archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-08-26 22:45:03 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
ruby/coroutine/arm64/Context.S
KJ Tsanaktsidis 0ccb80d6bf Extract hardening CFLAGS to a special $hardenflags variable 
This changes the automatic detection of -fstack-protector,
-D_FORTIFY_SOURCE, and -mbranch-protection to write to $hardenflags
instead of $XCFLAGS. The definition of $cflags is changed to
"$hardenflags $orig_cflags $optflags $debugflags $warnflags" to match.

Furthermore, these flags are _prepended_ to $hardenflags, rather than
appended.

The implications of doing this are as follows:

* If a CRuby builder specifies cflags="-mbranch-protection=foobar" at
  the ./configure script, and the configure script detects that
  -mbranch-protection=pac-ret is accepted, then GCC will be invoked as
  "gcc -mbranch-protection=pac-ret -mbranch-protection=foobar". Since
  the last flags take precedence, that means that user-supplied values
  of these flags in $cflags will take priority.
* Likewise, if a CRuby builder explicitly specifies
  "hardenflags=-mbranch-protection=foobar", because we _prepend_ to
  $hardenflags in our autoconf script, we will still invoke GCC as
  "gcc -mbranch-protection=pac-ret -mbranch-protection=foobar".
* If a CRuby builder specifies CFLAGS="..." at the configure line,
  automatic detection of hardening flags is ignored as before.
* C extensions will _also_ be built with hardening flags now as well
  (this was not the case by default before because the detected flags
  went into $XCFLAGS).

Additionally, as part of this work, I changed how the detection of
PAC/BTI in Context.S works. Rather than appending the autodetected
option to ASFLAGS, we simply compile a set of test programs with the
actual CFLAGS in use to determine what PAC/BTI settings were actually
chosen by the builder. Context.S is made aware of these choices through
some custom macros.

The result of this work is that:

* Ruby will continue to choose some sensible defaults for hardening
  options for the C compiler
* Distributors are able to specify CFLAGS that are consistent with their
  distribution and override these defaults
* Context.S will react to whatever -mbranch-protection is actually in
  use, not what was autodetected
* Extensions get built with hardening flags too.

[Bug #20154]
[Bug #20520]
2024-06-11 20:48:55 +10:00

122 lines
3.3 KiB
ArmAsm
Raw Blame History

##
## This file is part of the "Coroutine" project and released under the MIT License.
##
## Created by Samuel Williams on 10/5/2018.
## Copyright, 2018, by Samuel Williams.
##
#include "ruby/config.h"
#define TOKEN_PASTE(x,y) x##y
#define PREFIXED_SYMBOL(prefix,name) TOKEN_PASTE(prefix,name)
#if defined(__APPLE__)
#define x29 fp
#define x30 lr
.text
.p2align 2
#else
.text
.align 2
#endif
## NOTE(PAC): Use we HINT mnemonics instead of PAC mnemonics to
## keep compatibility with those assemblers that don't support PAC.
##
## See "Providing protection for complex software" for more details about PAC/BTI
## https://developer.arm.com/architectures/learn-the-architecture/providing-protection-for-complex-software
.global PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer)
PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer):
#if defined(RUBY_AARCH64_PAC_ENABLED)
# paciasp (it also acts as BTI landing pad, so no need to insert BTI also)
hint #25
#elif defined(RUBY_AARCH64_BTI_ENABLED)
# For the case PAC is not enabled but BTI is.
# bti c
hint #34
#endif
# Make space on the stack for caller registers
sub sp, sp, 0xa0
# Save caller registers
stp d8, d9, [sp, 0x00]
stp d10, d11, [sp, 0x10]
stp d12, d13, [sp, 0x20]
stp d14, d15, [sp, 0x30]
stp x19, x20, [sp, 0x40]
stp x21, x22, [sp, 0x50]
stp x23, x24, [sp, 0x60]
stp x25, x26, [sp, 0x70]
stp x27, x28, [sp, 0x80]
stp x29, x30, [sp, 0x90]
# Save stack pointer to x0 (first argument)
mov x2, sp
str x2, [x0, 0]
# Load stack pointer from x1 (second argument)
ldr x3, [x1, 0]
mov sp, x3
# Restore caller registers
ldp d8, d9, [sp, 0x00]
ldp d10, d11, [sp, 0x10]
ldp d12, d13, [sp, 0x20]
ldp d14, d15, [sp, 0x30]
ldp x19, x20, [sp, 0x40]
ldp x21, x22, [sp, 0x50]
ldp x23, x24, [sp, 0x60]
ldp x25, x26, [sp, 0x70]
ldp x27, x28, [sp, 0x80]
ldp x29, x30, [sp, 0x90]
# Pop stack frame
add sp, sp, 0xa0
#if defined(RUBY_AARCH64_PAC_ENABLED)
# autiasp: Authenticate x30 (LR) with SP and key A
hint #29
#endif
# Jump to return address (in x30)
ret
#if defined(__linux__) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits
#endif
#if defined(RUBY_AARCH64_BTI_ENABLED) || defined(RUBY_AARCH64_PAC_ENABLED)
/* See "ELF for the Arm 64-bit Architecture (AArch64)"
https://github.com/ARM-software/abi-aa/blob/2023Q3/aaelf64/aaelf64.rst#program-property */
# define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1<<0)
# define GNU_PROPERTY_AARCH64_FEATURE_1_PAC (1<<1)
# if defined(RUBY_AARCH64_BTI_ENABLED)
# define BTI_FLAG GNU_PROPERTY_AARCH64_FEATURE_1_BTI
# else
# define BTI_FLAG 0
# endif
# if defined(RUBY_AARCH64_PAC_ENABLED)
# define PAC_FLAG GNU_PROPERTY_AARCH64_FEATURE_1_PAC
# else
# define PAC_FLAG 0
# endif
# The note section format is described by Note Section in Chapter 5
# of "System V Application Binary Interface, Edition 4.1".
.pushsection .note.gnu.property, "a"
.p2align 3
.long 0x4 /* Name size ("GNU\0") */
.long 0x10 /* Descriptor size */
.long 0x5 /* Type: NT_GNU_PROPERTY_TYPE_0 */
.asciz "GNU" /* Name */
# Begin descriptor
.long 0xc0000000 /* Property type: GNU_PROPERTY_AARCH64_FEATURE_1_AND */
.long 0x4 /* Property size */
.long (BTI_FLAG|PAC_FLAG)
.long 0x0 /* 8-byte alignment padding */
# End descriptor
.popsection
#endif
Reference in a new issue View git blame Copy permalink