From a73983360be62960490d6be36f83220d440a0df7 Mon Sep 17 00:00:00 2001 From: Igor Tsimbalist Date: Mon, 14 Aug 2017 18:46:17 +0300 Subject: [PATCH 21/22] Enable building libitm with Intel CET libitm/ * Makefile.in: Regenerate. * acinclude.m4: Add enable.m4 and cet.m4. * config/x86/sjlj.S (_ITM_beginTransaction): Save Shadow Stack pointer. (GTM_longjmp): Restore Shadow Stack pointer. * config/x86/target.h (struct gtm_jmpbuf): Add Shadow Stack pointer. * configure: Regenerate. * configure.ac: Set CET_FLAGS. Update XCFLAGS, libtool_VERSION. * testsuite/Makefile.in: Regenerate. * config/cet.m4: Define ENABLE_CET_COMPATIBILITY. Set enable_cet_compatibility. --- config/cet.m4 | 4 +- libitm/Makefile.in | 2 +- libitm/acinclude.m4 | 1 + libitm/config/x86/sjlj.S | 87 +++++++++++++++++++++++++++++++++++++++++++- libitm/config/x86/target.h | 8 ++++ libitm/configure | 86 ++++++++++++++++++++++++++++++++++++++++++- libitm/configure.ac | 10 +++++ libitm/testsuite/Makefile.in | 2 +- 8 files changed, 193 insertions(+), 7 deletions(-) --- config/cet.m4 | 6 ++- libitm/Makefile.in | 2 +- libitm/acinclude.m4 | 1 + libitm/config/x86/sjlj.S | 87 +++++++++++++++++++++++++++++++++++++++++++- libitm/config/x86/target.h | 8 ++++ libitm/configure | 86 ++++++++++++++++++++++++++++++++++++++++++- libitm/configure.ac | 10 +++++ libitm/testsuite/Makefile.in | 2 +- 8 files changed, 195 insertions(+), 7 deletions(-) diff --git a/config/cet.m4 b/config/cet.m4 index 20a4ac7..4133bc7 100644 --- a/config/cet.m4 +++ b/config/cet.m4 @@ -7,6 +7,7 @@ GCC_ENABLE(cet, default, ,[enable Intel CET in target libraries], permit yes|no|default) case "$target" in i[34567]86-*-linux* | x86_64-*-linux*) + enable_cet_compatibility=yes case "$enable_cet" in default) # Check if assembler supports CET. @@ -30,9 +31,12 @@ case "$target" in ;; *) enable_cet=no + enable_cet_compatibility=no ;; esac if test x$enable_cet = xyes; then - $1="-fcf-protection -mcet -include cet.h" + $1="-fcf-protection -mcet -DENABLE_CET_COMPATIBILITY -include cet.h" +elif test x$enable_cet_compatibility = xyes; then + $1="-DENABLE_CET_COMPATIBILITY" fi ]) diff --git a/libitm/Makefile.in b/libitm/Makefile.in index bd16ce0..703f279 100644 --- a/libitm/Makefile.in +++ b/libitm/Makefile.in @@ -78,7 +78,7 @@ am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \ $(top_srcdir)/../ltoptions.m4 $(top_srcdir)/../ltsugar.m4 \ $(top_srcdir)/../ltversion.m4 $(top_srcdir)/../lt~obsolete.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/../libtool.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/../config/cet.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ diff --git a/libitm/acinclude.m4 b/libitm/acinclude.m4 index c81b3e9..cd8150c 100644 --- a/libitm/acinclude.m4 +++ b/libitm/acinclude.m4 @@ -149,6 +149,7 @@ s390*) esac]) sinclude(../libtool.m4) +sinclude(../config/cet.m4) dnl The lines below arrange for aclocal not to bring an installed dnl libtool.m4 into aclocal.m4, while still arranging for automake to dnl add a definition of LIBTOOL to Makefile.in. diff --git a/libitm/config/x86/sjlj.S b/libitm/config/x86/sjlj.S index 21ca9d7..4b3aa31 100644 --- a/libitm/config/x86/sjlj.S +++ b/libitm/config/x86/sjlj.S @@ -126,10 +126,22 @@ SYM(_ITM_beginTransaction): /* Store edi for future HTM fast path retries. We use a stack slot lower than the jmpbuf so that the jmpbuf's rip field will overlap with the proper return address on the stack. */ - movl %edi, 8(%rsp) + movl %edi, (%rsp) /* Save the jmpbuf for any non-HTM-fastpath execution method. Because rsp-based addressing is 1 byte larger and we've got rax handy, use it. */ +#if defined(__SHSTK__) && defined(__CET__) + movq %rax, -72(%rax) + movq %rbx, -64(%rax) + movq %rbp, -56(%rax) + movq %r12, -48(%rax) + movq %r13, -40(%rax) + movq %r14, -32(%rax) + movq %r15, -24(%rax) + rdsspq %rdx + movq %rdx, -16(%rax) + leaq -72(%rax), %rsi +#else movq %rax, -64(%rax) movq %rbx, -56(%rax) movq %rbp, -48(%rax) @@ -138,8 +150,9 @@ SYM(_ITM_beginTransaction): movq %r14, -24(%rax) movq %r15, -16(%rax) leaq -64(%rax), %rsi +#endif call SYM(GTM_begin_transaction) - movl 8(%rsp), %edi + movl (%rsp), %edi addq $72, %rsp cfi_adjust_cfa_offset(-72) #ifdef HAVE_AS_RTM @@ -167,6 +180,10 @@ SYM(_ITM_beginTransaction): movl %esi, 16(%esp) movl %edi, 20(%esp) movl %ebp, 24(%esp) +#if defined(__SHSTK__) && defined(__CET__) + rdsspd %edx + movl %edx, 28(%esp) +#endif leal 8(%esp), %edx #if defined HAVE_ATTRIBUTE_VISIBILITY || !defined __PIC__ call SYM(GTM_begin_transaction) @@ -203,10 +220,42 @@ SYM(GTM_longjmp): movq 48(%rsi), %r15 movl %edi, %eax cfi_def_cfa(%rsi, 0) +#if defined(__SHSTK__) && defined(__CET__) + cfi_offset(%rip, 64) + cfi_register(%rsp, %rcx) + /* Check if Shadow Stack is enabled. */ + movq %rcx, %rsp + xorq %rcx, %rcx + rdsspq %rcx + testq %rcx, %rcx + je .L1 + /* Calculate # of frames to skip. */ + subq 56(%rsi), %rcx + negq %rcx + shrq $3, %rcx + incq %rcx + /* If # of frames is greater 255 then loop + and adjust. */ + cmpq $255, %rcx + jle .L3 + movl $255, %edi + .p2align 4,,10 + .p2align 3 +.L4: + incsspq %rdi + subq $255, %rcx + cmpq $255, %rcx + jg .L4 +.L3: + incsspq %rcx +.L1: + jmp *64(%rsi) +#else cfi_offset(%rip, 56) cfi_register(%rsp, %rcx) movq %rcx, %rsp jmp *56(%rsi) +#endif #else movl (%edx), %ecx movl 4(%edx), %ebx @@ -214,11 +263,45 @@ SYM(GTM_longjmp): movl 12(%edx), %edi movl 16(%edx), %ebp cfi_def_cfa(%edx, 0) +#if defined(__SHSTK__) && defined(__CET__) + cfi_offset(%eip, 24) + cfi_register(%esp, %ecx) + /* Check if Shadow Stack is enabled. */ + movl %ecx, %esp + xorl %ecx, %ecx + rdsspd %ecx + testl %ecx, %ecx + je .L1 + /* Calculate # of frames to skip. */ + subl 20(%edx), %ecx + negl %ecx + shrl $2, %ecx + incl %ecx + /* If # of frames is greater 255 then loop + and adjust. */ + cmpl $255, %ecx + jle .L3 + pushl %eax + movl $255, %eax + .p2align 4,,10 + .p2align 3 +.L4: + incsspd %eax + subl $255, %ecx + cmpl $255, %ecx + jg .L4 + popl %eax +.L3: + incsspd %ecx +.L1: + jmp *24(%edx) +#else cfi_offset(%eip, 20) cfi_register(%esp, %ecx) movl %ecx, %esp jmp *20(%edx) #endif +#endif cfi_endproc TYPE(GTM_longjmp) diff --git a/libitm/config/x86/target.h b/libitm/config/x86/target.h index 1b79dc0..6f29105 100644 --- a/libitm/config/x86/target.h +++ b/libitm/config/x86/target.h @@ -31,6 +31,8 @@ namespace GTM HIDDEN { /* ??? This doesn't work for Win64. */ typedef struct gtm_jmpbuf { +/* Insert Shadow Stack pointer before rip/eip field not to disturb the + existing offsets of other fields. */ void *cfa; #ifdef __x86_64__ unsigned long long rbx; @@ -39,12 +41,18 @@ typedef struct gtm_jmpbuf unsigned long long r13; unsigned long long r14; unsigned long long r15; +#ifdef ENABLE_CET_COMPATIBILITY + unsigned long long ssp; +#endif unsigned long long rip; #else unsigned long ebx; unsigned long esi; unsigned long edi; unsigned long ebp; +#ifdef ENABLE_CET_COMPATIBILITY + unsigned long ssp; +#endif unsigned long eip; #endif } gtm_jmpbuf; diff --git a/libitm/configure b/libitm/configure index 775f370..57de92b 100644 --- a/libitm/configure +++ b/libitm/configure @@ -777,6 +777,7 @@ enable_maintainer_mode enable_linux_futex enable_tls enable_symvers +enable_cet with_gcc_major_version_only ' ac_precious_vars='build_alias @@ -1426,6 +1427,8 @@ Optional Features: --enable-tls Use thread-local storage [default=yes] --enable-symvers=STYLE enables symbol versioning of the shared library [default=yes] + --enable-cet enable Intel CET in target libraries + [default=default] Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -11794,7 +11797,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11797 "configure" +#line 11800 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11900,7 +11903,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11903 "configure" +#line 11906 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -17236,6 +17239,7 @@ fi CFLAGS="$save_CFLAGS $XCFLAGS" # Check for __sync_val_compare_and_swap, but only after the target has + # had a chance to set XCFLAGS. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the target supports __sync_*_compare_and_swap" >&5 @@ -17586,6 +17590,84 @@ fi XCFLAGS="$XCFLAGS $XPCFLAGS" +# Add CET specific flags if CET is enabled + # Check whether --enable-cet was given. +if test "${enable_cet+set}" = set; then : + enableval=$enable_cet; + case "$enableval" in + yes|no|default) ;; + *) as_fn_error "Unknown argument to enable/disable cet" "$LINENO" 5 ;; + esac + +else + enable_cet=default +fi + + +case "$target" in + i3456786-*-linux* | x86_64-*-linux*) + enable_cet_compatibility=yes + case "$enable_cet" in + default) + # Check if assembler supports CET. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +asm ("setssbsy"); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + enable_cet=yes +else + enable_cet=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + yes) + # Check if assembler supports CET. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +asm ("setssbsy"); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + as_fn_error "assembler with CET support is required for --enable-cet" "$LINENO" 5 +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + esac + ;; + *) + enable_cet=no + enable_cet_compatibility=no + ;; +esac +if test x$enable_cet = xyes; then + CET_FLAGS="-fcf-protection -mcet -DENABLE_CET_COMPATIBILITY -include cet.h" +elif test x$enable_cet_compatibility = xyes; then + CET_FLAGS="-DENABLE_CET_COMPATIBILITY" +fi + +XCFLAGS="$XCFLAGS $CET_FLAGS" +if test "x$enable_cet_compatibility" = "xyes"; then + # Also update libtool_VERSION since the size of struct gtm_jmpbuf is + # chaned. + libtool_VERSION=2:0:0 +fi + diff --git a/libitm/configure.ac b/libitm/configure.ac index c5ecd39..c65e0f5 100644 --- a/libitm/configure.ac +++ b/libitm/configure.ac @@ -240,6 +240,7 @@ fi CFLAGS="$save_CFLAGS $XCFLAGS" # Check for __sync_val_compare_and_swap, but only after the target has + # had a chance to set XCFLAGS. LIBITM_CHECK_SYNC_BUILTINS LIBITM_CHECK_64BIT_SYNC_BUILTINS @@ -260,6 +261,15 @@ fi XCFLAGS="$XCFLAGS $XPCFLAGS" +# Add CET specific flags if CET is enabled +GCC_CET_FLAGS(CET_FLAGS) +XCFLAGS="$XCFLAGS $CET_FLAGS" +if test "x$enable_cet_compatibility" = "xyes"; then + # Also update libtool_VERSION since the size of struct gtm_jmpbuf is + # chaned. + libtool_VERSION=2:0:0 +fi + AC_SUBST(config_path) AC_SUBST(XCFLAGS) AC_SUBST(XLDFLAGS) diff --git a/libitm/testsuite/Makefile.in b/libitm/testsuite/Makefile.in index eb9e992..34dcdd2 100644 --- a/libitm/testsuite/Makefile.in +++ b/libitm/testsuite/Makefile.in @@ -70,7 +70,7 @@ am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \ $(top_srcdir)/../ltoptions.m4 $(top_srcdir)/../ltsugar.m4 \ $(top_srcdir)/../ltversion.m4 $(top_srcdir)/../lt~obsolete.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/../libtool.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/../config/cet.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/../mkinstalldirs -- 1.8.3.1