Message ID | c6ec76c5fbd776e0427558a245b462a342ea4734.1593612309.git.szabolcs.nagy@arm.com |
---|---|
State | Committed |
Commit | 1b0a4f58f5b10cf6d5ad10ee8d81772c5bd29248 |
Headers |
Return-Path: <libc-alpha-bounces@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 005A83861039; Wed, 1 Jul 2020 14:38:23 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2075.outbound.protection.outlook.com [40.107.22.75]) by sourceware.org (Postfix) with ESMTPS id 0B43A3857007 for <libc-alpha@sourceware.org>; Wed, 1 Jul 2020 14:38:19 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 0B43A3857007 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=Szabolcs.Nagy@arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fEi7LUYSbc6kJcZwWclKwetJ3pn75Ey8g9x1dXZ8Ak8=; b=zm717xkNZEGVht3c/0w0oFpgmHdr264YOJrJTWdU+yLD0bZS86Gfinh/dEUKA21SMhvi5OEQwzvBf/oSLGUFzwd08/H+fN+WeKcbvuPIIGS5N2dIKsW4ilqtd/ei8TWDWgh53RWwOJXzBALuWjDMbO/LaNURMEOwd/DOV/gfDyY= Received: from MRXP264CA0012.FRAP264.PROD.OUTLOOK.COM (2603:10a6:500:15::24) by DB6PR08MB2933.eurprd08.prod.outlook.com (2603:10a6:6:1c::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.20; Wed, 1 Jul 2020 14:38:16 +0000 Received: from VE1EUR03FT036.eop-EUR03.prod.protection.outlook.com (2603:10a6:500:15:cafe::2a) by MRXP264CA0012.outlook.office365.com (2603:10a6:500:15::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.21 via Frontend Transport; Wed, 1 Jul 2020 14:38:16 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; sourceware.org; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VE1EUR03FT036.mail.protection.outlook.com (10.152.19.204) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3131.20 via Frontend Transport; Wed, 1 Jul 2020 14:38:16 +0000 Received: ("Tessian outbound a4b10e5b482d:v62"); Wed, 01 Jul 2020 14:38:16 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: bd49524cc8a65216 X-CR-MTA-TID: 64aa7808 Received: from 2fd2c6a51830.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id B52F4F6B-835D-4C95-923E-FBDDC0D80FE9.1; Wed, 01 Jul 2020 14:38:10 +0000 Received: from EUR03-DB5-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 2fd2c6a51830.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Wed, 01 Jul 2020 14:38:10 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=INWmCuGGfhTIF2BfTKc9bRX3pJEi02Wfz6aN+SUI+lBFJ9Po5w36RiQXVXQCrX/RpUVl92TLhAQ1L/iaUerAIc7ak/XMWxQlU6bh1TNX7wbtDZXUgokcYsXYmHdoUg/5SumwgGs11stA1Ju2iNYLqEpCN/RjrlPr3KYuC2e3TIYRNB6B4VfHxxsKzG7Ns6gOrGeQvBsVaC2tfirTTY4NZmPYmBtDyrJidmY19b18DkeyJdZ7LJzNBhjhAXcLwmfM9U1H5lI8jlrEa2ntcFFfaDuB6EfyK/nOPbtE8ndoSMvRf2WWDX74rBuuKlutXVJYXaBu1Phkn+auB8BNrvLi6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fEi7LUYSbc6kJcZwWclKwetJ3pn75Ey8g9x1dXZ8Ak8=; b=RYCw+L+mxpJbWhIxpv+FYyyqxzwakpO/dlJI7HhZI9H8bbxNZpcOF0+eqltMhs2uJuYfMfo9/2THz67MXKF6MnEMGnRuKBKZXusi1DaWSvJDkZi+spyjRLweEC5dfmDiNok5X+hhWdhG/IE3oVX9omVf/Fk7dPiYfqrsp6RdboGWi7Dh+noZLXcGCk0A1SfJTAlKg1sa+RgeHsk54JNjH2W6qKNUtfMh1cj0K6LxxcnLJtnfu/DgbWPWOTTp2CXiHI1kCd6N1a8d7GfftZNGCDea4+Ldh/IqsLKdTKQxwQLc6zkjQwfgcSaFdf+OCOYeGgBfDSbGQfYnXWWpyeM67g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fEi7LUYSbc6kJcZwWclKwetJ3pn75Ey8g9x1dXZ8Ak8=; b=zm717xkNZEGVht3c/0w0oFpgmHdr264YOJrJTWdU+yLD0bZS86Gfinh/dEUKA21SMhvi5OEQwzvBf/oSLGUFzwd08/H+fN+WeKcbvuPIIGS5N2dIKsW4ilqtd/ei8TWDWgh53RWwOJXzBALuWjDMbO/LaNURMEOwd/DOV/gfDyY= Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) by AM6PR08MB3813.eurprd08.prod.outlook.com (2603:10a6:20b:85::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.22; Wed, 1 Jul 2020 14:38:09 +0000 Received: from AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::2404:de9f:78c0:313c]) by AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::2404:de9f:78c0:313c%6]) with mapi id 15.20.3131.033; Wed, 1 Jul 2020 14:38:09 +0000 From: Szabolcs Nagy <szabolcs.nagy@arm.com> To: libc-alpha@sourceware.org Subject: [PATCH v6 02/14] aarch64: configure test for BTI support Date: Wed, 1 Jul 2020 15:38:03 +0100 Message-Id: <c6ec76c5fbd776e0427558a245b462a342ea4734.1593612309.git.szabolcs.nagy@arm.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <cover.1593612309.git.szabolcs.nagy@arm.com> References: <cover.1593612309.git.szabolcs.nagy@arm.com> Content-Type: text/plain X-ClientProxiedBy: CWLP265CA0370.GBRP265.PROD.OUTLOOK.COM (2603:10a6:401:5e::22) To AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (217.140.106.53) by CWLP265CA0370.GBRP265.PROD.OUTLOOK.COM (2603:10a6:401:5e::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3153.22 via Frontend Transport; Wed, 1 Jul 2020 14:38:09 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [217.140.106.53] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 198890b7-bb12-4503-e8a8-08d81dcc6407 X-MS-TrafficTypeDiagnostic: AM6PR08MB3813:|DB6PR08MB2933: X-Microsoft-Antispam-PRVS: <DB6PR08MB2933F2E7F2C2BED1C1E5EC88ED6C0@DB6PR08MB2933.eurprd08.prod.outlook.com> x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:8273;OLM:8273; X-Forefront-PRVS: 04519BA941 X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: bqMLS8Zo+4cdWA4CzOBhtnSzRscbpWnt8eeiO/6Lj0L/stC9TdssrbORWLHHgQKLkLw+NMHqAcuVmkbA1jCe30Nt12GgHhVwJBQ3KWcJZPHe/w4dWAbTmd/IyrsVrA6eJqFE8EflKx499e57GzlyfZgo+YohZJPU4GqpaSwjeU9zV7cV+6uePDBRvmNn7EyRarqiF3EdGwTTP+PvM5wPicVUn08qPnpgGHI1m4fuR+4ulZNdAww3uilrusrIm7F3y09urp2gDMfp0NQ/P17FrDq84bjBZRgndVmzU70VwgxfcAqUsS6gSeNZmPkeKEZikA7d9LkmUtatMUe2yHWiaS7G1Yq2DuLY2ROJGPJQBAciunwcmJoIRH2nRhY4DZBwH+h7ygewQRqkwBglbuAtE8X7KuWTSzVAEtkgEFyCTn8= X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3047.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(136003)(39860400002)(376002)(346002)(366004)(5660300002)(956004)(6512007)(8936002)(69590400007)(66946007)(66556008)(66476007)(6506007)(52116002)(44832011)(478600001)(316002)(6916009)(86362001)(6666004)(26005)(8676002)(2616005)(6486002)(16526019)(186003)(36756003)(2906002)(136400200001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData: Mva+LVomcNDVsb+GcCzLDo1CSS7jqpo4fd/ofglq7XURC0zhg/EfVcKpjT1iiBUG7k/p+jDDrtolVVdSXtUIHKhsw7F0QdYKtOUv1HydPnl1WcZeVqWIgffRfrhavIOQ1bVgmo1t3AIdSTvceaUdW99QozF2Ng1kaphML1YV0Ri52uVIKHm7+ELnityZQtbmglkK9p223SAVSVdQwppSwT6L9x/x/NIeNNVM1P4g7sbii7AgruExEeTDSf8GTIm6xxHl+C7uSKSHLqQtCsl4cASmHDGmbTWtUyX2lnX9k8uVJh+UXPA4onGzfbK2LHQNHpsCZxfMmQdHzTYIELV5f3IweWxjUECida3D2yxbZAXo8Be63+vUk9aYo1qvyOS9gKpngXQT1p75oEqT2N6Auq+uA9SVP4qh0ncG+QYIf/r/Bo+pIR4P8mQgNnywavj4BYd2Sw0bDa6Dch9ryZU1aA8lAnObW/A938IEoGCqO7utboq/aWiIj9cDv9qkErrS X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB3813 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: VE1EUR03FT036.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(376002)(39860400002)(396003)(346002)(136003)(46966005)(6916009)(36906005)(2906002)(6486002)(16526019)(8936002)(69590400007)(8676002)(186003)(336012)(478600001)(70206006)(6666004)(70586007)(44832011)(316002)(6506007)(956004)(356005)(86362001)(36756003)(47076004)(82740400003)(2616005)(5660300002)(6512007)(81166007)(26005)(82310400002)(136400200001); DIR:OUT; SFP:1101; X-MS-Office365-Filtering-Correlation-Id-Prvs: ccec68f0-12dd-4587-37e4-08d81dcc5fec X-Forefront-PRVS: 04519BA941 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: bVXS0iY0x1C3aAQXBJZUK4NfQiYia4rdr+AXsrRMe8s66bjBYRBoGO6D3/bdjadSS47s64iWy+Vle0fVqxJAM88DHE64c5Mdsx3cwe8cZbNUhj9UmA6WgrOci9Y3gYEx1C4pUdGqwnud4DqoOrinpa5rURjDOtYfO6D1jVDSyIVaUacRpUfpOK5XCwj1NzkqxeDTMu3m4jFERvmW3VYbAJwZ9eWRYDZxDyTsOX7DoV+fOd4HlIXhMfiSs9QnLs/0XAptVUTFncRDkKr5R+LjCtanFOVpJieMCQNUkzfUEBh+IkiJo5BcPtK9VeZWsXUCsyuac50ihkkFKgEqxitmNfVk2R0MwziDYeXHTR8word9Gn92hf+Y7ZX+CVRuuZAXcf/wWLs1B93uLsysIDbu2uQuIHcfadO3k9zp6Hg0/9eF1Zmi8UF6BZ4Mlji8GnIV3v4IVZnUnlV+Q7KVmYpk6A== X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Jul 2020 14:38:16.0575 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 198890b7-bb12-4503-e8a8-08d81dcc6407 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: VE1EUR03FT036.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR08MB2933 X-Spam-Status: No, score=-16.3 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <http://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <http://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces@sourceware.org> |
Series |
aarch64: branch protection support
|
|
Commit Message
Szabolcs Nagy
July 1, 2020, 2:38 p.m. UTC
Check BTI support in the compiler and linker. The check also requires READELF that understands the BTI GNU property note. It is expected to succeed with gcc >=gcc-9 configured with --enable-standard-branch-protection and binutils >=binutils-2.33. Note: passing -mbranch-protection=bti in CFLAGS when building glibc may not be enough to get a glibc that supports BTI because crtbegin* and crtend* provided by the compiler needs to be BTI compatible too. --- config.h.in | 3 +++ sysdeps/aarch64/configure | 42 ++++++++++++++++++++++++++++++++++++ sysdeps/aarch64/configure.ac | 19 ++++++++++++++++ 3 files changed, 64 insertions(+)
Comments
On 01/07/2020 11:38, Szabolcs Nagy wrote: > Check BTI support in the compiler and linker. The check also > requires READELF that understands the BTI GNU property note. > It is expected to succeed with gcc >=gcc-9 configured with > --enable-standard-branch-protection and binutils >=binutils-2.33. > > Note: passing -mbranch-protection=bti in CFLAGS when building glibc > may not be enough to get a glibc that supports BTI because crtbegin* > and crtend* provided by the compiler needs to be BTI compatible too. If I read correctly this scenario should be covered by the configure test, right? LGTM, thanks. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> > --- > config.h.in | 3 +++ > sysdeps/aarch64/configure | 42 ++++++++++++++++++++++++++++++++++++ > sysdeps/aarch64/configure.ac | 19 ++++++++++++++++ > 3 files changed, 64 insertions(+) > > diff --git a/config.h.in b/config.h.in > index 831eca2fe1..67169e5d01 100644 > --- a/config.h.in > +++ b/config.h.in > @@ -109,6 +109,9 @@ > /* AArch64 big endian ABI */ > #undef HAVE_AARCH64_BE > > +/* AArch64 BTI support enabled. */ > +#define HAVE_AARCH64_BTI 0 > + > /* C-SKY ABI version. */ > #undef CSKYABI > Ok. > diff --git a/sysdeps/aarch64/configure b/sysdeps/aarch64/configure > index 5bd355a691..70477a7fa5 100644 > --- a/sysdeps/aarch64/configure > +++ b/sysdeps/aarch64/configure > @@ -172,3 +172,45 @@ else > config_vars="$config_vars > default-abi = lp64" > fi > + > +# Only consider BTI supported if -mbranch-protection=bti is > +# on by default in the compiler and the linker produces > +# binaries with GNU property notes in PT_GNU_PROPERTY segment. > +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BTI support" >&5 > +$as_echo_n "checking for BTI support... " >&6; } > +if ${libc_cv_aarch64_bti+:} false; then : > + $as_echo_n "(cached) " >&6 > +else > + cat > conftest.c <<EOF > +void foo (void) { } > +EOF > + libc_cv_aarch64_bti=no > + if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -nostdlib -nostartfiles $no_ssp -shared -fPIC -o conftest.so conftest.c' > + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 > + (eval $ac_try) 2>&5 > + ac_status=$? > + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 > + test $ac_status = 0; }; } \ > + && { ac_try='$READELF -lW conftest.so | grep -q GNU_PROPERTY' > + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 > + (eval $ac_try) 2>&5 > + ac_status=$? > + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 > + test $ac_status = 0; }; } \ > + && { ac_try='$READELF -nW conftest.so | grep -q "NT_GNU_PROPERTY_TYPE_0.*AArch64 feature:.* BTI"' > + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 > + (eval $ac_try) 2>&5 > + ac_status=$? > + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 > + test $ac_status = 0; }; } > + then > + libc_cv_aarch64_bti=yes > + fi > + rm -rf conftest.* > +fi > +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_aarch64_bti" >&5 > +$as_echo "$libc_cv_aarch64_bti" >&6; } > +if test $libc_cv_aarch64_bti = yes; then > + $as_echo "#define HAVE_AARCH64_BTI 1" >>confdefs.h > + > +fi > diff --git a/sysdeps/aarch64/configure.ac b/sysdeps/aarch64/configure.ac > index 7851dd4dac..798f494740 100644 > --- a/sysdeps/aarch64/configure.ac > +++ b/sysdeps/aarch64/configure.ac > @@ -20,3 +20,22 @@ if test $libc_cv_aarch64_be = yes; then > else > LIBC_CONFIG_VAR([default-abi], [lp64]) > fi > + > +# Only consider BTI supported if -mbranch-protection=bti is > +# on by default in the compiler and the linker produces > +# binaries with GNU property notes in PT_GNU_PROPERTY segment. > +AC_CACHE_CHECK([for BTI support], [libc_cv_aarch64_bti], [dnl > + cat > conftest.c <<EOF > +void foo (void) { } > +EOF > + libc_cv_aarch64_bti=no > + if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -nostdlib -nostartfiles $no_ssp -shared -fPIC -o conftest.so conftest.c]) \ > + && AC_TRY_COMMAND([$READELF -lW conftest.so | grep -q GNU_PROPERTY]) \ > + && AC_TRY_COMMAND([$READELF -nW conftest.so | grep -q "NT_GNU_PROPERTY_TYPE_0.*AArch64 feature:.* BTI"]) > + then > + libc_cv_aarch64_bti=yes > + fi > + rm -rf conftest.*]) > +if test $libc_cv_aarch64_bti = yes; then > + AC_DEFINE(HAVE_AARCH64_BTI) > +fi > Ok.
The 07/06/2020 11:11, Adhemerval Zanella via Libc-alpha wrote: > > > On 01/07/2020 11:38, Szabolcs Nagy wrote: > > Check BTI support in the compiler and linker. The check also > > requires READELF that understands the BTI GNU property note. > > It is expected to succeed with gcc >=gcc-9 configured with > > --enable-standard-branch-protection and binutils >=binutils-2.33. > > > > Note: passing -mbranch-protection=bti in CFLAGS when building glibc > > may not be enough to get a glibc that supports BTI because crtbegin* > > and crtend* provided by the compiler needs to be BTI compatible too. > > If I read correctly this scenario should be covered by the configure > test, right? it is not covered because the config checks use -nostdlib and -nostartfiles (otherwise objects from the libc that the toolchain uses would leak into the checks). so if gcc startfiles are not bti compatible then configure succeeds (but later on there will be link failures so the build fails). > > LGTM, thanks. > > Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> > > > --- > > config.h.in | 3 +++ > > sysdeps/aarch64/configure | 42 ++++++++++++++++++++++++++++++++++++ > > sysdeps/aarch64/configure.ac | 19 ++++++++++++++++ > > 3 files changed, 64 insertions(+) > > > > diff --git a/config.h.in b/config.h.in > > index 831eca2fe1..67169e5d01 100644 > > --- a/config.h.in > > +++ b/config.h.in > > @@ -109,6 +109,9 @@ > > /* AArch64 big endian ABI */ > > #undef HAVE_AARCH64_BE > > > > +/* AArch64 BTI support enabled. */ > > +#define HAVE_AARCH64_BTI 0 > > + > > /* C-SKY ABI version. */ > > #undef CSKYABI > > > > Ok. > > > diff --git a/sysdeps/aarch64/configure b/sysdeps/aarch64/configure > > index 5bd355a691..70477a7fa5 100644 > > --- a/sysdeps/aarch64/configure > > +++ b/sysdeps/aarch64/configure > > @@ -172,3 +172,45 @@ else > > config_vars="$config_vars > > default-abi = lp64" > > fi > > + > > +# Only consider BTI supported if -mbranch-protection=bti is > > +# on by default in the compiler and the linker produces > > +# binaries with GNU property notes in PT_GNU_PROPERTY segment. > > +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BTI support" >&5 > > +$as_echo_n "checking for BTI support... " >&6; } > > +if ${libc_cv_aarch64_bti+:} false; then : > > + $as_echo_n "(cached) " >&6 > > +else > > + cat > conftest.c <<EOF > > +void foo (void) { } > > +EOF > > + libc_cv_aarch64_bti=no > > + if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -nostdlib -nostartfiles $no_ssp -shared -fPIC -o conftest.so conftest.c' > > + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 > > + (eval $ac_try) 2>&5 > > + ac_status=$? > > + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 > > + test $ac_status = 0; }; } \ > > + && { ac_try='$READELF -lW conftest.so | grep -q GNU_PROPERTY' > > + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 > > + (eval $ac_try) 2>&5 > > + ac_status=$? > > + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 > > + test $ac_status = 0; }; } \ > > + && { ac_try='$READELF -nW conftest.so | grep -q "NT_GNU_PROPERTY_TYPE_0.*AArch64 feature:.* BTI"' > > + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 > > + (eval $ac_try) 2>&5 > > + ac_status=$? > > + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 > > + test $ac_status = 0; }; } > > + then > > + libc_cv_aarch64_bti=yes > > + fi > > + rm -rf conftest.* > > +fi > > +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_aarch64_bti" >&5 > > +$as_echo "$libc_cv_aarch64_bti" >&6; } > > +if test $libc_cv_aarch64_bti = yes; then > > + $as_echo "#define HAVE_AARCH64_BTI 1" >>confdefs.h > > + > > +fi > > diff --git a/sysdeps/aarch64/configure.ac b/sysdeps/aarch64/configure.ac > > index 7851dd4dac..798f494740 100644 > > --- a/sysdeps/aarch64/configure.ac > > +++ b/sysdeps/aarch64/configure.ac > > @@ -20,3 +20,22 @@ if test $libc_cv_aarch64_be = yes; then > > else > > LIBC_CONFIG_VAR([default-abi], [lp64]) > > fi > > + > > +# Only consider BTI supported if -mbranch-protection=bti is > > +# on by default in the compiler and the linker produces > > +# binaries with GNU property notes in PT_GNU_PROPERTY segment. > > +AC_CACHE_CHECK([for BTI support], [libc_cv_aarch64_bti], [dnl > > + cat > conftest.c <<EOF > > +void foo (void) { } > > +EOF > > + libc_cv_aarch64_bti=no > > + if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -nostdlib -nostartfiles $no_ssp -shared -fPIC -o conftest.so conftest.c]) \ > > + && AC_TRY_COMMAND([$READELF -lW conftest.so | grep -q GNU_PROPERTY]) \ > > + && AC_TRY_COMMAND([$READELF -nW conftest.so | grep -q "NT_GNU_PROPERTY_TYPE_0.*AArch64 feature:.* BTI"]) > > + then > > + libc_cv_aarch64_bti=yes > > + fi > > + rm -rf conftest.*]) > > +if test $libc_cv_aarch64_bti = yes; then > > + AC_DEFINE(HAVE_AARCH64_BTI) > > +fi > > > > Ok. --
On 06/07/2020 15:07, Szabolcs Nagy wrote: > The 07/06/2020 11:11, Adhemerval Zanella via Libc-alpha wrote: >> >> >> On 01/07/2020 11:38, Szabolcs Nagy wrote: >>> Check BTI support in the compiler and linker. The check also >>> requires READELF that understands the BTI GNU property note. >>> It is expected to succeed with gcc >=gcc-9 configured with >>> --enable-standard-branch-protection and binutils >=binutils-2.33. >>> >>> Note: passing -mbranch-protection=bti in CFLAGS when building glibc >>> may not be enough to get a glibc that supports BTI because crtbegin* >>> and crtend* provided by the compiler needs to be BTI compatible too. >> >> If I read correctly this scenario should be covered by the configure >> test, right? > > it is not covered because the config checks use -nostdlib > and -nostartfiles (otherwise objects from the libc that > the toolchain uses would leak into the checks). > > so if gcc startfiles are not bti compatible then configure > succeeds (but later on there will be link failures so the > build fails). Right, would be hard to try to fail early on configure for this case?
The 07/06/2020 15:12, Adhemerval Zanella wrote: > > > On 06/07/2020 15:07, Szabolcs Nagy wrote: > > The 07/06/2020 11:11, Adhemerval Zanella via Libc-alpha wrote: > >> > >> > >> On 01/07/2020 11:38, Szabolcs Nagy wrote: > >>> Check BTI support in the compiler and linker. The check also > >>> requires READELF that understands the BTI GNU property note. > >>> It is expected to succeed with gcc >=gcc-9 configured with > >>> --enable-standard-branch-protection and binutils >=binutils-2.33. > >>> > >>> Note: passing -mbranch-protection=bti in CFLAGS when building glibc > >>> may not be enough to get a glibc that supports BTI because crtbegin* > >>> and crtend* provided by the compiler needs to be BTI compatible too. > >> > >> If I read correctly this scenario should be covered by the configure > >> test, right? > > > > it is not covered because the config checks use -nostdlib > > and -nostartfiles (otherwise objects from the libc that > > the toolchain uses would leak into the checks). > > > > so if gcc startfiles are not bti compatible then configure > > succeeds (but later on there will be link failures so the > > build fails). > > Right, would be hard to try to fail early on configure for this > case? i don't know how to reliably link with gcc start files but not with libc start files. explicit link wiht crtbeginS.o may not be right, the exact name depends on the compiler driver. so i would have to provide dummy libc start files to be able to do the check, but that can go bad in many ways so the check may not be reliable.
On Tue, Jul 7, 2020 at 7:27 AM Szabolcs Nagy <szabolcs.nagy@arm.com> wrote: > > The 07/06/2020 15:12, Adhemerval Zanella wrote: > > > > > > On 06/07/2020 15:07, Szabolcs Nagy wrote: > > > The 07/06/2020 11:11, Adhemerval Zanella via Libc-alpha wrote: > > >> > > >> > > >> On 01/07/2020 11:38, Szabolcs Nagy wrote: > > >>> Check BTI support in the compiler and linker. The check also > > >>> requires READELF that understands the BTI GNU property note. > > >>> It is expected to succeed with gcc >=gcc-9 configured with > > >>> --enable-standard-branch-protection and binutils >=binutils-2.33. > > >>> > > >>> Note: passing -mbranch-protection=bti in CFLAGS when building glibc > > >>> may not be enough to get a glibc that supports BTI because crtbegin* > > >>> and crtend* provided by the compiler needs to be BTI compatible too. > > >> > > >> If I read correctly this scenario should be covered by the configure > > >> test, right? > > > > > > it is not covered because the config checks use -nostdlib > > > and -nostartfiles (otherwise objects from the libc that > > > the toolchain uses would leak into the checks). > > > > > > so if gcc startfiles are not bti compatible then configure > > > succeeds (but later on there will be link failures so the > > > build fails). > > > > Right, would be hard to try to fail early on configure for this > > case? > > i don't know how to reliably link with gcc start files > but not with libc start files. > > explicit link wiht crtbeginS.o may not be right, the > exact name depends on the compiler driver. > > so i would have to provide dummy libc start files to be > able to do the check, but that can go bad in many ways > so the check may not be reliable. For CET, I added --enable-cet to enable CET in GCC run-time, including crtbeginS.o, ... Since CET enabled run-time is backward compatible, it is safe to do so. In fact, --enable-cet is the default starting from GCC 10.
The 07/07/2020 07:39, H.J. Lu wrote: > On Tue, Jul 7, 2020 at 7:27 AM Szabolcs Nagy <szabolcs.nagy@arm.com> wrote: > > i don't know how to reliably link with gcc start files > > but not with libc start files. > > > > explicit link wiht crtbeginS.o may not be right, the > > exact name depends on the compiler driver. > > > > so i would have to provide dummy libc start files to be > > able to do the check, but that can go bad in many ways > > so the check may not be reliable. > > For CET, I added --enable-cet to enable CET in GCC run-time, > including crtbeginS.o, ... Since CET enabled run-time is backward > compatible, it is safe to do so. In fact, --enable-cet is the default > starting from GCC 10. makes sense. on aarch64, bti needs a recent binutils otherwise there are ugly linker warnings for the unknown gnu properties so i don't think it's a good idea to turn it on by default just yet.
On Tue, Jul 7, 2020 at 9:59 AM Szabolcs Nagy <szabolcs.nagy@arm.com> wrote: > > The 07/07/2020 07:39, H.J. Lu wrote: > > On Tue, Jul 7, 2020 at 7:27 AM Szabolcs Nagy <szabolcs.nagy@arm.com> wrote: > > > i don't know how to reliably link with gcc start files > > > but not with libc start files. > > > > > > explicit link wiht crtbeginS.o may not be right, the > > > exact name depends on the compiler driver. > > > > > > so i would have to provide dummy libc start files to be > > > able to do the check, but that can go bad in many ways > > > so the check may not be reliable. > > > > For CET, I added --enable-cet to enable CET in GCC run-time, > > including crtbeginS.o, ... Since CET enabled run-time is backward > > compatible, it is safe to do so. In fact, --enable-cet is the default > > starting from GCC 10. > > makes sense. > > on aarch64, bti needs a recent binutils otherwise > there are ugly linker warnings for the unknown gnu > properties so i don't think it's a good idea to > turn it on by default just yet. config/cet.m4 has --enable-cet=auto. CET is enabled only if binutuls supports CET.
diff --git a/config.h.in b/config.h.in index 831eca2fe1..67169e5d01 100644 --- a/config.h.in +++ b/config.h.in @@ -109,6 +109,9 @@ /* AArch64 big endian ABI */ #undef HAVE_AARCH64_BE +/* AArch64 BTI support enabled. */ +#define HAVE_AARCH64_BTI 0 + /* C-SKY ABI version. */ #undef CSKYABI diff --git a/sysdeps/aarch64/configure b/sysdeps/aarch64/configure index 5bd355a691..70477a7fa5 100644 --- a/sysdeps/aarch64/configure +++ b/sysdeps/aarch64/configure @@ -172,3 +172,45 @@ else config_vars="$config_vars default-abi = lp64" fi + +# Only consider BTI supported if -mbranch-protection=bti is +# on by default in the compiler and the linker produces +# binaries with GNU property notes in PT_GNU_PROPERTY segment. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BTI support" >&5 +$as_echo_n "checking for BTI support... " >&6; } +if ${libc_cv_aarch64_bti+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat > conftest.c <<EOF +void foo (void) { } +EOF + libc_cv_aarch64_bti=no + if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -nostdlib -nostartfiles $no_ssp -shared -fPIC -o conftest.so conftest.c' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 + (eval $ac_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } \ + && { ac_try='$READELF -lW conftest.so | grep -q GNU_PROPERTY' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 + (eval $ac_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } \ + && { ac_try='$READELF -nW conftest.so | grep -q "NT_GNU_PROPERTY_TYPE_0.*AArch64 feature:.* BTI"' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 + (eval $ac_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } + then + libc_cv_aarch64_bti=yes + fi + rm -rf conftest.* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_aarch64_bti" >&5 +$as_echo "$libc_cv_aarch64_bti" >&6; } +if test $libc_cv_aarch64_bti = yes; then + $as_echo "#define HAVE_AARCH64_BTI 1" >>confdefs.h + +fi diff --git a/sysdeps/aarch64/configure.ac b/sysdeps/aarch64/configure.ac index 7851dd4dac..798f494740 100644 --- a/sysdeps/aarch64/configure.ac +++ b/sysdeps/aarch64/configure.ac @@ -20,3 +20,22 @@ if test $libc_cv_aarch64_be = yes; then else LIBC_CONFIG_VAR([default-abi], [lp64]) fi + +# Only consider BTI supported if -mbranch-protection=bti is +# on by default in the compiler and the linker produces +# binaries with GNU property notes in PT_GNU_PROPERTY segment. +AC_CACHE_CHECK([for BTI support], [libc_cv_aarch64_bti], [dnl + cat > conftest.c <<EOF +void foo (void) { } +EOF + libc_cv_aarch64_bti=no + if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS -nostdlib -nostartfiles $no_ssp -shared -fPIC -o conftest.so conftest.c]) \ + && AC_TRY_COMMAND([$READELF -lW conftest.so | grep -q GNU_PROPERTY]) \ + && AC_TRY_COMMAND([$READELF -nW conftest.so | grep -q "NT_GNU_PROPERTY_TYPE_0.*AArch64 feature:.* BTI"]) + then + libc_cv_aarch64_bti=yes + fi + rm -rf conftest.*]) +if test $libc_cv_aarch64_bti = yes; then + AC_DEFINE(HAVE_AARCH64_BTI) +fi