1berry/ruby
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do not define SHSTK feature for amd64 Context.S

Browse Source 
We do not implement CET shadow-stack switching in amd64 Context.S. If
you compile Ruby with `-fcf-protection=full` and run it with
`GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK` exported, it will crash with a
control flow exception.

Configure the appropriate notes at the end of Context.S

[Bug #18061]
This commit is contained in:
KJ Tsanaktsidis 2024-07-06 15:00:42 +10:00
parent 3381c60836
commit 8ec67052e6
1 changed files with 31 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
coroutine/amd64/Context.S
View File

@ -5,9 +5,9 @@
## Copyright, 2018, by Samuel Williams. ## Copyright, 2018, by Samuel Williams.
## ##
#if defined(__CET__) /* Important - do _not_ include <cet.h> in this file; doing so will
#include <cet.h> * cause an incorrect .note.gnu.property section to be emitted. We have
#endif * one at the bottom of this file */
#define TOKEN_PASTE(x,y) x##y #define TOKEN_PASTE(x,y) x##y
#define PREFIXED_SYMBOL(prefix,name) TOKEN_PASTE(prefix,name) #define PREFIXED_SYMBOL(prefix,name) TOKEN_PASTE(prefix,name)
@ -17,8 +17,9 @@
.globl PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer) .globl PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer)
PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer): PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer):
#if defined(__CET__) #if defined(__CET__) && (__CET__ & 0x01) != 0
_CET_ENDBR /* IBT landing pad */
endbr64
#endif #endif
# Make space on the stack for 6 registers: # Make space on the stack for 6 registers:
@ -58,3 +59,28 @@ PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer):
#if (defined(__linux__) || defined(__FreeBSD__)) && defined(__ELF__) #if (defined(__linux__) || defined(__FreeBSD__)) && defined(__ELF__)
.section .note.GNU-stack,"",%progbits .section .note.GNU-stack,"",%progbits
#endif #endif
#if defined(__CET__) && (__CET__ & 0x01) != 0
# define IBT_FLAG 0x01
#else
# define IBT_FLAG 0x00
#endif
/* We do _NOT_ support CET shadow-stack. Do _not_ add the property for
* this to the Context.o object. If you require CET shadow-stack support,
* for now, consider building with --with-coroutine=ucontext */
#define SHSTK_FLAG 0x00
.pushsection .note.gnu.property, "a"
.p2align 3
.long 0x4 /* Name size ("GNU\0") */
.long 0x10 /* Descriptor size */
.long 0x5 /* Type: NT_GNU_PROPERTY_TYPE_0 */
.asciz "GNU" /* Name */
# Begin descriptor
.long 0xc0000002 /* Property type: GNU_PROPERTY_X86_FEATURE_1_AND */
.long 0x4 /* Property size */
.long (IBT_FLAG | SHSTK_FLAG)
.long 0x0 /* 8-byte alignment padding */
/* End descriptor */
.popsection