x86: Generate .note.gnu.property section for ELF output

We should generate .note.gnu.property section with x86 assembly codes
for ELF outputs to mark Intel CET support when Intel CET is enabled
since all input files must be marked with Intel CET support in order
for linker to mark output with Intel CET support.  Since nasm and yasm
can't generate the proper .note.gnu.property section, yasm-cet-filter.sh
and yasm-filter.sh are added to generate the proper .note.gnu.property
with linker help.

Verified with

$ CC="gcc -Wl,-z,cet-report=error -fcf-protection" CXX="g++ -Wl,-z,cet-report=error -fcf-protection" .../configure x86_64-linux
$ make -j8

on Linux/x86-64.

Change-Id: I14e03a8a9031c8397dc36939a528cf5a827d775a
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
This commit is contained in:
H.J. Lu 2020-05-22 10:17:59 -07:00 committed by Greg Tucker
parent cd888f01a4
commit 8074e3fe1b
4 changed files with 126 additions and 0 deletions

View File

@ -117,12 +117,23 @@ test: $(addsuffix .run,$(unit_tests))
@echo Completed run: $< @echo Completed run: $<
# Support for yasm/nasm/gas # Support for yasm/nasm/gas
if INTEL_CET_ENABLED
export CET_LD=$(LD)
endif
if USE_YASM if USE_YASM
if INTEL_CET_ENABLED
as_filter = ${srcdir}/tools/yasm-cet-filter.sh
else
as_filter = ${srcdir}/tools/yasm-filter.sh as_filter = ${srcdir}/tools/yasm-filter.sh
endif endif
endif
if USE_NASM if USE_NASM
if INTEL_CET_ENABLED
as_filter = ${srcdir}/tools/nasm-cet-filter.sh
else
as_filter = ${srcdir}/tools/nasm-filter.sh as_filter = ${srcdir}/tools/nasm-filter.sh
endif endif
endif
if CPU_AARCH64 if CPU_AARCH64
as_filter = $(CC) -D__ASSEMBLY__ as_filter = $(CC) -D__ASSEMBLY__
endif endif

View File

@ -51,6 +51,7 @@ fi
# Check for programs # Check for programs
AC_PROG_CC_STDC AC_PROG_CC_STDC
AC_PROG_LD
AC_USE_SYSTEM_EXTENSIONS AC_USE_SYSTEM_EXTENSIONS
AM_SILENT_RULES([yes]) AM_SILENT_RULES([yes])
LT_INIT LT_INIT
@ -68,6 +69,17 @@ AS_IF([test "x$enable_debug" = "xyes"], [
# If this build is for x86, look for yasm and nasm # If this build is for x86, look for yasm and nasm
if test x"$is_x86" = x"yes"; then if test x"$is_x86" = x"yes"; then
AC_MSG_CHECKING([whether Intel CET is enabled])
AC_TRY_COMPILE([],[
#ifndef __CET__
# error CET is not enabled
#endif],
[AC_MSG_RESULT([yes])
intel_cet_enabled=yes],
[AC_MSG_RESULT([no])
intel_cet_enabled=no])
AM_CONDITIONAL(INTEL_CET_ENABLED, [test x"$intel_cet_enabled" = x"yes"])
# Pick an assembler yasm or nasm # Pick an assembler yasm or nasm
if test x"$AS" = x""; then if test x"$AS" = x""; then
# Check for yasm and yasm features # Check for yasm and yasm features

56
tools/nasm-cet-filter.sh Executable file
View File

@ -0,0 +1,56 @@
#/bin/sh
# Filter out unnecessary options added by automake
while [ -n "$*" ]; do
case "$1" in
-o )
# Supported options with arg
options="$options $1 $2"
shift
object="$1"
shift
;;
-f | -D )
# Supported options with arg
options="$options $1 $2"
shift
shift
;;
-I | -i )
options="$options $1 $2/"
shift
shift
;;
--prefix* )
# Supported options without arg
options="$options $1"
shift
;;
-I* | -i* )
options="$options $1/"
shift
;;
-D* ) # For defines we need to remove spaces
case "$1" in
*' '* ) ;;
*) options="$options $1" ;;
esac
shift
;;
#-blah )
# Unsupported options with args - none known
-* )
# Unsupported options with no args
shift
;;
* )
args="$args $1"
shift
;;
esac
done
nasm $options $args
$CET_LD -r -z ibt -z shstk -o $object.tmp $object
mv $object.tmp $object

47
tools/yasm-cet-filter.sh Executable file
View File

@ -0,0 +1,47 @@
#/bin/sh
# Filter out unnecessary options added by automake
while [ -n "$*" ]; do
case "$1" in
-o )
# Supported options with arg
options="$options $1 $2"
shift
object="$1"
shift
;;
-f | -I | -i | -D )
# Supported options with arg
options="$options $1 $2"
shift
shift
;;
-I* | -i* | --prefix* )
# Supported options without arg
options="$options $1"
shift
;;
-D* ) # For defines we need to remove spaces
case "$1" in
*' '* ) ;;
*) options="$options $1" ;;
esac
shift
;;
#-blah )
# Unsupported options with args - none known
-* )
# Unsupported options with no args
shift
;;
* )
args="$args $1"
shift
;;
esac
done
yasm $options $args
$CET_LD -r -z ibt -z shstk -o $object.tmp $object
mv $object.tmp $object