From patchwork Thu Apr 30 17:45:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Szabolcs Nagy X-Patchwork-Id: 38893 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id CA869395383D; Thu, 30 Apr 2020 17:46:07 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2068.outbound.protection.outlook.com [40.107.21.68]) by sourceware.org (Postfix) with ESMTPS id 2E4643898517 for ; Thu, 30 Apr 2020 17:46:02 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 2E4643898517 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=Szabolcs.Nagy@arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aIV40egki7+EiacikILg92940PoVWhWm7hMaibxHJ0c=; b=isd+VcWwb8cEs/fjMMeeJbadynfO+QpTfo1Oax+qacXuaE9HWRMsies0v3C5guSDuLlw6TSrUsegw8BSolukHg3pYpDyaLDkg9O51xlTiEKQ2+8uFN+QFN6I/HjpZ4HI9L4hxA9zhUdQ17CN8PAQ6kOHim7KR7psCn34aqKEMZg= Received: from AM7PR03CA0017.eurprd03.prod.outlook.com (2603:10a6:20b:130::27) by DB6PR0802MB2405.eurprd08.prod.outlook.com (2603:10a6:4:9f::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.19; Thu, 30 Apr 2020 17:46:00 +0000 Received: from AM5EUR03FT022.eop-EUR03.prod.protection.outlook.com (2603:10a6:20b:130:cafe::7c) by AM7PR03CA0017.outlook.office365.com (2603:10a6:20b:130::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.20 via Frontend Transport; Thu, 30 Apr 2020 17:46:00 +0000 Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com; sourceware.org; dmarc=bestguesspass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by AM5EUR03FT022.mail.protection.outlook.com (10.152.16.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.20 via Frontend Transport; Thu, 30 Apr 2020 17:45:59 +0000 Received: ("Tessian outbound fb9de21a7e90:v54"); Thu, 30 Apr 2020 17:45:59 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: e8b0a417275553f9 X-CR-MTA-TID: 64aa7808 Received: from c72dd10b8d8c.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id E5314A9A-32ED-4375-B7B6-7E1C135B2A2B.1; Thu, 30 Apr 2020 17:45:54 +0000 Received: from EUR01-VE1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id c72dd10b8d8c.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Thu, 30 Apr 2020 17:45:54 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g5Yz2AYi+5L/6+4ROvbzlTGIo0Pa4P5q9msuTxh2Udhlyhd8FdH+F5rG68ehwcVk8e0cfNYb00Q+28prCFYj2A7SF72slGzQLwW0KhgVsXP/n/phrahiBkUxh3Cxj3+s6SNNzcaX67vGaRqTmLoulZqn0Rar6nf0XxyYiuHRTUi1JsUT4jD7CVU/GHVajtTfd3v4t4SAUjebLHZQXXYfjl3JAyl+un9kuzOzgJsDCwkRI8XOLaId8I2lF5WUTujm8/9IQ1JPWP0X+PUfjAQJ9Ag0bay93f8AhMdik/e+nCr6OPbCPDtOonw4QGgc0ysCSkJkDEqK7oZ1Eq0gXty12w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aIV40egki7+EiacikILg92940PoVWhWm7hMaibxHJ0c=; b=awrOOOUF2eN8QDEQQvnVBaaOO/3cVlCA98tio93dOynpJc8FXD8ymR3WIrsWAtxrVPgFYpRPijToksMlWUHQhzlE19C7PrPYgDsk6LZGuMMnRCd2vXclf+lHQFBbCnKhUgRXypCWCmVL0nMQgbpSBiZD2pLmEPEhFI5SJ10a0eKS6O3AFKJw/hYcJ/47UuECPJFs0BI3NKMMRI4t7uIwr1c4gCX5Lqn/invUcwHAG5v09K+vCuNWqFpQSuvOx2kjmutWrFEfuozM7UZntl5IPll3Bj5Sq1oL/lIEEZVqQnpZzfjeKVwZ/VUfc6FZTKVd0eD5VkOzFZMiHc22htMoGw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aIV40egki7+EiacikILg92940PoVWhWm7hMaibxHJ0c=; b=isd+VcWwb8cEs/fjMMeeJbadynfO+QpTfo1Oax+qacXuaE9HWRMsies0v3C5guSDuLlw6TSrUsegw8BSolukHg3pYpDyaLDkg9O51xlTiEKQ2+8uFN+QFN6I/HjpZ4HI9L4hxA9zhUdQ17CN8PAQ6kOHim7KR7psCn34aqKEMZg= Authentication-Results-Original: sourceware.org; dkim=none (message not signed) header.d=none;sourceware.org; dmarc=none action=none header.from=arm.com; Received: from AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) by AM6PR08MB4328.eurprd08.prod.outlook.com (2603:10a6:20b:74::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2937.22; Thu, 30 Apr 2020 17:45:52 +0000 Received: from AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::49fd:6ded:4da7:8862]) by AM6PR08MB3047.eurprd08.prod.outlook.com ([fe80::49fd:6ded:4da7:8862%7]) with mapi id 15.20.2958.020; Thu, 30 Apr 2020 17:45:52 +0000 Date: Thu, 30 Apr 2020 18:45:50 +0100 From: Szabolcs Nagy To: libc-alpha@sourceware.org Subject: [PATCH 12/12] aarch64: Configure option to build glibc with branch protection Message-ID: <20200430174550.GH29015@arm.com> References: <20200430173458.GV29015@arm.com> In-Reply-To: <20200430173458.GV29015@arm.com> User-Agent: Mutt/1.9.4 (2018-02-28) X-ClientProxiedBy: LO2P265CA0397.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:f::25) To AM6PR08MB3047.eurprd08.prod.outlook.com (2603:10a6:209:4c::23) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from arm.com (217.140.106.55) by LO2P265CA0397.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:f::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2958.19 via Frontend Transport; Thu, 30 Apr 2020 17:45:52 +0000 X-Originating-IP: [217.140.106.55] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: a307da01-2899-4087-e554-08d7ed2e5826 X-MS-TrafficTypeDiagnostic: AM6PR08MB4328:|AM6PR08MB4328:|DB6PR0802MB2405: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: x-checkrecipientrouted: true NoDisclaimer: true X-MS-Oob-TLC-OOBClassifiers: OLM:10000;OLM:10000; X-Forefront-PRVS: 0389EDA07F X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM6PR08MB3047.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(376002)(366004)(396003)(39860400002)(136003)(346002)(26005)(55016002)(316002)(36756003)(86362001)(186003)(52116002)(16526019)(33964004)(2616005)(478600001)(956004)(44144004)(7696005)(66616009)(564344004)(8886007)(235185007)(44832011)(66946007)(6916009)(66556008)(2906002)(66476007)(4326008)(8936002)(1076003)(8676002)(33656002)(2700100001); DIR:OUT; SFP:1101; X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: evMTBHWuNtw2Y9tUugYwp1dMWiQ33s+RHOIhqLUXRF/EIpQJ4DeOo7/kSV/3neh6fWxarffG0nJxKMKkTxy/McYO+e46Y2i7HplgdJq9wRVKMBBrKw2DXA1mZ9VS1iS03jsJKfMMk4BHJENfjsWv6ocVBcjop1POWW21M7smaUfyg6eT0ARzVsMoGDGj62+aIMeuUT1ZG86Em1FS8z+kadLQXajiSmdsMjOVsRIpBVNqgUelECVRiQ0AVVpezkRTrv+PEU01kju8n/QDxb8fQeSY5hfvptPq5h9I3IxvX77lmRvMN1NqhTUa0D9KxWCwY3U5rkm9Xqb2cvysEHZZ4x5cjg4fBi/YJJB5bmwpx489yDbj9yMmpBv+0g41lP/P X-MS-Exchange-AntiSpam-MessageData: CGM8FQl7WYeTkGmrVSzrT6qlGFIhRQDkcLemDRB6ytFbFoOO+q2UZrHEbM/g0QRpiSm+R6QKluLGuNfi6UKSL5EXT9AtH24sv8sYIbnJk7Qp69pOn0WiZw+tsSOwis+yJcJoVm2psO/DjpbEBxMKN2Wvj45kkQefVJ0TP5M19s1lRR1Q+rx+X9f5/qfmLF7JfxW6c5+BNCgLPnxO6WjXQawQk21SZzz4SGJ9AZD4oIzhD+hRJFqP/W5Lw4x4RN0x628acFu7h13SK60U9RBfIVsEN9RZlbfx1+WwL0E+tDnNP4GN5a6dyDFtfHGa+LdEHR6wP9AE8LKO3HmuXO7hLa3HUek8wvzpX48ub7jx+lrQHEuKR0uF8X1cZme1gewkqPo/gEejy6WaHywkBiigtLceRmEJzoswOzND6OTukrMaN05x5b7KvpnL+nHm4u4G9Wu9y/ZTG86bQhCWy0JcNFdY9jnuXCnOGRnhF2zi+Ma/2vD8zbo06/BZbz5iq7cr+Wyh9MtWMZHnxT0SKTis5kcUc/OSwiM/TnMf1jnjqZE0yTe+bbIm8PiGHyhF6HO9m4MCtv2xdmu4QWBEhYANf0zOqOegqYklecjD/ItdYzbjjuLpbJkXwehCrMWL/gN1SXfEc5j/Ze7/tG4fkzMCSOJjmgf9r96OY4hw3XtNpB1lwYdX7GUHRgR4yBOZMHuGvD27tuDDVhMoe9yKlxN8WzxNjxB2+FtszS9WNwrNlGadXAh7Ne702zIQWXxFqaKK3QBXxeZ0Z2SyS1d5SZkr08qiwXssFFDPGZGC9ssyKUc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR08MB4328 Original-Authentication-Results: sourceware.org; dkim=none (message not signed) header.d=none; sourceware.org; dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT022.eop-EUR03.prod.protection.outlook.com X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFTY:; SFS:(4636009)(136003)(39860400002)(346002)(376002)(396003)(46966005)(86362001)(6916009)(36756003)(564344004)(2906002)(81166007)(70206006)(186003)(66616009)(956004)(2616005)(8936002)(26005)(1076003)(8676002)(336012)(16526019)(7696005)(356005)(82310400002)(33656002)(44144004)(55016002)(4326008)(235185007)(478600001)(33964004)(44832011)(8886007)(70586007)(36906005)(316002)(47076004)(82740400003)(2700100001); DIR:OUT; SFP:1101; X-MS-Office365-Filtering-Correlation-Id-Prvs: c1e72bab-d9e6-4d26-a535-08d7ed2e53ba X-Forefront-PRVS: 0389EDA07F X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: zgj6D/LYwi68d4NoQHZYhma4NQ7tdbkCqRkU4ya6rcUNWu4S4fGsRElE1No2KAeI3ql4EzX34ilQLmcEoYBxbdUbsn7dWwZCUTxcUwqu/ZP/4u9boC8bQukRok3Zg0gc5McHxhb3si37PH25UYwvKnJ74QyjylQ+duVFP9/Rr8vwTwsyPIOwAYJhUCMF1N34TxhPLxN9tvqB8AEH+6vobk6KhhsWLkc78ACvuqR98uJR1ulSnitYCHl66NlrqEaha+iamVzGKUnzDI1V0eqzTTegz9GRKMcPhSMpOeRHNpovlwGJb5J4X6sU9s9eFLlwHgRUaZBbP2pu/aNwQhpUbK36sbpI7e3F/u5yjUQAMGJ/H1oFU61lavMV8aWahBh7OjpT+qcMX1cxUvYaRoktq1MXsXOu4pbfeptNCCDDaZ8= X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Apr 2020 17:45:59.8657 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a307da01-2899-4087-e554-08d7ed2e5826 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0802MB2405 X-Spam-Status: No, score=-29.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP, UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org Content-Disposition: attachment; filename="0012-aarch64-Configure-option-to-build-glibc-with-branch-.patch" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Sudakshina Das Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" From ec96daabd8fad129ea3660d479fa63941712c410 Mon Sep 17 00:00:00 2001 From: Sudakshina Das Date: Thu, 26 Mar 2020 11:49:48 +0000 Subject: [PATCH 12/12] aarch64: Configure option to build glibc with branch protection If gcc is configured with --enable-standard-branch-protection then the built glibc should have branch protection suppport too, which includes bti and pac-ret. The new configure option is only for additional configure checks, it does not try to add new CFLAGS (i.e. -mbranch-protection=standard ), it expects gcc to default to using branch protection, since likely the static linked compiler libraries are not compatible otherwise. The -z force-bti linker flag is also passed with branch protection, but this is not very useful: by default the BTI property marking is set on the linker output if all linker inputs have it and it is silently missing otherwise, -z force-bti at least warns if an input is missing the property, but that's not a fatal error. (Using --fatal-warnings ld flag does not work in the test system.) Co-authored-by: Szabolcs Nagy --- configure | 14 +++++++++++++- configure.ac | 6 ++++++ sysdeps/aarch64/Makefile | 4 ++++ sysdeps/aarch64/configure | 31 +++++++++++++++++++++++++++++++ sysdeps/aarch64/configure.ac | 19 +++++++++++++++++++ 5 files changed, 73 insertions(+), 1 deletion(-) diff --git a/configure b/configure index 8df47d61f8..fff5734f6d 100755 --- a/configure +++ b/configure @@ -794,6 +794,7 @@ enable_pt_chown enable_tunables enable_mathvec enable_cet +enable_standard_branch_protection with_cpu ' ac_precious_vars='build_alias @@ -1471,6 +1472,9 @@ Optional Features: depends on architecture] --enable-cet enable Intel Control-flow Enforcement Technology (CET), x86 only + --enable-standard-branch-protection + enable AArch64 Branch Target Identification and + Return Address Signing, AArch64 only Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -3785,7 +3789,7 @@ main () { #ifndef __CET__ -#error no CET compiler support +# error no CET compiler support #endif ; return 0; @@ -3806,6 +3810,14 @@ else fi +# Check whether --enable-standard-branch-protection was given. +if test "${enable_standard_branch_protection+set}" = set; then : + enableval=$enable_standard_branch_protection; libc_cv_branch_protection=$enableval +else + libc_cv_branch_protection=no +fi + + # We keep the original values in `$config_*' and never modify them, so we # can write them unchanged into config.make. Everything else uses # $machine, $vendor, and $os, and changes them whenever convenient. diff --git a/configure.ac b/configure.ac index 5f229679a9..e08b0f3766 100644 --- a/configure.ac +++ b/configure.ac @@ -486,6 +486,12 @@ AC_ARG_ENABLE([cet], [enable_cet=$enableval], [enable_cet=$libc_cv_compiler_default_cet]) +AC_ARG_ENABLE([standard-branch-protection], + AC_HELP_STRING([--enable-standard-branch-protection], + [enable AArch64 Branch Target Identification and Return Address Signing, AArch64 only]), + [libc_cv_branch_protection=$enableval], + [libc_cv_branch_protection=no]) + # We keep the original values in `$config_*' and never modify them, so we # can write them unchanged into config.make. Everything else uses # $machine, $vendor, and $os, and changes them whenever convenient. diff --git a/sysdeps/aarch64/Makefile b/sysdeps/aarch64/Makefile index 5ae8b082b0..313c371e72 100644 --- a/sysdeps/aarch64/Makefile +++ b/sysdeps/aarch64/Makefile @@ -1,5 +1,9 @@ long-double-fcts = yes +ifeq (yes,$(enable-branch-protection)) +sysdep-LDFLAGS += -Wl,-z,force-bti +endif + ifeq ($(subdir),elf) sysdep-dl-routines += dl-bti endif diff --git a/sysdeps/aarch64/configure b/sysdeps/aarch64/configure index 5bd355a691..83a6c8c852 100644 --- a/sysdeps/aarch64/configure +++ b/sysdeps/aarch64/configure @@ -172,3 +172,34 @@ else config_vars="$config_vars default-abi = lp64" fi + +if test "$libc_cv_branch_protection" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for branch protection support" >&5 +$as_echo_n "checking for branch protection support... " >&6; } +if ${libc_cv_branch_protection_support+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat > conftest.c <&5 + (eval $ac_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } \ + && LC_ALL=C $READELF -Wn conftest.so | \ + grep -q 'NT_GNU_PROPERTY_TYPE_0.*AArch64 feature:.* BTI'; then + libc_cv_branch_protection_support=yes + fi + rm -rf conftest.* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_branch_protection_support" >&5 +$as_echo "$libc_cv_branch_protection_support" >&6; } + if test $libc_cv_branch_protection_support = no; then + as_fn_error $? "branch-protection is enabled, but the toolchain does not support it." "$LINENO" 5 + fi +fi +config_vars="$config_vars +enable-branch-protection = $libc_cv_branch_protection" diff --git a/sysdeps/aarch64/configure.ac b/sysdeps/aarch64/configure.ac index 7851dd4dac..d16ba3710a 100644 --- a/sysdeps/aarch64/configure.ac +++ b/sysdeps/aarch64/configure.ac @@ -20,3 +20,22 @@ if test $libc_cv_aarch64_be = yes; then else LIBC_CONFIG_VAR([default-abi], [lp64]) fi + +if test "$libc_cv_branch_protection" = yes; then + AC_CACHE_CHECK([for branch protection support], + [libc_cv_branch_protection_support], + [cat > conftest.c <