diff options
| author | KJ Tsanaktsidis <[email protected]> | 2024-06-09 21:15:39 +1000 |
|---|---|---|
| committer | KJ Tsanaktsidis <[email protected]> | 2024-06-11 20:48:55 +1000 |
| commit | 0ccb80d6bf57cd6e79ad622c024d3d0940ec6f3b (patch) | |
| tree | a555d60714988386c937547001b3d65e5deb8318 /coroutine/arm64/Context.S | |
| parent | 6086bae5c85cc297003012afc9cf5966fc75746a (diff) | |
Extract hardening CFLAGS to a special $hardenflags variable
This changes the automatic detection of -fstack-protector,
-D_FORTIFY_SOURCE, and -mbranch-protection to write to $hardenflags
instead of $XCFLAGS. The definition of $cflags is changed to
"$hardenflags $orig_cflags $optflags $debugflags $warnflags" to match.
Furthermore, these flags are _prepended_ to $hardenflags, rather than
appended.
The implications of doing this are as follows:
* If a CRuby builder specifies cflags="-mbranch-protection=foobar" at
the ./configure script, and the configure script detects that
-mbranch-protection=pac-ret is accepted, then GCC will be invoked as
"gcc -mbranch-protection=pac-ret -mbranch-protection=foobar". Since
the last flags take precedence, that means that user-supplied values
of these flags in $cflags will take priority.
* Likewise, if a CRuby builder explicitly specifies
"hardenflags=-mbranch-protection=foobar", because we _prepend_ to
$hardenflags in our autoconf script, we will still invoke GCC as
"gcc -mbranch-protection=pac-ret -mbranch-protection=foobar".
* If a CRuby builder specifies CFLAGS="..." at the configure line,
automatic detection of hardening flags is ignored as before.
* C extensions will _also_ be built with hardening flags now as well
(this was not the case by default before because the detected flags
went into $XCFLAGS).
Additionally, as part of this work, I changed how the detection of
PAC/BTI in Context.S works. Rather than appending the autodetected
option to ASFLAGS, we simply compile a set of test programs with the
actual CFLAGS in use to determine what PAC/BTI settings were actually
chosen by the builder. Context.S is made aware of these choices through
some custom macros.
The result of this work is that:
* Ruby will continue to choose some sensible defaults for hardening
options for the C compiler
* Distributors are able to specify CFLAGS that are consistent with their
distribution and override these defaults
* Context.S will react to whatever -mbranch-protection is actually in
use, not what was autodetected
* Extensions get built with hardening flags too.
[Bug #20154]
[Bug #20520]
Diffstat (limited to 'coroutine/arm64/Context.S')
| -rw-r--r-- | coroutine/arm64/Context.S | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/coroutine/arm64/Context.S b/coroutine/arm64/Context.S index 5251ab214d..54611a247e 100644 --- a/coroutine/arm64/Context.S +++ b/coroutine/arm64/Context.S @@ -5,6 +5,8 @@ ## Copyright, 2018, by Samuel Williams. ## +#include "ruby/config.h" + #define TOKEN_PASTE(x,y) x##y #define PREFIXED_SYMBOL(prefix,name) TOKEN_PASTE(prefix,name) @@ -27,10 +29,10 @@ .global PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer) PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer): -#if defined(__ARM_FEATURE_PAC_DEFAULT) && (__ARM_FEATURE_PAC_DEFAULT != 0) +#if defined(RUBY_AARCH64_PAC_ENABLED) # paciasp (it also acts as BTI landing pad, so no need to insert BTI also) hint #25 -#elif defined(__ARM_FEATURE_BTI_DEFAULT) && (__ARM_FEATURE_BTI_DEFAULT != 0) +#elif defined(RUBY_AARCH64_BTI_ENABLED) # For the case PAC is not enabled but BTI is. # bti c hint #34 @@ -73,7 +75,7 @@ PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer): # Pop stack frame add sp, sp, 0xa0 -#if defined(__ARM_FEATURE_PAC_DEFAULT) && (__ARM_FEATURE_PAC_DEFAULT != 0) +#if defined(RUBY_AARCH64_PAC_ENABLED) # autiasp: Authenticate x30 (LR) with SP and key A hint #29 #endif @@ -85,18 +87,18 @@ PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer): .section .note.GNU-stack,"",%progbits #endif -#if __ARM_FEATURE_BTI_DEFAULT != 0 || __ARM_FEATURE_PAC_DEFAULT != 0 +#if defined(RUBY_AARCH64_BTI_ENABLED) || defined(RUBY_AARCH64_PAC_ENABLED) /* See "ELF for the Arm 64-bit Architecture (AArch64)" https://github.com/ARM-software/abi-aa/blob/2023Q3/aaelf64/aaelf64.rst#program-property */ # define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1<<0) # define GNU_PROPERTY_AARCH64_FEATURE_1_PAC (1<<1) -# if __ARM_FEATURE_BTI_DEFAULT != 0 +# if defined(RUBY_AARCH64_BTI_ENABLED) # define BTI_FLAG GNU_PROPERTY_AARCH64_FEATURE_1_BTI # else # define BTI_FLAG 0 # endif -# if __ARM_FEATURE_PAC_DEFAULT != 0 +# if defined(RUBY_AARCH64_PAC_ENABLED) # define PAC_FLAG GNU_PROPERTY_AARCH64_FEATURE_1_PAC # else # define PAC_FLAG 0 |