Makefile  20 Nov 2023 10:54:58 -
> @@ -6,6 +6,7 @@ USE_NOEXECONLY=   Yes
>  COMMENT= crypto library based on code used in GnuPG
>  
>  DISTNAME=libgcrypt-1.10.3
> +REVISION=0
>  
>  CATEGORIES=  security
>  
> Index: patches/patch-cipher_asm-common-aarch64_h
> ===
> RCS file: patches/patch-cipher_asm-common-aarch64_h
> diff -N patches/patch-cipher_asm-common-aarch64_h
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-cipher_asm-common-aarch64_h 20 Nov 2023 10:54:58 -
> @@ -0,0 +1,21 @@
> +Index: cipher/asm-common-aarch64.h
> +--- cipher/asm-common-aarch64.h.orig
>  cipher/asm-common-aarch64.h
> +@@ -45,7 +45,7 @@
> + 
> + #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
> + /* CFI directives to emit DWARF stack unwinding information. */
> +-# define CFI_STARTPROC().cfi_startproc
> ++# define CFI_STARTPROC().cfi_startproc; bti c;

I think you don't need the semicolon at the end.

> + # define CFI_ENDPROC()  .cfi_endproc
> + # define CFI_REMEMBER_STATE()   .cfi_remember_state
> + # define CFI_RESTORE_STATE().cfi_restore_state
> +@@ -87,7 +87,7 @@
> + DW_SLEB128_28BIT(rsp_offs)
> + 
> + #else
> +-# define CFI_STARTPROC()
> ++# define CFI_STARTPROC() bti c;

Same here

> + # define CFI_ENDPROC()
> + # define CFI_REMEMBER_STATE()
> + # define CFI_RESTORE_STATE()
>

Re: arm64 BTI for libgcrypt

2023-11-20 Thread Antoine Jacoutot

On Mon, Nov 20, 2023 at 11:55:43AM +0100, Tobias Heider wrote:
> On Mon, Nov 20, 2023 at 11:37:17AM +0100, Mark Kettenis wrote:
> > > From: Jeremie Courreges-Anglas 
> > > Date: Mon, 20 Nov 2023 08:22:13 +0100
> > > 
> > > On Sun, Nov 19 2023, Tobias Heider  wrote:
> > > > Diff below fixes libgcrypt/gnupg on my m2.
> > > >
> > > > CFI_STARTPROC() seemed like a good place to add the bti instructions
> > > > since it is called in all the right places.
> > > 
> > > It's not something that makes sense for upstream IMHO, but for ports
> > > that use it, it's an obvious place for us to tuck in "endbr64" or
> > > "bti c".  (eg I've been tempted to use such macros in lang/ocaml)
> > > 
> > > Using a macro named CFI_STARTPROC() can be considered either appropriate
> > > or misleading, since the .cfi_* directives are about "Call Frame
> > > Information", and endbr64/bti are about "Control-flow Integrity"...
> > > 
> > > > If this is too hacky I'm also fine with adding explicit instructions
> > > > everywhere or even a new macro.
> > > 
> > > I'd say it's fine for our port.
> > > 
> > > I have one doubt: wouldn't it look more correct to have "bti c" *after*
> > > .cfi_startproc:
> > > 
> > >   # define CFI_STARTPROC().cfi_startproc; bti c;
> > > 
> > > since "bti c" is intended to be part of the function?
> > 
> > yes!
> > 
> 
> Sure, ok like this?

Ports wize, OK for me.


> 
> Index: Makefile
> ===
> RCS file: /cvs/ports/security/libgcrypt/Makefile,v
> retrieving revision 1.92
> diff -u -p -r1.92 Makefile
> --- Makefile  15 Nov 2023 08:00:14 -  1.92
> +++ Makefile  20 Nov 2023 10:54:58 -
> @@ -6,6 +6,7 @@ USE_NOEXECONLY=   Yes
>  COMMENT= crypto library based on code used in GnuPG
>  
>  DISTNAME=libgcrypt-1.10.3
> +REVISION=0
>  
>  CATEGORIES=  security
>  
> Index: patches/patch-cipher_asm-common-aarch64_h
> ===
> RCS file: patches/patch-cipher_asm-common-aarch64_h
> diff -N patches/patch-cipher_asm-common-aarch64_h
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-cipher_asm-common-aarch64_h 20 Nov 2023 10:54:58 -
> @@ -0,0 +1,21 @@
> +Index: cipher/asm-common-aarch64.h
> +--- cipher/asm-common-aarch64.h.orig
>  cipher/asm-common-aarch64.h
> +@@ -45,7 +45,7 @@
> + 
> + #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
> + /* CFI directives to emit DWARF stack unwinding information. */
> +-# define CFI_STARTPROC().cfi_startproc
> ++# define CFI_STARTPROC().cfi_startproc; bti c;
> + # define CFI_ENDPROC()  .cfi_endproc
> + # define CFI_REMEMBER_STATE()   .cfi_remember_state
> + # define CFI_RESTORE_STATE().cfi_restore_state
> +@@ -87,7 +87,7 @@
> + DW_SLEB128_28BIT(rsp_offs)
> + 
> + #else
> +-# define CFI_STARTPROC()
> ++# define CFI_STARTPROC() bti c;
> + # define CFI_ENDPROC()
> + # define CFI_REMEMBER_STATE()
> + # define CFI_RESTORE_STATE()
> 

-- 
Antoine

Re: arm64 BTI for libgcrypt

2023-11-20 Thread Tobias Heider

On Mon, Nov 20, 2023 at 11:37:17AM +0100, Mark Kettenis wrote:
> > From: Jeremie Courreges-Anglas 
> > Date: Mon, 20 Nov 2023 08:22:13 +0100
> > 
> > On Sun, Nov 19 2023, Tobias Heider  wrote:
> > > Diff below fixes libgcrypt/gnupg on my m2.
> > >
> > > CFI_STARTPROC() seemed like a good place to add the bti instructions
> > > since it is called in all the right places.
> > 
> > It's not something that makes sense for upstream IMHO, but for ports
> > that use it, it's an obvious place for us to tuck in "endbr64" or
> > "bti c".  (eg I've been tempted to use such macros in lang/ocaml)
> > 
> > Using a macro named CFI_STARTPROC() can be considered either appropriate
> > or misleading, since the .cfi_* directives are about "Call Frame
> > Information", and endbr64/bti are about "Control-flow Integrity"...
> > 
> > > If this is too hacky I'm also fine with adding explicit instructions
> > > everywhere or even a new macro.
> > 
> > I'd say it's fine for our port.
> > 
> > I have one doubt: wouldn't it look more correct to have "bti c" *after*
> > .cfi_startproc:
> > 
> >   # define CFI_STARTPROC().cfi_startproc; bti c;
> > 
> > since "bti c" is intended to be part of the function?
> 
> yes!
> 

Sure, ok like this?

Index: Makefile
===
RCS file: /cvs/ports/security/libgcrypt/Makefile,v
retrieving revision 1.92
diff -u -p -r1.92 Makefile
--- Makefile15 Nov 2023 08:00:14 -  1.92
+++ Makefile20 Nov 2023 10:54:58 -
@@ -6,6 +6,7 @@ USE_NOEXECONLY= Yes
 COMMENT=   crypto library based on code used in GnuPG
 
 DISTNAME=  libgcrypt-1.10.3
+REVISION=  0
 
 CATEGORIES=security
 
Index: patches/patch-cipher_asm-common-aarch64_h
===
RCS file: patches/patch-cipher_asm-common-aarch64_h
diff -N patches/patch-cipher_asm-common-aarch64_h
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-cipher_asm-common-aarch64_h   20 Nov 2023 10:54:58 -
@@ -0,0 +1,21 @@
+Index: cipher/asm-common-aarch64.h
+--- cipher/asm-common-aarch64.h.orig
 cipher/asm-common-aarch64.h
+@@ -45,7 +45,7 @@
+ 
+ #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
+ /* CFI directives to emit DWARF stack unwinding information. */
+-# define CFI_STARTPROC().cfi_startproc
++# define CFI_STARTPROC().cfi_startproc; bti c;
+ # define CFI_ENDPROC()  .cfi_endproc
+ # define CFI_REMEMBER_STATE()   .cfi_remember_state
+ # define CFI_RESTORE_STATE().cfi_restore_state
+@@ -87,7 +87,7 @@
+   DW_SLEB128_28BIT(rsp_offs)
+ 
+ #else
+-# define CFI_STARTPROC()
++# define CFI_STARTPROC() bti c;
+ # define CFI_ENDPROC()
+ # define CFI_REMEMBER_STATE()
+ # define CFI_RESTORE_STATE()

Re: arm64 BTI for libgcrypt

2023-11-20 Thread Mark Kettenis

> From: Jeremie Courreges-Anglas 
> Date: Mon, 20 Nov 2023 08:22:13 +0100
> 
> On Sun, Nov 19 2023, Tobias Heider  wrote:
> > Diff below fixes libgcrypt/gnupg on my m2.
> >
> > CFI_STARTPROC() seemed like a good place to add the bti instructions
> > since it is called in all the right places.
> 
> It's not something that makes sense for upstream IMHO, but for ports
> that use it, it's an obvious place for us to tuck in "endbr64" or
> "bti c".  (eg I've been tempted to use such macros in lang/ocaml)
> 
> Using a macro named CFI_STARTPROC() can be considered either appropriate
> or misleading, since the .cfi_* directives are about "Call Frame
> Information", and endbr64/bti are about "Control-flow Integrity"...
> 
> > If this is too hacky I'm also fine with adding explicit instructions
> > everywhere or even a new macro.
> 
> I'd say it's fine for our port.
> 
> I have one doubt: wouldn't it look more correct to have "bti c" *after*
> .cfi_startproc:
> 
>   # define CFI_STARTPROC().cfi_startproc; bti c;
> 
> since "bti c" is intended to be part of the function?

yes!

> > opinions? ok?
> 
> Just in case: the diff needs to be committed along with a REVISION bump,
> so that the updated package ends up on users machines.
> 
> My two cents, I'll let others chime in.  (+cc maintainer)
> 
> > Index: patches/patch-cipher_asm-common-aarch64_h
> > ===
> > RCS file: patches/patch-cipher_asm-common-aarch64_h
> > diff -N patches/patch-cipher_asm-common-aarch64_h
> > --- /dev/null   1 Jan 1970 00:00:00 -
> > +++ patches/patch-cipher_asm-common-aarch64_h   19 Nov 2023 20:22:40 
> > -
> > @@ -0,0 +1,21 @@
> > +Index: cipher/asm-common-aarch64.h
> > +--- cipher/asm-common-aarch64.h.orig
> >  cipher/asm-common-aarch64.h
> > +@@ -45,7 +45,7 @@
> > + 
> > + #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
> > + /* CFI directives to emit DWARF stack unwinding information. */
> > +-# define CFI_STARTPROC().cfi_startproc
> > ++# define CFI_STARTPROC()bti c; .cfi_startproc;
> > + # define CFI_ENDPROC()  .cfi_endproc
> > + # define CFI_REMEMBER_STATE()   .cfi_remember_state
> > + # define CFI_RESTORE_STATE().cfi_restore_state
> > +@@ -87,7 +87,7 @@
> > +   DW_SLEB128_28BIT(rsp_offs)
> > + 
> > + #else
> > +-# define CFI_STARTPROC()
> > ++# define CFI_STARTPROC() bti c;
> > + # define CFI_ENDPROC()
> > + # define CFI_REMEMBER_STATE()
> > + # define CFI_RESTORE_STATE()
> >
> 
> -- 
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE
>

Re: arm64 BTI for libgcrypt

2023-11-19 Thread Jeremie Courreges-Anglas

On Sun, Nov 19 2023, Tobias Heider  wrote:
> Diff below fixes libgcrypt/gnupg on my m2.
>
> CFI_STARTPROC() seemed like a good place to add the bti instructions
> since it is called in all the right places.

It's not something that makes sense for upstream IMHO, but for ports
that use it, it's an obvious place for us to tuck in "endbr64" or
"bti c".  (eg I've been tempted to use such macros in lang/ocaml)

Using a macro named CFI_STARTPROC() can be considered either appropriate
or misleading, since the .cfi_* directives are about "Call Frame
Information", and endbr64/bti are about "Control-flow Integrity"...

> If this is too hacky I'm also fine with adding explicit instructions
> everywhere or even a new macro.

I'd say it's fine for our port.

I have one doubt: wouldn't it look more correct to have "bti c" *after*
.cfi_startproc:

  # define CFI_STARTPROC().cfi_startproc; bti c;

since "bti c" is intended to be part of the function?

> opinions? ok?

Just in case: the diff needs to be committed along with a REVISION bump,
so that the updated package ends up on users machines.

My two cents, I'll let others chime in.  (+cc maintainer)

> Index: patches/patch-cipher_asm-common-aarch64_h
> ===
> RCS file: patches/patch-cipher_asm-common-aarch64_h
> diff -N patches/patch-cipher_asm-common-aarch64_h
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-cipher_asm-common-aarch64_h 19 Nov 2023 20:22:40 -
> @@ -0,0 +1,21 @@
> +Index: cipher/asm-common-aarch64.h
> +--- cipher/asm-common-aarch64.h.orig
>  cipher/asm-common-aarch64.h
> +@@ -45,7 +45,7 @@
> + 
> + #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
> + /* CFI directives to emit DWARF stack unwinding information. */
> +-# define CFI_STARTPROC().cfi_startproc
> ++# define CFI_STARTPROC()bti c; .cfi_startproc;
> + # define CFI_ENDPROC()  .cfi_endproc
> + # define CFI_REMEMBER_STATE()   .cfi_remember_state
> + # define CFI_RESTORE_STATE().cfi_restore_state
> +@@ -87,7 +87,7 @@
> + DW_SLEB128_28BIT(rsp_offs)
> + 
> + #else
> +-# define CFI_STARTPROC()
> ++# define CFI_STARTPROC() bti c;
> + # define CFI_ENDPROC()
> + # define CFI_REMEMBER_STATE()
> + # define CFI_RESTORE_STATE()
>

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

arm64 BTI for libgcrypt

2023-11-19 Thread Tobias Heider

Diff below fixes libgcrypt/gnupg on my m2.

CFI_STARTPROC() seemed like a good place to add the bti instructions
since it is called in all the right places.
If this is too hacky I'm also fine with adding explicit instructions
everywhere or even a new macro.

opinions? ok?

Index: patches/patch-cipher_asm-common-aarch64_h
===
RCS file: patches/patch-cipher_asm-common-aarch64_h
diff -N patches/patch-cipher_asm-common-aarch64_h
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-cipher_asm-common-aarch64_h   19 Nov 2023 20:22:40 -
@@ -0,0 +1,21 @@
+Index: cipher/asm-common-aarch64.h
+--- cipher/asm-common-aarch64.h.orig
 cipher/asm-common-aarch64.h
+@@ -45,7 +45,7 @@
+ 
+ #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
+ /* CFI directives to emit DWARF stack unwinding information. */
+-# define CFI_STARTPROC().cfi_startproc
++# define CFI_STARTPROC()bti c; .cfi_startproc;
+ # define CFI_ENDPROC()  .cfi_endproc
+ # define CFI_REMEMBER_STATE()   .cfi_remember_state
+ # define CFI_RESTORE_STATE().cfi_restore_state
+@@ -87,7 +87,7 @@
+   DW_SLEB128_28BIT(rsp_offs)
+ 
+ #else
+-# define CFI_STARTPROC()
++# define CFI_STARTPROC() bti c;
+ # define CFI_ENDPROC()
+ # define CFI_REMEMBER_STATE()
+ # define CFI_RESTORE_STATE()

Re: arm64 BTI for libgcrypt

Re: arm64 BTI for libgcrypt

Re: arm64 BTI for libgcrypt

Re: arm64 BTI for libgcrypt

Re: arm64 BTI for libgcrypt

Re: arm64 BTI for libgcrypt

Re: arm64 BTI for libgcrypt

arm64 BTI for libgcrypt

8 matches

Site Navigation

Mail list logo

Footer information