public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug d/95680] New: libdruntime doesn't support shadow stack
@ 2020-06-15 13:22 hjl.tools at gmail dot com
2020-06-15 16:20 ` [Bug d/95680] " ibuclaw at gdcproject dot org
` (5 more replies)
0 siblings, 6 replies; 7+ messages in thread
From: hjl.tools at gmail dot com @ 2020-06-15 13:22 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95680
Bug ID: 95680
Summary: libdruntime doesn't support shadow stack
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: d
Assignee: ibuclaw at gdcproject dot org
Reporter: hjl.tools at gmail dot com
Target Milestone: ---
libdruntime manipulates user stack. It doesn't support shadow stack from
Intel CET:
https://software.intel.com/content/www/us/en/develop/articles/intel-sdm.html
like the ucontext family functions in glibc.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug d/95680] libdruntime doesn't support shadow stack
2020-06-15 13:22 [Bug d/95680] New: libdruntime doesn't support shadow stack hjl.tools at gmail dot com
@ 2020-06-15 16:20 ` ibuclaw at gdcproject dot org
2020-06-15 16:44 ` hjl.tools at gmail dot com
` (4 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: ibuclaw at gdcproject dot org @ 2020-06-15 16:20 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95680
--- Comment #1 from Iain Buclaw <ibuclaw at gdcproject dot org> ---
(In reply to H.J. Lu from comment #0)
> libdruntime manipulates user stack. It doesn't support shadow stack from
> Intel CET:
>
> https://software.intel.com/content/www/us/en/develop/articles/intel-sdm.html
>
> like the ucontext family functions in glibc.
If I understand the change in glibc correctly, core/thread.d (initStack) will
need a few extra calls to push() to accommodate for the shadow stack, then
implementation handled in fiber_switchContext.
Though perhaps it may make more sense to ditch the custom Fiber implementation
and always use ucontext to handle context switching if there's always going to
thing kind of disconnect between the system and D runtime library.
Is there a specific test that fails because of this?
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug d/95680] libdruntime doesn't support shadow stack
2020-06-15 13:22 [Bug d/95680] New: libdruntime doesn't support shadow stack hjl.tools at gmail dot com
2020-06-15 16:20 ` [Bug d/95680] " ibuclaw at gdcproject dot org
@ 2020-06-15 16:44 ` hjl.tools at gmail dot com
2020-09-08 10:15 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: hjl.tools at gmail dot com @ 2020-06-15 16:44 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95680
H.J. Lu <hjl.tools at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
Status|UNCONFIRMED |NEW
Last reconfirmed| |2020-06-15
--- Comment #2 from H.J. Lu <hjl.tools at gmail dot com> ---
(In reply to Iain Buclaw from comment #1)
> (In reply to H.J. Lu from comment #0)
> > libdruntime manipulates user stack. It doesn't support shadow stack from
> > Intel CET:
> >
> > https://software.intel.com/content/www/us/en/develop/articles/intel-sdm.html
> >
> > like the ucontext family functions in glibc.
>
> If I understand the change in glibc correctly, core/thread.d (initStack)
> will need a few extra calls to push() to accommodate for the shadow stack,
> then implementation handled in fiber_switchContext.
It is much more than that.
> Though perhaps it may make more sense to ditch the custom Fiber
> implementation and always use ucontext to handle context switching if
> there's always going to thing kind of disconnect between the system and D
> runtime library.
Yes, it should work.
> Is there a specific test that fails because of this?
FAIL: libphobos.druntime/core/thread.d execution test
FAIL: libphobos.druntime_shared/core/thread.d execution test
FAIL: libphobos.phobos_shared/std/concurrency.d execution test
FAIL: libphobos.phobos/std/concurrency.d execution test
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug d/95680] libdruntime doesn't support shadow stack
2020-06-15 13:22 [Bug d/95680] New: libdruntime doesn't support shadow stack hjl.tools at gmail dot com
2020-06-15 16:20 ` [Bug d/95680] " ibuclaw at gdcproject dot org
2020-06-15 16:44 ` hjl.tools at gmail dot com
@ 2020-09-08 10:15 ` cvs-commit at gcc dot gnu.org
2020-09-09 17:38 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-09-08 10:15 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95680
--- Comment #3 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Iain Buclaw <ibuclaw@gcc.gnu.org>:
https://gcc.gnu.org/g:285d81be9725acc36dc8eca48d4df506cd5e6f6f
commit r11-3047-g285d81be9725acc36dc8eca48d4df506cd5e6f6f
Author: Iain Buclaw <ibuclaw@gdcproject.org>
Date: Mon Sep 7 15:43:04 2020 +0200
libphobos: libdruntime doesn't support shadow stack (PR95680)
Rather than implementing support within D runtime itself, use libc
getcontext/swapcontext functions if CET is enabled.
Removes whatever CET support was in the switchContext routine for x86
D runtime, along with setting version AsmExternal, so that the fallback
ucontext_t implementation is used, which is capable of doing shadow
stack handling.
libphobos/ChangeLog:
PR d/95680
* Makefile.in: Regenerate.
* configure: Regenerate.
* configure.ac (DCFG_ENABLE_CET): Substitute.
* libdruntime/Makefile.in: Regenerate.
* libdruntime/config/x86/switchcontext.S: Remove CET support code.
* libdruntime/core/thread.d: Import gcc.config. Don't set version
AsmExternal when GNU_Enable_CET is true.
* libdruntime/gcc/config.d.in (GNU_Enable_CET): Define.
* src/Makefile.in: Regenerate.
* testsuite/Makefile.in: Regenerate.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug d/95680] libdruntime doesn't support shadow stack
2020-06-15 13:22 [Bug d/95680] New: libdruntime doesn't support shadow stack hjl.tools at gmail dot com
` (2 preceding siblings ...)
2020-09-08 10:15 ` cvs-commit at gcc dot gnu.org
@ 2020-09-09 17:38 ` cvs-commit at gcc dot gnu.org
2020-09-10 16:04 ` cvs-commit at gcc dot gnu.org
2020-09-10 16:11 ` ibuclaw at gdcproject dot org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-09-09 17:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95680
--- Comment #4 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by H.J. Lu <hjl@gcc.gnu.org>:
https://gcc.gnu.org/g:c6632dc9a8ee77ad66a8d62d736a9112de9e41c7
commit r11-3080-gc6632dc9a8ee77ad66a8d62d736a9112de9e41c7
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Tue Sep 8 05:54:56 2020 -0700
libphobos: Include <cet.h> to generate the CET marker for -fcf-protection
Include <cet.h> to generate the CET marker for -fcf-protection to avoid
/bin/ld:
../libdruntime/.libs/libgdruntime_convenience.a(libgdruntime_convenience_la-switchcontext.o):
error: missing IBT and SHSTK properties
when -z cet-report=error is passed to the linker to create libgphobos.so
and libgdruntime.so.
PR d/95680
* libdruntime/config/x86/switchcontext.S: Include <cet.h> to
generate the CET marker for -fcf-protection.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug d/95680] libdruntime doesn't support shadow stack
2020-06-15 13:22 [Bug d/95680] New: libdruntime doesn't support shadow stack hjl.tools at gmail dot com
` (3 preceding siblings ...)
2020-09-09 17:38 ` cvs-commit at gcc dot gnu.org
@ 2020-09-10 16:04 ` cvs-commit at gcc dot gnu.org
2020-09-10 16:11 ` ibuclaw at gdcproject dot org
5 siblings, 0 replies; 7+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2020-09-10 16:04 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95680
--- Comment #5 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Iain Buclaw <ibuclaw@gcc.gnu.org>:
https://gcc.gnu.org/g:0ed757604f4e232324ca798e46f3d8bf7e35b009
commit r11-3112-g0ed757604f4e232324ca798e46f3d8bf7e35b009
Author: Iain Buclaw <ibuclaw@gdcproject.org>
Date: Thu Sep 10 01:30:20 2020 +0200
libphobos: libdruntime doesn't support shadow stack (PR95680)
The first implementation hit a front-end implementation bug where
version conditions are resolved ahead of static if confitions.
The logic for whether to use asm implemented fiber_switchContext or
libc's swapcontext has been moved from GNU_Enable_CET to version CET.
libphobos/ChangeLog:
PR d/95680
PR d/97007
* Makefile.am (AM_MAKEFLAGS): Remove $(CET_FLAGS).
* Makefile.in: Regenerate.
* configure: Regenerate.
* configure.ac (DCFG_ENABLE_CET): Remove substitution.
(CET_DFLAGS): Substitute.
* libdruntime/Makefile.am (AM_DFLAGS): Add $(CET_DFLAGS).
(AM_CFLAGS): Add $(CET_FLAGS).
(AM_CCASFLAGS): Likewise.
* libdruntime/Makefile.in: Regenerate.
* libdruntime/core/thread.d: Replace static if GNU_Enable_CET
condition with `version (CET)'.
* libdruntime/gcc/config.d.in (GNU_Enable_CET): Remove.
* src/Makefile.am (AM_DFLAGS): Add $(CET_DFLAGS).
(AM_CFLAGS): Add $(CET_FLAGS).
* src/Makefile.in: Regenerate.
* testsuite/Makefile.in: Regenerate.
* testsuite/testsuite_flags.in: Add $(CET_DFLAGS) to --gdcflags.
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug d/95680] libdruntime doesn't support shadow stack
2020-06-15 13:22 [Bug d/95680] New: libdruntime doesn't support shadow stack hjl.tools at gmail dot com
` (4 preceding siblings ...)
2020-09-10 16:04 ` cvs-commit at gcc dot gnu.org
@ 2020-09-10 16:11 ` ibuclaw at gdcproject dot org
5 siblings, 0 replies; 7+ messages in thread
From: ibuclaw at gdcproject dot org @ 2020-09-10 16:11 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95680
Iain Buclaw <ibuclaw at gdcproject dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #6 from Iain Buclaw <ibuclaw at gdcproject dot org> ---
Done.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-09-10 16:11 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-15 13:22 [Bug d/95680] New: libdruntime doesn't support shadow stack hjl.tools at gmail dot com
2020-06-15 16:20 ` [Bug d/95680] " ibuclaw at gdcproject dot org
2020-06-15 16:44 ` hjl.tools at gmail dot com
2020-09-08 10:15 ` cvs-commit at gcc dot gnu.org
2020-09-09 17:38 ` cvs-commit at gcc dot gnu.org
2020-09-10 16:04 ` cvs-commit at gcc dot gnu.org
2020-09-10 16:11 ` ibuclaw at gdcproject dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).