Commit 99118f50 authored by H.J. Lu's avatar H.J. Lu Committed by Niels Möller
Browse files

x86: Add ASM_X86_ENDBR and x86 CET marker to config.m4.in

Intel Control-flow Enforcement Technology (CET):

https://software.intel.com/en-us/articles/intel-sdm



contains shadow stack (SHSTK) and indirect branch tracking (IBT).  When
CET is enabled, ELF object files must be marked with .note.gnu.property
section.  Also when IBT is enabled, all indirect branch targets must
start with ENDBR instruction.

This patch adds ASM_X86_ENDBR and the x86 CET marker to config.m4.in when
CET is enabled.  It updates PROLOGUE with ASM_X86_ENDBR.

Tested on CET machine with i686 and x86-64.
Signed-off-by: default avatarH.J. Lu <hjl.tools@gmail.com>
parent 46fcc7f0
......@@ -32,7 +32,7 @@ define(<GMP_NUMB_BITS>,<>)dnl
define(<PROLOGUE>,
<.globl C_NAME($1)
DECLARE_FUNC(C_NAME($1))
C_NAME($1):>)
C_NAME($1): ASM_X86_ENDBR>)
define(<EPILOGUE>,
<ifelse(ELF_STYLE,yes,
......
......@@ -8,6 +8,9 @@ define(<ALIGN_LOG>, <@ASM_ALIGN_LOG@>)dnl
define(<W64_ABI>, <@W64_ABI@>)dnl
define(<RODATA>, <@ASM_RODATA@>)dnl
define(<WORDS_BIGENDIAN>, <@ASM_WORDS_BIGENDIAN@>)dnl
define(<ASM_X86_ENDBR>,<@ASM_X86_ENDBR@>)dnl
define(<ASM_X86_MARK_CET_ALIGN>,<@ASM_X86_MARK_CET_ALIGN@>)dnl
divert(1)
@ASM_X86_MARK_CET@
@ASM_MARK_NOEXEC_STACK@
divert
......@@ -803,6 +803,68 @@ EOF
ASM_ALIGN_LOG="$nettle_cv_asm_align_log"
fi
dnl Define
dnl 1. ASM_X86_ENDBR for endbr32/endbr64.
dnl 2. ASM_X86_MARK_CET to add a .note.gnu.property section to mark
dnl Intel CET support if needed.
dnl 3. ASM_X86_MARK_CET_ALIGN to align ASM_X86_MARK_CET.
AC_CACHE_CHECK([if Intel CET is enabled],
[nettle_cv_asm_x86_intel_cet],
[AC_TRY_COMPILE([
#ifndef __CET__
#error Intel CET is not enabled
#endif
], [],
[nettle_cv_asm_x86_intel_cet=yes],
[nettle_cv_asm_x86_intel_cet=no])])
if test "$nettle_cv_asm_x86_intel_cet" = yes; then
case $ABI in
32|standard)
ASM_X86_ENDBR=endbr32
ASM_X86_MARK_CET_ALIGN=2
;;
64)
ASM_X86_ENDBR=endbr64
ASM_X86_MARK_CET_ALIGN=3
;;
x32)
ASM_X86_ENDBR=endbr64
ASM_X86_MARK_CET_ALIGN=2
;;
esac
AC_CACHE_CHECK([if .note.gnu.property section is needed],
[nettle_cv_asm_x86_gnu_property],
[AC_TRY_COMPILE([
#if !defined __ELF__ || !defined __CET__
#error GNU property is not needed
#endif
], [],
[nettle_cv_asm_x86_gnu_property=yes],
[nettle_cv_asm_x86_gnu_property=no])])
else
nettle_cv_asm_x86_gnu_property=no
fi
if test "$nettle_cv_asm_x86_gnu_property" = yes; then
ASM_X86_MARK_CET='
.pushsection ".note.gnu.property", "a"
.p2align ASM_X86_MARK_CET_ALIGN
.long 1f - 0f
.long 4f - 1f
.long 5
0:
.asciz "GNU"
1:
.p2align ASM_X86_MARK_CET_ALIGN
.long 0xc0000002
.long 3f - 2f
2:
.long 3
3:
.p2align ASM_X86_MARK_CET_ALIGN
4:
.popsection'
fi
AC_SUBST(ASM_SYMBOL_PREFIX)
AC_SUBST(ASM_ELF_STYLE)
AC_SUBST(ASM_COFF_STYLE)
......@@ -813,6 +875,9 @@ AC_SUBST(ASM_ALIGN_LOG)
AC_SUBST(W64_ABI)
AC_SUBST(ASM_WORDS_BIGENDIAN)
AC_SUBST(EMULATOR)
AC_SUBST(ASM_X86_ENDBR)
AC_SUBST(ASM_X86_MARK_CET)
AC_SUBST(ASM_X86_MARK_CET_ALIGN)
AC_SUBST(LIBNETTLE_MAJOR)
AC_SUBST(LIBNETTLE_MINOR)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment