The branch master has been updated
via 51994e505dbb1cd0dd76869ec962e2948b77b585 (commit)
from 0618b62ca2a9c5fb7bf8421deabaee240c709040 (commit)
- Log -----------------------------------------------------------------
commit 51994e505dbb1cd0dd76869ec962e2948b77b585
Author: H.J. Lu <[email protected]>
Date: Fri Jan 31 09:13:27 2020 -0800
x86_64: Always generate .note.gnu.property section for ELF outputs
We should always generate .note.gnu.property section in x86_64 assembly
codes for ELF outputs to mark Intel CET support since all input files
must be marked with Intel CET support in order for linker to mark output
with Intel CET support. Also .note.gnu.property section in x32 should
be aligned to 4 bytes, not 8 bytes and .p2align should be used
consistently.
Verified with
$ CC="gcc -Wl,-z,cet-report=error" ./Configure shared linux-x86_64
-fcf-protection
$ make
$ make test
and
$ CC="gcc -mx32 -Wl,-z,cet-report=error" ./Configure shared linux-x32
-fcf-protection
$ make
$ make test # <<< 90-test_sslapi.t failed because 8-byte pointer size.
Fix #10896
Reviewed-by: Richard Levitte <[email protected]>
Reviewed-by: Paul Dale <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/10985)
-----------------------------------------------------------------------
Summary of changes:
crypto/perlasm/x86_64-xlate.pl | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index e5644014ab..7a282109ef 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -101,24 +101,33 @@ elsif (!$gas)
$decor="\$L\$";
}
-my $cet_property = <<'_____';
+my $cet_property;
+if ($flavour =~ /elf/) {
+ # Always generate .note.gnu.property section for ELF outputs to
+ # mark Intel CET support since all input files must be marked
+ # with Intel CET support in order for linker to mark output with
+ # Intel CET support.
+ my $p2align=3; $p2align=2 if ($flavour eq "elf32");
+ $cet_property = <<_____;
.section ".note.gnu.property", "a"
- .align 8
+ .p2align $p2align
.long 1f - 0f
.long 4f - 1f
.long 5
0:
.asciz "GNU"
1:
- .align 8
+ .p2align $p2align
.long 0xc0000002
.long 3f - 2f
2:
.long 3
3:
- .p2align 3
+ .p2align $p2align
4:
_____
+}
+
my $current_segment;
my $current_function;
my %globals;
@@ -1145,9 +1154,7 @@ my $vprotq = sub {
# Intel Control-flow Enforcement Technology extension. All functions and
# indirect branch targets will have to start with this instruction...
-my $used_cet = 0;
my $endbranch = sub {
- $used_cet = 1;
(0xf3,0x0f,0x1e,0xfa);
};
@@ -1233,7 +1240,7 @@ while(defined(my $line=<>)) {
print $line,"\n";
}
-print "$cet_property" if ($gas && $used_cet);
+print "$cet_property" if ($cet_property);
print "\n$current_segment\tENDS\n" if ($current_segment && $masm);
print "END\n" if ($masm);
