From 5db8b1c97bcbc80d2ed904ab40cafe1267a9848c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Caol=C3=A1n=20McNamara?= <caolanm@redhat.com>
Date: Wed, 15 Dec 2021 12:46:24 +0000
Subject: [PATCH] annocheck warning about missing .note.gnu.property section
copy and paste recommendation from:
https://sourceware.org/annobin/annobin.html/Test-cf-protection.html
and adapt like:
https://github.com/openssl/openssl/commit/51994e505dbb1cd0dd76869ec962e2948b77b585
where https://bugs.ruby-lang.org/attachments/8962 is similar
Intel docs have "The ENDBR32 and ENDBR64 (collectively ENDBRANCH) are
two new instructions that are used to mark valid indirect CALL/JMP
target locations in the program."
Change-Id: Ie867c263a888763db4478720ba189c9ec6cc974d
---
.../source/cpp_uno/gcc3_linux_intel/call.s | 16 ++++++++++++++++
.../source/cpp_uno/gcc3_linux_x86-64/call.s | 19 +++++++++++++++++++
config_host.mk.in | 1 +
configure.ac | 14 ++++++++++++++
solenv/gbuild/platform/com_GCC_class.mk | 1 +
5 files changed, 51 insertions(+)
diff --git a/bridges/source/cpp_uno/gcc3_linux_intel/call.s b/bridges/source/cpp_uno/gcc3_linux_intel/call.s
index 6be583247733..0a5870defcf3 100644
--- a/bridges/source/cpp_uno/gcc3_linux_intel/call.s
+++ b/bridges/source/cpp_uno/gcc3_linux_intel/call.s
@@ -290,3 +290,19 @@ privateSnippetExecutorClass:
.align 4
.LEFDEc:
.section .note.GNU-stack,"",@progbits
+ .section .note.gnu.property,"a"
+ .p2align 2
+ .long 1f - 0f
+ .long 4f - 1f
+ .long 5
+0:
+ .string "GNU"
+1:
+ .p2align 2
+ .long 0xc0000002
+ .long 3f - 2f
+2:
+ .long 0x3
+3:
+ .p2align 2
+4:
diff --git a/bridges/source/cpp_uno/gcc3_linux_x86-64/call.s b/bridges/source/cpp_uno/gcc3_linux_x86-64/call.s
index 447ac0cecfdd..2e9346dff8a0 100644
--- a/bridges/source/cpp_uno/gcc3_linux_x86-64/call.s
+++ b/bridges/source/cpp_uno/gcc3_linux_x86-64/call.s
@@ -22,6 +22,9 @@
.type privateSnippetExecutor, @function
privateSnippetExecutor:
.LFB3:
+#if defined(END_BRANCH_INS_SUPPORT)
+ endbr64
+#endif
pushq %rbp
.LCFI0:
movq %rsp, %rbp
@@ -115,3 +118,19 @@ privateSnippetExecutor:
.align 8
.LEFDE1:
.section .note.GNU-stack,"",@progbits
+ .section .note.gnu.property,"a"
+ .p2align 3
+ .long 1f - 0f
+ .long 4f - 1f
+ .long 5
+0:
+ .string "GNU"
+1:
+ .p2align 3
+ .long 0xc0000002
+ .long 3f - 2f
+2:
+ .long 0x3
+3:
+ .p2align 3
+4:
diff --git a/config_host.mk.in b/config_host.mk.in
index 0fe4fd84cd41..c78eabd54d09 100644
--- a/config_host.mk.in
+++ b/config_host.mk.in
@@ -262,6 +262,7 @@ export GTK4_CFLAGS=$(gb_SPACE)@GTK4_CFLAGS@
export GTK4_LIBS=$(gb_SPACE)@GTK4_LIBS@
export USING_X11=@USING_X11@
export HAMCREST_JAR=@HAMCREST_JAR@
+export HAVE_ASM_END_BRANCH_INS_SUPPORT=@HAVE_ASM_END_BRANCH_INS_SUPPORT@
export HAVE_BROKEN_GCC_WMAYBE_UNINITIALIZED=@HAVE_BROKEN_GCC_WMAYBE_UNINITIALIZED@
export HAVE_BROKEN_GCC_WSTRINGOP_OVERFLOW=@HAVE_BROKEN_GCC_WSTRINGOP_OVERFLOW@
export HAVE_CLANG_DEBUG_INFO_KIND_CONSTRUCTOR=@HAVE_CLANG_DEBUG_INFO_KIND_CONSTRUCTOR@
diff --git a/configure.ac b/configure.ac
index 06d7901c7c79..0400bd390e8c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7927,6 +7927,20 @@ _ACEOF
CPPFLAGS="$save_CPPFLAGS"
+ AC_MSG_CHECKING([if CET endbranch is recognized])
+cat > endbr.s <<_ACEOF
+endbr32
+_ACEOF
+ HAVE_ASM_END_BRANCH_INS_SUPPORT=
+ if $CXX -c endbr.s -o endbr.o >/dev/null 2>&5; then
+ AC_MSG_RESULT([yes])
+ HAVE_ASM_END_BRANCH_INS_SUPPORT=TRUE
+ else
+ AC_MSG_RESULT([no])
+ fi
+ rm -f endbr.s endbr.o
+ AC_SUBST(HAVE_ASM_END_BRANCH_INS_SUPPORT)
+
AC_LANG_POP([C++])
fi
diff --git a/solenv/gbuild/platform/com_GCC_class.mk b/solenv/gbuild/platform/com_GCC_class.mk
index c29e2a979fd9..e2056abf9682 100644
--- a/solenv/gbuild/platform/com_GCC_class.mk
+++ b/solenv/gbuild/platform/com_GCC_class.mk
@@ -44,6 +44,7 @@ $(call gb_Helper_abbreviate_dirs,\
-x assembler-with-cpp \
$(gb_LTOFLAGS) \
$(gb_AFLAGS) \
+ $(if $(HAVE_ASM_END_BRANCH_INS_SUPPORT),-DEND_BRANCH_INS_SUPPORT) \
-c $(3) \
-o $(1)) \
$(INCLUDE) && \
--
2.33.1