From 2a83369b28b279aed2d6fd110bb35ef65761677a Mon Sep 17 00:00:00 2001 From: Igor Tsimbalist Date: Tue, 7 Nov 2017 17:07:33 +0300 Subject: [PATCH 22/22] Enable building libitm with Intel CET libitm/ * Makefile.in: Regenerate. * acinclude.m4: Add enable.m4 and cet.m4. * config/x86/sjlj.S: Include cet.h. (_ITM_beginTransaction): Add _CET_ENDBR. Save Shadow Stack pointer. (GTM_longjmp): Add _CET_ENDBR. Restore Shadow Stack pointer. * config/x86/target.h (struct gtm_jmpbuf): Add new field for Shadow Stack pointer. * configure: Regenerate. * configure.ac: Set CET_FLAGS. Update XCFLAGS. * configure.ac: Update libtool_VERSION for x86. * testsuite/Makefile.in: Regenerate. --- libitm/Makefile.in | 2 +- libitm/acinclude.m4 | 1 + libitm/config/x86/sjlj.S | 67 ++++++++++++++++++++++++++++++++++++++ libitm/configure | 76 ++++++++++++++++++++++++++++++++++++++++++-- libitm/configure.ac | 4 +++ libitm/testsuite/Makefile.in | 2 +- 6 files changed, 148 insertions(+), 4 deletions(-) mode change 100644 => 100755 libitm/configure diff --git a/libitm/Makefile.in b/libitm/Makefile.in index bd16ce0..703f279 100644 --- a/libitm/Makefile.in +++ b/libitm/Makefile.in @@ -78,7 +78,7 @@ am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \ $(top_srcdir)/../ltoptions.m4 $(top_srcdir)/../ltsugar.m4 \ $(top_srcdir)/../ltversion.m4 $(top_srcdir)/../lt~obsolete.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/../libtool.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/../config/cet.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ diff --git a/libitm/acinclude.m4 b/libitm/acinclude.m4 index c81b3e9..cd8150c 100644 --- a/libitm/acinclude.m4 +++ b/libitm/acinclude.m4 @@ -149,6 +149,7 @@ s390*) esac]) sinclude(../libtool.m4) +sinclude(../config/cet.m4) dnl The lines below arrange for aclocal not to bring an installed dnl libtool.m4 into aclocal.m4, while still arranging for automake to dnl add a definition of LIBTOOL to Makefile.in. diff --git a/libitm/config/x86/sjlj.S b/libitm/config/x86/sjlj.S index 1c8597a..4f7fc37 100644 --- a/libitm/config/x86/sjlj.S +++ b/libitm/config/x86/sjlj.S @@ -25,6 +25,7 @@ #include "asmcfi.h" #include "config.h" +#include "cet.h" #define CONCAT1(a, b) CONCAT2(a, b) #define CONCAT2(a, b) a ## b @@ -73,6 +74,7 @@ SYM(_ITM_beginTransaction): cfi_startproc + _CET_ENDBR #ifdef __x86_64__ #ifdef HAVE_AS_RTM /* Custom HTM fast path. We start the HW transaction here and let @@ -138,6 +140,10 @@ SYM(_ITM_beginTransaction): movq %r14, -32(%rax) movq %r15, -24(%rax) xorq %rdx, %rdx + /* Save zero or shadow stack pointer in the new field. */ +#if defined(__SHSTK__) && defined(__CET__) + rdsspq %rdx +#endif movq %rdx, -16(%rax) leaq -72(%rax), %rsi call SYM(GTM_begin_transaction) @@ -170,6 +176,10 @@ SYM(_ITM_beginTransaction): movl %edi, 16(%esp) movl %ebp, 20(%esp) xorl %edx, %edx + /* Save zero or shadow stack pointer in the new field. */ +#if defined(__SHSTK__) && defined(__CET__) + rdsspd %edx +#endif movl %edx, 24(%eax) leal 4(%esp), %edx #if defined HAVE_ATTRIBUTE_VISIBILITY || !defined __PIC__ @@ -197,6 +207,7 @@ SYM(_ITM_beginTransaction): SYM(GTM_longjmp): cfi_startproc + _CET_ENDBR #ifdef __x86_64__ movq (%rsi), %rcx movq 8(%rsi), %rbx @@ -210,6 +221,33 @@ SYM(GTM_longjmp): cfi_offset(%rip, 64) cfi_register(%rsp, %rcx) movq %rcx, %rsp +#if defined(__SHSTK__) && defined(__CET__) + /* Check if Shadow Stack is enabled. */ + xorq %rcx, %rcx + rdsspq %rcx + testq %rcx, %rcx + je .L1 + /* Calculate number of frames to skip. */ + subq 56(%rsi), %rcx + negq %rcx + shrq $3, %rcx + incq %rcx + /* If # of frames is greater 255 then loop + and adjust. */ + cmpq $255, %rcx + jle .L3 + movl $255, %edi + .p2align 4,,10 + .p2align 3 +.L4: + incsspq %rdi + subq $255, %rcx + cmpq $255, %rcx + jg .L4 +.L3: + incsspq %rcx +.L1: +#endif jmp *64(%rsi) #else movl (%edx), %ecx @@ -221,6 +259,35 @@ SYM(GTM_longjmp): cfi_offset(%eip, 24) cfi_register(%esp, %ecx) movl %ecx, %esp +#if defined(__SHSTK__) && defined(__CET__) + /* Check if Shadow Stack is enabled. */ + xorl %ecx, %ecx + rdsspd %ecx + testl %ecx, %ecx + je .L1 + /* Calculate # of frames to skip. */ + subl 20(%edx), %ecx + negl %ecx + shrl $2, %ecx + incl %ecx + /* If # of frames is greater 255 then loop + and adjust. */ + cmpl $255, %ecx + jle .L3 + pushl %eax + movl $255, %eax + .p2align 4,,10 + .p2align 3 +.L4: + incsspd %eax + subl $255, %ecx + cmpl $255, %ecx + jg .L4 + popl %eax +.L3: + incsspd %ecx +.L1: +#endif jmp *24(%edx) #endif cfi_endproc diff --git a/libitm/configure b/libitm/configure old mode 100644 new mode 100755 index 775f370..d061c8c --- a/libitm/configure +++ b/libitm/configure @@ -777,6 +777,7 @@ enable_maintainer_mode enable_linux_futex enable_tls enable_symvers +enable_cet with_gcc_major_version_only ' ac_precious_vars='build_alias @@ -1426,6 +1427,8 @@ Optional Features: --enable-tls Use thread-local storage [default=yes] --enable-symvers=STYLE enables symbol versioning of the shared library [default=yes] + --enable-cet enable Intel CET in target libraries + [default=default] Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -11794,7 +11797,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11797 "configure" +#line 11800 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11900,7 +11903,7 @@ else lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 11903 "configure" +#line 11906 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -17586,6 +17589,75 @@ fi XCFLAGS="$XCFLAGS $XPCFLAGS" +# Add CET specific flags if CET is enabled + # Check whether --enable-cet was given. +if test "${enable_cet+set}" = set; then : + enableval=$enable_cet; + case "$enableval" in + yes|no|default) ;; + *) as_fn_error "Unknown argument to enable/disable cet" "$LINENO" 5 ;; + esac + +else + enable_cet=default +fi + + +case "$host" in + i[34567]86-*-linux* | x86_64-*-linux*) + case "$enable_cet" in + default) + # Check if assembler supports CET. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +asm ("setssbsy"); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + enable_cet=yes +else + enable_cet=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + yes) + # Check if assembler supports CET. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +asm ("setssbsy"); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + as_fn_error "assembler with CET support is required for --enable-cet" "$LINENO" 5 +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + esac + ;; + *) + enable_cet=no + ;; +esac +if test x$enable_cet = xyes; then + CET_FLAGS="-fcf-protection -mcet" +fi + +XCFLAGS="$XCFLAGS $CET_FLAGS" + diff --git a/libitm/configure.ac b/libitm/configure.ac index c5ecd39..ad77fca 100644 --- a/libitm/configure.ac +++ b/libitm/configure.ac @@ -260,6 +260,10 @@ fi XCFLAGS="$XCFLAGS $XPCFLAGS" +# Add CET specific flags if CET is enabled +GCC_CET_FLAGS(CET_FLAGS) +XCFLAGS="$XCFLAGS $CET_FLAGS" + AC_SUBST(config_path) AC_SUBST(XCFLAGS) AC_SUBST(XLDFLAGS) diff --git a/libitm/testsuite/Makefile.in b/libitm/testsuite/Makefile.in index eb9e992..34dcdd2 100644 --- a/libitm/testsuite/Makefile.in +++ b/libitm/testsuite/Makefile.in @@ -70,7 +70,7 @@ am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \ $(top_srcdir)/../ltoptions.m4 $(top_srcdir)/../ltsugar.m4 \ $(top_srcdir)/../ltversion.m4 $(top_srcdir)/../lt~obsolete.m4 \ $(top_srcdir)/acinclude.m4 $(top_srcdir)/../libtool.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/../config/cet.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(SHELL) $(top_srcdir)/../mkinstalldirs -- 1.8.3.1