diff options
| author | H.J. Lu <hjl.tools@gmail.com> | 2020-02-28 09:52:08 -0800 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2020-03-14 11:49:29 +0100 |
| commit | 99118f50b0f6cf695c82f3c2da7b9b5f9d850ef8 (patch) | |
| tree | 506b34f192bfedcfa244a83cb13fff5f046c4420 /configure.ac | |
| parent | 46fcc7f0b6abffd2632d8809ef8dc8f70e4a1ff9 (diff) | |
| download | nettle-99118f50b0f6cf695c82f3c2da7b9b5f9d850ef8.tar.gz | |
x86: Add ASM_X86_ENDBR and x86 CET marker to config.m4.in
Intel Control-flow Enforcement Technology (CET):
https://software.intel.com/en-us/articles/intel-sdm
contains shadow stack (SHSTK) and indirect branch tracking (IBT). When
CET is enabled, ELF object files must be marked with .note.gnu.property
section. Also when IBT is enabled, all indirect branch targets must
start with ENDBR instruction.
This patch adds ASM_X86_ENDBR and the x86 CET marker to config.m4.in when
CET is enabled. It updates PROLOGUE with ASM_X86_ENDBR.
Tested on CET machine with i686 and x86-64.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index ba3ab7c6..05849fb6 100644 --- a/configure.ac +++ b/configure.ac @@ -803,6 +803,68 @@ EOF ASM_ALIGN_LOG="$nettle_cv_asm_align_log" fi +dnl Define +dnl 1. ASM_X86_ENDBR for endbr32/endbr64. +dnl 2. ASM_X86_MARK_CET to add a .note.gnu.property section to mark +dnl Intel CET support if needed. +dnl 3. ASM_X86_MARK_CET_ALIGN to align ASM_X86_MARK_CET. +AC_CACHE_CHECK([if Intel CET is enabled], + [nettle_cv_asm_x86_intel_cet], + [AC_TRY_COMPILE([ +#ifndef __CET__ +#error Intel CET is not enabled +#endif + ], [], + [nettle_cv_asm_x86_intel_cet=yes], + [nettle_cv_asm_x86_intel_cet=no])]) +if test "$nettle_cv_asm_x86_intel_cet" = yes; then + case $ABI in + 32|standard) + ASM_X86_ENDBR=endbr32 + ASM_X86_MARK_CET_ALIGN=2 + ;; + 64) + ASM_X86_ENDBR=endbr64 + ASM_X86_MARK_CET_ALIGN=3 + ;; + x32) + ASM_X86_ENDBR=endbr64 + ASM_X86_MARK_CET_ALIGN=2 + ;; + esac + AC_CACHE_CHECK([if .note.gnu.property section is needed], + [nettle_cv_asm_x86_gnu_property], + [AC_TRY_COMPILE([ +#if !defined __ELF__ || !defined __CET__ +#error GNU property is not needed +#endif + ], [], + [nettle_cv_asm_x86_gnu_property=yes], + [nettle_cv_asm_x86_gnu_property=no])]) +else + nettle_cv_asm_x86_gnu_property=no +fi +if test "$nettle_cv_asm_x86_gnu_property" = yes; then + ASM_X86_MARK_CET=' + .pushsection ".note.gnu.property", "a" + .p2align ASM_X86_MARK_CET_ALIGN + .long 1f - 0f + .long 4f - 1f + .long 5 +0: + .asciz "GNU" +1: + .p2align ASM_X86_MARK_CET_ALIGN + .long 0xc0000002 + .long 3f - 2f +2: + .long 3 +3: + .p2align ASM_X86_MARK_CET_ALIGN +4: + .popsection' +fi + AC_SUBST(ASM_SYMBOL_PREFIX) AC_SUBST(ASM_ELF_STYLE) AC_SUBST(ASM_COFF_STYLE) @@ -813,6 +875,9 @@ AC_SUBST(ASM_ALIGN_LOG) AC_SUBST(W64_ABI) AC_SUBST(ASM_WORDS_BIGENDIAN) AC_SUBST(EMULATOR) +AC_SUBST(ASM_X86_ENDBR) +AC_SUBST(ASM_X86_MARK_CET) +AC_SUBST(ASM_X86_MARK_CET_ALIGN) AC_SUBST(LIBNETTLE_MAJOR) AC_SUBST(LIBNETTLE_MINOR) |