From 0ed757604f4e232324ca798e46f3d8bf7e35b009 Mon Sep 17 00:00:00 2001 From: Iain Buclaw Date: Thu, 10 Sep 2020 01:30:20 +0200 Subject: [PATCH] libphobos: libdruntime doesn't support shadow stack (PR95680) The first implementation hit a front-end implementation bug where version conditions are resolved ahead of static if confitions. The logic for whether to use asm implemented fiber_switchContext or libc's swapcontext has been moved from GNU_Enable_CET to version CET. libphobos/ChangeLog: PR d/95680 PR d/97007 * Makefile.am (AM_MAKEFLAGS): Remove $(CET_FLAGS). * Makefile.in: Regenerate. * configure: Regenerate. * configure.ac (DCFG_ENABLE_CET): Remove substitution. (CET_DFLAGS): Substitute. * libdruntime/Makefile.am (AM_DFLAGS): Add $(CET_DFLAGS). (AM_CFLAGS): Add $(CET_FLAGS). (AM_CCASFLAGS): Likewise. * libdruntime/Makefile.in: Regenerate. * libdruntime/core/thread.d: Replace static if GNU_Enable_CET condition with `version (CET)'. * libdruntime/gcc/config.d.in (GNU_Enable_CET): Remove. * src/Makefile.am (AM_DFLAGS): Add $(CET_DFLAGS). (AM_CFLAGS): Add $(CET_FLAGS). * src/Makefile.in: Regenerate. * testsuite/Makefile.in: Regenerate. * testsuite/testsuite_flags.in: Add $(CET_DFLAGS) to --gdcflags. --- libphobos/Makefile.am | 10 +++--- libphobos/Makefile.in | 12 +++---- libphobos/configure | 15 +++++---- libphobos/configure.ac | 8 +++-- libphobos/libdruntime/Makefile.am | 6 +++- libphobos/libdruntime/Makefile.in | 8 +++-- libphobos/libdruntime/core/thread.d | 43 +++++++++++++------------- libphobos/libdruntime/gcc/config.d.in | 3 -- libphobos/src/Makefile.am | 5 ++- libphobos/src/Makefile.in | 7 +++-- libphobos/testsuite/Makefile.in | 2 +- libphobos/testsuite/testsuite_flags.in | 2 +- 12 files changed, 66 insertions(+), 55 deletions(-) diff --git a/libphobos/Makefile.am b/libphobos/Makefile.am index 84d80016025..874b3a25d02 100644 --- a/libphobos/Makefile.am +++ b/libphobos/Makefile.am @@ -33,14 +33,14 @@ AM_MAKEFLAGS = \ "AR_FLAGS=$(AR_FLAGS)" \ "CC_FOR_BUILD=$(CC_FOR_BUILD)" \ "CC_FOR_TARGET=$(CC_FOR_TARGET)" \ - "CCASFLAGS=$(CCASFLAGS) $(CET_FLAGS)" \ - "CFLAGS=$(CFLAGS) $(CET_FLAGS)" \ - "CXXFLAGS=$(CXXFLAGS) $(CET_FLAGS)" \ + "CCASFLAGS=$(CCASFLAGS)" \ + "CFLAGS=$(CFLAGS)" \ + "CXXFLAGS=$(CXXFLAGS)" \ "CFLAGS_FOR_BUILD=$(CFLAGS_FOR_BUILD)" \ - "CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET) $(CET_FLAGS)" \ + "CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET)" \ "GDC_FOR_TARGET=$(GDC_FOR_TARGET)" \ "GDC=$(GDC)" \ - "GDCFLAGS=$(GDCFLAGS) $(CET_FLAGS)" \ + "GDCFLAGS=$(GDCFLAGS)" \ "INSTALL=$(INSTALL)" \ "INSTALL_DATA=$(INSTALL_DATA)" \ "INSTALL_PROGRAM=$(INSTALL_PROGRAM)" \ diff --git a/libphobos/Makefile.in b/libphobos/Makefile.in index f6cba17159f..f692b2f719e 100644 --- a/libphobos/Makefile.in +++ b/libphobos/Makefile.in @@ -207,6 +207,7 @@ CC = @CC@ CCAS = @CCAS@ CCASFLAGS = @CCASFLAGS@ CC_FOR_BUILD = @CC_FOR_BUILD@ +CET_DFLAGS = @CET_DFLAGS@ CET_FLAGS = @CET_FLAGS@ CFLAGS = @CFLAGS@ CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@ @@ -216,7 +217,6 @@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@ DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@ -DCFG_ENABLE_CET = @DCFG_ENABLE_CET@ DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@ DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@ DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@ @@ -355,14 +355,14 @@ AM_MAKEFLAGS = \ "AR_FLAGS=$(AR_FLAGS)" \ "CC_FOR_BUILD=$(CC_FOR_BUILD)" \ "CC_FOR_TARGET=$(CC_FOR_TARGET)" \ - "CCASFLAGS=$(CCASFLAGS) $(CET_FLAGS)" \ - "CFLAGS=$(CFLAGS) $(CET_FLAGS)" \ - "CXXFLAGS=$(CXXFLAGS) $(CET_FLAGS)" \ + "CCASFLAGS=$(CCASFLAGS)" \ + "CFLAGS=$(CFLAGS)" \ + "CXXFLAGS=$(CXXFLAGS)" \ "CFLAGS_FOR_BUILD=$(CFLAGS_FOR_BUILD)" \ - "CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET) $(CET_FLAGS)" \ + "CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET)" \ "GDC_FOR_TARGET=$(GDC_FOR_TARGET)" \ "GDC=$(GDC)" \ - "GDCFLAGS=$(GDCFLAGS) $(CET_FLAGS)" \ + "GDCFLAGS=$(GDCFLAGS)" \ "INSTALL=$(INSTALL)" \ "INSTALL_DATA=$(INSTALL_DATA)" \ "INSTALL_PROGRAM=$(INSTALL_PROGRAM)" \ diff --git a/libphobos/configure b/libphobos/configure index 86a0aba6976..4c1116d6f80 100755 --- a/libphobos/configure +++ b/libphobos/configure @@ -722,7 +722,7 @@ LIBTOOL CFLAGS_FOR_BUILD CC_FOR_BUILD AR -DCFG_ENABLE_CET +CET_DFLAGS CET_FLAGS RANLIB MAINT @@ -5651,12 +5651,11 @@ $as_echo "no" >&6; } fi -if test x$enable_cet = xyes; then : - DCFG_ENABLE_CET=true -else - DCFG_ENABLE_CET=false -fi +# To ensure that runtime code for CET is compiled in, add in D version flags. +if test "$enable_cet" = yes; then + CET_DFLAGS="$CET_FLAGS -fversion=CET" +fi # This should be inherited in the recursive make, but ensure it is defined. test "$AR" || AR=ar @@ -11745,7 +11744,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11748 "configure" +#line 11747 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11851,7 +11850,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11854 "configure" +#line 11853 "configure" #include "confdefs.h" #if HAVE_DLFCN_H diff --git a/libphobos/configure.ac b/libphobos/configure.ac index 97f96934aaf..bf21128bd50 100644 --- a/libphobos/configure.ac +++ b/libphobos/configure.ac @@ -68,9 +68,11 @@ AC_PROG_MAKE_SET # Add CET specific flags if CET is enabled GCC_CET_FLAGS(CET_FLAGS) AC_SUBST(CET_FLAGS) -AS_IF([test x$enable_cet = xyes], - [DCFG_ENABLE_CET=true], [DCFG_ENABLE_CET=false]) -AC_SUBST(DCFG_ENABLE_CET) +# To ensure that runtime code for CET is compiled in, add in D version flags. +if test "$enable_cet" = yes; then + CET_DFLAGS="$CET_FLAGS -fversion=CET" + AC_SUBST(CET_DFLAGS) +fi # This should be inherited in the recursive make, but ensure it is defined. test "$AR" || AR=ar diff --git a/libphobos/libdruntime/Makefile.am b/libphobos/libdruntime/Makefile.am index 1d340a0041c..4136642beeb 100644 --- a/libphobos/libdruntime/Makefile.am +++ b/libphobos/libdruntime/Makefile.am @@ -24,7 +24,11 @@ D_EXTRA_DFLAGS=-nostdinc -I $(srcdir) -I . # D flags for compilation AM_DFLAGS= \ $(phobos_compiler_pic_flag) \ - $(WARN_DFLAGS) $(CHECKING_DFLAGS) + $(WARN_DFLAGS) $(CHECKING_DFLAGS) $(CET_DFLAGS) + +# Flags for other kinds of sources +AM_CFLAGS=$(CET_FLAGS) +AM_CCASFLAGS=$(CET_FLAGS) # Install all D and DI files ALL_DRUNTIME_INSTALL_DSOURCES = $(DRUNTIME_DSOURCES) \ diff --git a/libphobos/libdruntime/Makefile.in b/libphobos/libdruntime/Makefile.in index 28b4333838f..d0bb3242c4f 100644 --- a/libphobos/libdruntime/Makefile.in +++ b/libphobos/libdruntime/Makefile.in @@ -567,6 +567,7 @@ CC = @CC@ CCAS = @CCAS@ CCASFLAGS = @CCASFLAGS@ CC_FOR_BUILD = @CC_FOR_BUILD@ +CET_DFLAGS = @CET_DFLAGS@ CET_FLAGS = @CET_FLAGS@ CFLAGS = @CFLAGS@ CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@ @@ -576,7 +577,6 @@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@ DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@ -DCFG_ENABLE_CET = @DCFG_ENABLE_CET@ DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@ DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@ DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@ @@ -719,9 +719,13 @@ D_EXTRA_DFLAGS = -nostdinc -I $(srcdir) -I . # D flags for compilation AM_DFLAGS = \ $(phobos_compiler_pic_flag) \ - $(WARN_DFLAGS) $(CHECKING_DFLAGS) + $(WARN_DFLAGS) $(CHECKING_DFLAGS) $(CET_DFLAGS) +# Flags for other kinds of sources +AM_CFLAGS = $(CET_FLAGS) +AM_CCASFLAGS = $(CET_FLAGS) + # Install all D and DI files ALL_DRUNTIME_INSTALL_DSOURCES = $(DRUNTIME_DSOURCES) \ $(DRUNTIME_DSOURCES_BIONIC) $(DRUNTIME_DSOURCES_DARWIN) \ diff --git a/libphobos/libdruntime/core/thread.d b/libphobos/libdruntime/core/thread.d index 8f4603d3d2f..eaf088d53c1 100644 --- a/libphobos/libdruntime/core/thread.d +++ b/libphobos/libdruntime/core/thread.d @@ -3586,45 +3586,44 @@ private } else version (X86) { - import gcc.config; - version = AlignFiberStackTo16Byte; - static if (!GNU_Enable_CET) + version (CET) + { + // fiber_switchContext does not support shadow stack from + // Intel CET. So use ucontext implementation. + } + else { version = AsmExternal; version (MinGW) - { version = GNU_AsmX86_Windows; - } else version (Posix) - { version = AsmX86_Posix; - } } } else version (X86_64) { - import gcc.config; - version = AlignFiberStackTo16Byte; - static if (!GNU_Enable_CET) + version (CET) { - version (D_X32) - { - // let X32 be handled by ucontext swapcontext - } - else - { - version = AsmExternal; + // fiber_switchContext does not support shadow stack from + // Intel CET. So use ucontext implementation. + } + else version (D_X32) + { + // let X32 be handled by ucontext swapcontext + } + else + { + version = AsmExternal; - version (MinGW) - version = GNU_AsmX86_64_Windows; - else version (Posix) - version = AsmX86_64_Posix; - } + version (MinGW) + version = GNU_AsmX86_64_Windows; + else version (Posix) + version = AsmX86_64_Posix; } } else version (PPC) diff --git a/libphobos/libdruntime/gcc/config.d.in b/libphobos/libdruntime/gcc/config.d.in index 9ac7d055271..6301aaff069 100644 --- a/libphobos/libdruntime/gcc/config.d.in +++ b/libphobos/libdruntime/gcc/config.d.in @@ -49,6 +49,3 @@ enum GNU_Have_LibAtomic = @DCFG_HAVE_LIBATOMIC@; // Do we have qsort_r function enum Have_Qsort_R = @DCFG_HAVE_QSORT_R@; - -// Whether libphobos been configured with --enable-cet. -enum GNU_Enable_CET = @DCFG_ENABLE_CET@; diff --git a/libphobos/src/Makefile.am b/libphobos/src/Makefile.am index 9fb416ecc32..3769d8efafc 100644 --- a/libphobos/src/Makefile.am +++ b/libphobos/src/Makefile.am @@ -25,7 +25,10 @@ D_EXTRA_DFLAGS=-nostdinc -I $(srcdir) \ # D flags for compilation AM_DFLAGS= \ $(phobos_compiler_pic_flag) \ - $(WARN_DFLAGS) $(CHECKING_DFLAGS) + $(WARN_DFLAGS) $(CHECKING_DFLAGS) $(CET_DFLAGS) + +# Flags for other kinds of sources +AM_CFLAGS=$(CET_FLAGS) # Install all D files ALL_PHOBOS_INSTALL_DSOURCES = $(PHOBOS_DSOURCES) diff --git a/libphobos/src/Makefile.in b/libphobos/src/Makefile.in index dc5f4f5ca57..4a0612a613b 100644 --- a/libphobos/src/Makefile.in +++ b/libphobos/src/Makefile.in @@ -323,6 +323,7 @@ CC = @CC@ CCAS = @CCAS@ CCASFLAGS = @CCASFLAGS@ CC_FOR_BUILD = @CC_FOR_BUILD@ +CET_DFLAGS = @CET_DFLAGS@ CET_FLAGS = @CET_FLAGS@ CFLAGS = @CFLAGS@ CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@ @@ -332,7 +333,6 @@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@ DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@ -DCFG_ENABLE_CET = @DCFG_ENABLE_CET@ DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@ DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@ DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@ @@ -477,9 +477,12 @@ D_EXTRA_DFLAGS = -nostdinc -I $(srcdir) \ # D flags for compilation AM_DFLAGS = \ $(phobos_compiler_pic_flag) \ - $(WARN_DFLAGS) $(CHECKING_DFLAGS) + $(WARN_DFLAGS) $(CHECKING_DFLAGS) $(CET_DFLAGS) +# Flags for other kinds of sources +AM_CFLAGS = $(CET_FLAGS) + # Install all D files ALL_PHOBOS_INSTALL_DSOURCES = $(PHOBOS_DSOURCES) diff --git a/libphobos/testsuite/Makefile.in b/libphobos/testsuite/Makefile.in index 5a4c0317509..2f6911d4d47 100644 --- a/libphobos/testsuite/Makefile.in +++ b/libphobos/testsuite/Makefile.in @@ -151,6 +151,7 @@ CC = @CC@ CCAS = @CCAS@ CCASFLAGS = @CCASFLAGS@ CC_FOR_BUILD = @CC_FOR_BUILD@ +CET_DFLAGS = @CET_DFLAGS@ CET_FLAGS = @CET_FLAGS@ CFLAGS = @CFLAGS@ CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@ @@ -160,7 +161,6 @@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@ DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@ -DCFG_ENABLE_CET = @DCFG_ENABLE_CET@ DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@ DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@ DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@ diff --git a/libphobos/testsuite/testsuite_flags.in b/libphobos/testsuite/testsuite_flags.in index 14b67950607..6a2d79f0cd2 100755 --- a/libphobos/testsuite/testsuite_flags.in +++ b/libphobos/testsuite/testsuite_flags.in @@ -28,7 +28,7 @@ case ${query} in ;; --gdcflags) GDCFLAGS_default="-fmessage-length=0 -fno-show-column" - GDCFLAGS_config="@WARN_DFLAGS@ @GDCFLAGS@ -fno-release -funittest" + GDCFLAGS_config="@WARN_DFLAGS@ @GDCFLAGS@ @CET_DFLAGS@ -fno-release -funittest" echo ${GDCFLAGS_default} ${GDCFLAGS_config} ;; --gdcpaths) -- 2.30.2