[PATCH] libphobos: libdruntime doesn't support shadow stack (PR95680)

[PATCH] libphobos: libdruntime doesn't support shadow stack (PR95680)

[Iain Buclaw]

Hi,

This patch removes whatever CET support was in the switchContext routine
for x86 D runtime, and instead uses the ucontext fallback, which propely
handles shadow stack handling.

Rather than implementing support within D runtime itself, use libc
getcontext/setcontext functions if CET is enabled instead.

HJ, does this look reasonable before I commit it?  The detection has
been done at configure-time, rather than adding a predefined version
condition for CET within the compiler.

Done regression testing on x86_64-linux-gnu/-m32/-mx32.

Regards
Iain.

---
libphobos/ChangeLog:

	PR d/95680
	* Makefile.in: Regenerate.
	* configure: Regenerate.
	* configure.ac (DCFG_ENABLE_CET): Substitute.
	* libdruntime/Makefile.in: Regenerate.
	* libdruntime/config/x86/switchcontext.S: Remove CET support code.
	* libdruntime/core/thread.d: Import gcc.config.  Don't set version
	AsmExternal when GNU_Enable_CET is true.
	* libdruntime/gcc/config.d.in (GNU_Enable_CET): Define.
	* src/Makefile.in: Regenerate.
	* testsuite/Makefile.in: Regenerate.
---
 libphobos/Makefile.in                         |  3 ++
 libphobos/configure                           | 13 +++--
 libphobos/configure.ac                        |  3 ++
 libphobos/libdruntime/Makefile.in             |  4 ++
 .../libdruntime/config/x86/switchcontext.S    | 12 +----
 libphobos/libdruntime/core/thread.d           | 52 +++++++++++--------
 libphobos/libdruntime/gcc/config.d.in         |  3 ++
 libphobos/src/Makefile.in                     |  4 ++
 libphobos/testsuite/Makefile.in               |  4 ++
 9 files changed, 64 insertions(+), 34 deletions(-)

diff --git a/libphobos/Makefile.in b/libphobos/Makefile.in
index 4806f69f406..f6cba17159f 100644
--- a/libphobos/Makefile.in
+++ b/libphobos/Makefile.in
@@ -108,6 +108,8 @@ target_triplet = @target@
 subdir = .
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \
+	$(top_srcdir)/../config/cet.m4 \
+	$(top_srcdir)/../config/enable.m4 \
 	$(top_srcdir)/../config/lead-dot.m4 \
 	$(top_srcdir)/../config/multi.m4 \
 	$(top_srcdir)/../config/override.m4 \
@@ -214,6 +216,7 @@ CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
 DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
+DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
 DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
 DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
 DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@
diff --git a/libphobos/configure b/libphobos/configure
index a8d151cdccb..86a0aba6976 100755
--- a/libphobos/configure
+++ b/libphobos/configure
@@ -722,6 +722,7 @@ LIBTOOL
 CFLAGS_FOR_BUILD
 CC_FOR_BUILD
 AR
+DCFG_ENABLE_CET
 CET_FLAGS
 RANLIB
 MAINT
@@ -5586,7 +5587,7 @@ case "$host" in
     case "$enable_cet" in
       auto)
 	# Check if target supports multi-byte NOPs
-	# and if assembler supports CET insn.
+	# and if compiler and assembler support CET insn.
 	cet_save_CFLAGS="$CFLAGS"
 	CFLAGS="$CFLAGS -fcf-protection"
 	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -5650,6 +5651,12 @@ $as_echo "no" >&6; }
 fi
 
 
+if test x$enable_cet = xyes; then :
+  DCFG_ENABLE_CET=true
+else
+  DCFG_ENABLE_CET=false
+fi
+
 
 # This should be inherited in the recursive make, but ensure it is defined.
 test "$AR" || AR=ar
@@ -11738,7 +11745,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 11741 "configure"
+#line 11748 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -11844,7 +11851,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 11847 "configure"
+#line 11854 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
diff --git a/libphobos/configure.ac b/libphobos/configure.ac
index ec8a30ea511..97f96934aaf 100644
--- a/libphobos/configure.ac
+++ b/libphobos/configure.ac
@@ -68,6 +68,9 @@ AC_PROG_MAKE_SET
 # Add CET specific flags if CET is enabled
 GCC_CET_FLAGS(CET_FLAGS)
 AC_SUBST(CET_FLAGS)
+AS_IF([test x$enable_cet = xyes],
+  [DCFG_ENABLE_CET=true], [DCFG_ENABLE_CET=false])
+AC_SUBST(DCFG_ENABLE_CET)
 
 # This should be inherited in the recursive make, but ensure it is defined.
 test "$AR" || AR=ar
diff --git a/libphobos/libdruntime/Makefile.in b/libphobos/libdruntime/Makefile.in
index 3fddbc340de..28b4333838f 100644
--- a/libphobos/libdruntime/Makefile.in
+++ b/libphobos/libdruntime/Makefile.in
@@ -131,6 +131,8 @@ target_triplet = @target@
 subdir = libdruntime
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \
+	$(top_srcdir)/../config/cet.m4 \
+	$(top_srcdir)/../config/enable.m4 \
 	$(top_srcdir)/../config/lead-dot.m4 \
 	$(top_srcdir)/../config/multi.m4 \
 	$(top_srcdir)/../config/override.m4 \
@@ -565,6 +567,7 @@ CC = @CC@
 CCAS = @CCAS@
 CCASFLAGS = @CCASFLAGS@
 CC_FOR_BUILD = @CC_FOR_BUILD@
+CET_FLAGS = @CET_FLAGS@
 CFLAGS = @CFLAGS@
 CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@
 CHECKING_DFLAGS = @CHECKING_DFLAGS@
@@ -573,6 +576,7 @@ CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
 DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
+DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
 DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
 DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
 DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@
diff --git a/libphobos/libdruntime/config/x86/switchcontext.S b/libphobos/libdruntime/config/x86/switchcontext.S
index 35063af491c..85f2e00d186 100644
--- a/libphobos/libdruntime/config/x86/switchcontext.S
+++ b/libphobos/libdruntime/config/x86/switchcontext.S
@@ -24,13 +24,7 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
 
 #include "../common/threadasm.S"
 
-#ifdef __CET__
-# include <cet.h>
-#else
-# define _CET_ENDBR
-#endif
-
-#if defined(__i386__)
+#if defined(__i386__) && !defined(__CET__)
 
     .text
     .globl CSYM(fiber_switchContext)
@@ -38,7 +32,6 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
     .align 16
 CSYM(fiber_switchContext):
     .cfi_startproc
-    _CET_ENDBR
     // save current stack state
     push %ebp
     mov  %esp, %ebp
@@ -65,7 +58,7 @@ CSYM(fiber_switchContext):
     .cfi_endproc
     .size CSYM(fiber_switchContext),.-CSYM(fiber_switchContext)
 
-#elif defined(__x86_64__) && !defined(__ILP32__)
+#elif defined(__x86_64__) && !defined(__ILP32__) && !defined(__CET__)
 
     .text
     .globl CSYM(fiber_switchContext)
@@ -73,7 +66,6 @@ CSYM(fiber_switchContext):
     .align 16
 CSYM(fiber_switchContext):
     .cfi_startproc
-    _CET_ENDBR
     // Save current stack state.save current stack state
     push %rbp
     mov  %rsp, %rbp
diff --git a/libphobos/libdruntime/core/thread.d b/libphobos/libdruntime/core/thread.d
index e1a68057ca1..8f4603d3d2f 100644
--- a/libphobos/libdruntime/core/thread.d
+++ b/libphobos/libdruntime/core/thread.d
@@ -3586,35 +3586,45 @@ private
     }
     else version (X86)
     {
-        version = AsmExternal;
+        import gcc.config;
 
-        version (MinGW)
-        {
-            version = GNU_AsmX86_Windows;
-            version = AlignFiberStackTo16Byte;
-        }
-        else version (Posix)
+        version = AlignFiberStackTo16Byte;
+
+        static if (!GNU_Enable_CET)
         {
-            version = AsmX86_Posix;
-            version (OSX)
-                version = AlignFiberStackTo16Byte;
+            version = AsmExternal;
+
+            version (MinGW)
+            {
+                version = GNU_AsmX86_Windows;
+            }
+            else version (Posix)
+            {
+                version = AsmX86_Posix;
+            }
         }
     }
     else version (X86_64)
     {
-        version (D_X32)
-        {
-            // let X32 be handled by ucontext swapcontext
-        }
-        else
+        import gcc.config;
+
+        version = AlignFiberStackTo16Byte;
+
+        static if (!GNU_Enable_CET)
         {
-            version = AsmExternal;
-            version = AlignFiberStackTo16Byte;
+            version (D_X32)
+            {
+                // let X32 be handled by ucontext swapcontext
+            }
+            else
+            {
+                version = AsmExternal;
 
-            version (MinGW)
-                version = GNU_AsmX86_64_Windows;
-            else version (Posix)
-                version = AsmX86_64_Posix;
+                version (MinGW)
+                    version = GNU_AsmX86_64_Windows;
+                else version (Posix)
+                    version = AsmX86_64_Posix;
+            }
         }
     }
     else version (PPC)
diff --git a/libphobos/libdruntime/gcc/config.d.in b/libphobos/libdruntime/gcc/config.d.in
index 6301aaff069..9ac7d055271 100644
--- a/libphobos/libdruntime/gcc/config.d.in
+++ b/libphobos/libdruntime/gcc/config.d.in
@@ -49,3 +49,6 @@ enum GNU_Have_LibAtomic = @DCFG_HAVE_LIBATOMIC@;
 
 // Do we have qsort_r function
 enum Have_Qsort_R = @DCFG_HAVE_QSORT_R@;
+
+// Whether libphobos been configured with --enable-cet.
+enum GNU_Enable_CET = @DCFG_ENABLE_CET@;
diff --git a/libphobos/src/Makefile.in b/libphobos/src/Makefile.in
index 4b1ae863a3f..dc5f4f5ca57 100644
--- a/libphobos/src/Makefile.in
+++ b/libphobos/src/Makefile.in
@@ -93,6 +93,8 @@ target_triplet = @target@
 subdir = src
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \
+	$(top_srcdir)/../config/cet.m4 \
+	$(top_srcdir)/../config/enable.m4 \
 	$(top_srcdir)/../config/lead-dot.m4 \
 	$(top_srcdir)/../config/multi.m4 \
 	$(top_srcdir)/../config/override.m4 \
@@ -321,6 +323,7 @@ CC = @CC@
 CCAS = @CCAS@
 CCASFLAGS = @CCASFLAGS@
 CC_FOR_BUILD = @CC_FOR_BUILD@
+CET_FLAGS = @CET_FLAGS@
 CFLAGS = @CFLAGS@
 CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@
 CHECKING_DFLAGS = @CHECKING_DFLAGS@
@@ -329,6 +332,7 @@ CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
 DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
+DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
 DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
 DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
 DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@
diff --git a/libphobos/testsuite/Makefile.in b/libphobos/testsuite/Makefile.in
index 66077fc19a9..5a4c0317509 100644
--- a/libphobos/testsuite/Makefile.in
+++ b/libphobos/testsuite/Makefile.in
@@ -93,6 +93,8 @@ target_triplet = @target@
 subdir = testsuite
 ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
 am__aclocal_m4_deps = $(top_srcdir)/../config/acx.m4 \
+	$(top_srcdir)/../config/cet.m4 \
+	$(top_srcdir)/../config/enable.m4 \
 	$(top_srcdir)/../config/lead-dot.m4 \
 	$(top_srcdir)/../config/multi.m4 \
 	$(top_srcdir)/../config/override.m4 \
@@ -149,6 +151,7 @@ CC = @CC@
 CCAS = @CCAS@
 CCASFLAGS = @CCASFLAGS@
 CC_FOR_BUILD = @CC_FOR_BUILD@
+CET_FLAGS = @CET_FLAGS@
 CFLAGS = @CFLAGS@
 CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@
 CHECKING_DFLAGS = @CHECKING_DFLAGS@
@@ -157,6 +160,7 @@ CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
 DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
+DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
 DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
 DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
 DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@
-- 
2.25.1

Re: [PATCH] libphobos: libdruntime doesn't support shadow stack (PR95680)

[H.J. Lu]

On Mon, Sep 7, 2020 at 2:35 PM Iain Buclaw <ibuclaw@gdcproject.org> wrote:
>
> Hi,
>
> This patch removes whatever CET support was in the switchContext routine
> for x86 D runtime, and instead uses the ucontext fallback, which propely
> handles shadow stack handling.
>
> Rather than implementing support within D runtime itself, use libc
> getcontext/setcontext functions if CET is enabled instead.
>
> HJ, does this look reasonable before I commit it?  The detection has
> been done at configure-time, rather than adding a predefined version
> condition for CET within the compiler.
>
> Done regression testing on x86_64-linux-gnu/-m32/-mx32.
>
> Regards
> Iain.
>
> ---
> libphobos/ChangeLog:
>
>         PR d/95680
>         * Makefile.in: Regenerate.
>         * configure: Regenerate.
>         * configure.ac (DCFG_ENABLE_CET): Substitute.
>         * libdruntime/Makefile.in: Regenerate.
>         * libdruntime/config/x86/switchcontext.S: Remove CET support code.
>         * libdruntime/core/thread.d: Import gcc.config.  Don't set version
>         AsmExternal when GNU_Enable_CET is true.
>         * libdruntime/gcc/config.d.in (GNU_Enable_CET): Define.
>         * src/Makefile.in: Regenerate.
>         * testsuite/Makefile.in: Regenerate.

Looks good.  I can try it on Tiger Lake after it has been checked in.

Thanks.

-- 
H.J.

Re: [PATCH] libphobos: libdruntime doesn't support shadow stack (PR95680)

[Iain Buclaw]

Excerpts from H.J. Lu's message of September 8, 2020 4:09 am:
> On Mon, Sep 7, 2020 at 2:35 PM Iain Buclaw <ibuclaw@gdcproject.org> wrote:
>>
>> Hi,
>>
>> This patch removes whatever CET support was in the switchContext routine
>> for x86 D runtime, and instead uses the ucontext fallback, which propely
>> handles shadow stack handling.
>>
>> Rather than implementing support within D runtime itself, use libc
>> getcontext/setcontext functions if CET is enabled instead.
>>
>> HJ, does this look reasonable before I commit it?  The detection has
>> been done at configure-time, rather than adding a predefined version
>> condition for CET within the compiler.
>>
>> Done regression testing on x86_64-linux-gnu/-m32/-mx32.
>>
>> Regards
>> Iain.
>>
>> ---
>> libphobos/ChangeLog:
>>
>>         PR d/95680
>>         * Makefile.in: Regenerate.
>>         * configure: Regenerate.
>>         * configure.ac (DCFG_ENABLE_CET): Substitute.
>>         * libdruntime/Makefile.in: Regenerate.
>>         * libdruntime/config/x86/switchcontext.S: Remove CET support code.
>>         * libdruntime/core/thread.d: Import gcc.config.  Don't set version
>>         AsmExternal when GNU_Enable_CET is true.
>>         * libdruntime/gcc/config.d.in (GNU_Enable_CET): Define.
>>         * src/Makefile.in: Regenerate.
>>         * testsuite/Makefile.in: Regenerate.
> 
> Looks good.  I can try it on Tiger Lake after it has been checked in.
> 

OK, I have committed it as r11-3047.

Iain.

Re: [PATCH] libphobos: libdruntime doesn't support shadow stack (PR95680)

[Rainer Orth]

Hi Iain,

>>> ---
>>> libphobos/ChangeLog:
>>>
>>>         PR d/95680
>>>         * Makefile.in: Regenerate.
>>>         * configure: Regenerate.
>>>         * configure.ac (DCFG_ENABLE_CET): Substitute.
>>>         * libdruntime/Makefile.in: Regenerate.
>>>         * libdruntime/config/x86/switchcontext.S: Remove CET support code.
>>>         * libdruntime/core/thread.d: Import gcc.config.  Don't set version
>>>         AsmExternal when GNU_Enable_CET is true.
>>>         * libdruntime/gcc/config.d.in (GNU_Enable_CET): Define.
>>>         * src/Makefile.in: Regenerate.
>>>         * testsuite/Makefile.in: Regenerate.
>> 
>> Looks good.  I can try it on Tiger Lake after it has been checked in.
>> 
>
> OK, I have committed it as r11-3047.

this patch broke Solaris/x86 bootstrap:

/vol/gcc/src/hg/master/local/libphobos/libdruntime/core/thread.d:3595:23: error: version AsmExternal defined after use
 3595 |             version = AsmExternal;
      |                       ^
/vol/gcc/src/hg/master/local/libphobos/libdruntime/core/thread.d:3603:27: error: version AsmX86_Posix defined after use
 3603 |                 version = AsmX86_Posix;
      |                           ^

and similarly for the 64-bit version.  libdruntime/gcc/config.d has

// Whether libphobos been configured with --enable-cet.
enum GNU_Enable_CET = false;

	Rainer

-- 
-----------------------------------------------------------------------------
Rainer Orth, Center for Biotechnology, Bielefeld University

Re: [PATCH] libphobos: libdruntime doesn't support shadow stack (PR95680)

[Iain Buclaw]

Excerpts from Rainer Orth's message of September 8, 2020 11:34 pm:
> Hi Iain,
> 
>>>> ---
>>>> libphobos/ChangeLog:
>>>>
>>>>         PR d/95680
>>>>         * Makefile.in: Regenerate.
>>>>         * configure: Regenerate.
>>>>         * configure.ac (DCFG_ENABLE_CET): Substitute.
>>>>         * libdruntime/Makefile.in: Regenerate.
>>>>         * libdruntime/config/x86/switchcontext.S: Remove CET support code.
>>>>         * libdruntime/core/thread.d: Import gcc.config.  Don't set version
>>>>         AsmExternal when GNU_Enable_CET is true.
>>>>         * libdruntime/gcc/config.d.in (GNU_Enable_CET): Define.
>>>>         * src/Makefile.in: Regenerate.
>>>>         * testsuite/Makefile.in: Regenerate.
>>> 
>>> Looks good.  I can try it on Tiger Lake after it has been checked in.
>>> 
>>
>> OK, I have committed it as r11-3047.
> 
> this patch broke Solaris/x86 bootstrap:
> 
> /vol/gcc/src/hg/master/local/libphobos/libdruntime/core/thread.d:3595:23: error: version AsmExternal defined after use
>  3595 |             version = AsmExternal;
>       |                       ^
> /vol/gcc/src/hg/master/local/libphobos/libdruntime/core/thread.d:3603:27: error: version AsmX86_Posix defined after use
>  3603 |                 version = AsmX86_Posix;
>       |                           ^
> 
> and similarly for the 64-bit version.  libdruntime/gcc/config.d has
> 
> // Whether libphobos been configured with --enable-cet.
> enum GNU_Enable_CET = false;
> 
> 	Rainer
> 

Looks like I can only use version conditions, or static if conditions.
Not both at the same time.  Found a related bug in upstream dmd
https://issues.dlang.org/show_bug.cgi?id=7386

Fixing the front-end here will not be possible without some pervasive
changes in how symbol resolving is handled.  Which is a shame.

I'm just testing passing -fversion=CET during compilation.

Iain.

---
diff --git a/libphobos/Makefile.am b/libphobos/Makefile.am
index 84d80016025..874b3a25d02 100644
--- a/libphobos/Makefile.am
+++ b/libphobos/Makefile.am
@@ -33,14 +33,14 @@ AM_MAKEFLAGS = \
 	"AR_FLAGS=$(AR_FLAGS)" \
 	"CC_FOR_BUILD=$(CC_FOR_BUILD)" \
 	"CC_FOR_TARGET=$(CC_FOR_TARGET)" \
-	"CCASFLAGS=$(CCASFLAGS) $(CET_FLAGS)" \
-	"CFLAGS=$(CFLAGS) $(CET_FLAGS)" \
-	"CXXFLAGS=$(CXXFLAGS) $(CET_FLAGS)" \
+	"CCASFLAGS=$(CCASFLAGS)" \
+	"CFLAGS=$(CFLAGS)" \
+	"CXXFLAGS=$(CXXFLAGS)" \
 	"CFLAGS_FOR_BUILD=$(CFLAGS_FOR_BUILD)" \
-	"CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET) $(CET_FLAGS)" \
+	"CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET)" \
 	"GDC_FOR_TARGET=$(GDC_FOR_TARGET)" \
 	"GDC=$(GDC)" \
-	"GDCFLAGS=$(GDCFLAGS) $(CET_FLAGS)" \
+	"GDCFLAGS=$(GDCFLAGS)" \
 	"INSTALL=$(INSTALL)" \
 	"INSTALL_DATA=$(INSTALL_DATA)" \
 	"INSTALL_PROGRAM=$(INSTALL_PROGRAM)" \
diff --git a/libphobos/Makefile.in b/libphobos/Makefile.in
index f6cba17159f..f692b2f719e 100644
--- a/libphobos/Makefile.in
+++ b/libphobos/Makefile.in
@@ -207,6 +207,7 @@ CC = @CC@
 CCAS = @CCAS@
 CCASFLAGS = @CCASFLAGS@
 CC_FOR_BUILD = @CC_FOR_BUILD@
+CET_DFLAGS = @CET_DFLAGS@
 CET_FLAGS = @CET_FLAGS@
 CFLAGS = @CFLAGS@
 CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@
@@ -216,7 +217,6 @@ CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
 DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
-DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
 DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
 DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
 DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@
@@ -355,14 +355,14 @@ AM_MAKEFLAGS = \
 	"AR_FLAGS=$(AR_FLAGS)" \
 	"CC_FOR_BUILD=$(CC_FOR_BUILD)" \
 	"CC_FOR_TARGET=$(CC_FOR_TARGET)" \
-	"CCASFLAGS=$(CCASFLAGS) $(CET_FLAGS)" \
-	"CFLAGS=$(CFLAGS) $(CET_FLAGS)" \
-	"CXXFLAGS=$(CXXFLAGS) $(CET_FLAGS)" \
+	"CCASFLAGS=$(CCASFLAGS)" \
+	"CFLAGS=$(CFLAGS)" \
+	"CXXFLAGS=$(CXXFLAGS)" \
 	"CFLAGS_FOR_BUILD=$(CFLAGS_FOR_BUILD)" \
-	"CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET) $(CET_FLAGS)" \
+	"CFLAGS_FOR_TARGET=$(CFLAGS_FOR_TARGET)" \
 	"GDC_FOR_TARGET=$(GDC_FOR_TARGET)" \
 	"GDC=$(GDC)" \
-	"GDCFLAGS=$(GDCFLAGS) $(CET_FLAGS)" \
+	"GDCFLAGS=$(GDCFLAGS)" \
 	"INSTALL=$(INSTALL)" \
 	"INSTALL_DATA=$(INSTALL_DATA)" \
 	"INSTALL_PROGRAM=$(INSTALL_PROGRAM)" \
diff --git a/libphobos/configure b/libphobos/configure
index 3cccee748e7..05f4d7af0d2 100755
--- a/libphobos/configure
+++ b/libphobos/configure
@@ -722,7 +722,7 @@ LIBTOOL
 CFLAGS_FOR_BUILD
 CC_FOR_BUILD
 AR
-DCFG_ENABLE_CET
+CET_DFLAGS
 CET_FLAGS
 RANLIB
 MAINT
@@ -5651,12 +5651,11 @@ $as_echo "no" >&6; }
 fi
 
 
-if test x$enable_cet = xyes; then :
-  DCFG_ENABLE_CET=true
-else
-  DCFG_ENABLE_CET=false
-fi
+# To ensure that runtime code for CET is compiled in, add in D version flags.
+if test "$enable_cet" = yes; then
+  CET_DFLAGS="$CET_FLAGS -fversion=CET"
 
+fi
 
 # This should be inherited in the recursive make, but ensure it is defined.
 test "$AR" || AR=ar
@@ -11745,7 +11744,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 11748 "configure"
+#line 11747 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -11851,7 +11850,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 11854 "configure"
+#line 11853 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
diff --git a/libphobos/configure.ac b/libphobos/configure.ac
index b5fbb4a276d..dcaf2791b26 100644
--- a/libphobos/configure.ac
+++ b/libphobos/configure.ac
@@ -68,9 +68,11 @@ AC_PROG_MAKE_SET
 # Add CET specific flags if CET is enabled
 GCC_CET_FLAGS(CET_FLAGS)
 AC_SUBST(CET_FLAGS)
-AS_IF([test x$enable_cet = xyes],
-  [DCFG_ENABLE_CET=true], [DCFG_ENABLE_CET=false])
-AC_SUBST(DCFG_ENABLE_CET)
+# To ensure that runtime code for CET is compiled in, add in D version flags.
+if test "$enable_cet" = yes; then
+  CET_DFLAGS="$CET_FLAGS -fversion=CET"
+  AC_SUBST(CET_DFLAGS)
+fi
 
 # This should be inherited in the recursive make, but ensure it is defined.
 test "$AR" || AR=ar
diff --git a/libphobos/libdruntime/Makefile.am b/libphobos/libdruntime/Makefile.am
index 1d340a0041c..4136642beeb 100644
--- a/libphobos/libdruntime/Makefile.am
+++ b/libphobos/libdruntime/Makefile.am
@@ -24,7 +24,11 @@ D_EXTRA_DFLAGS=-nostdinc -I $(srcdir) -I .
 # D flags for compilation
 AM_DFLAGS= \
 	$(phobos_compiler_pic_flag) \
-	$(WARN_DFLAGS) $(CHECKING_DFLAGS)
+	$(WARN_DFLAGS) $(CHECKING_DFLAGS) $(CET_DFLAGS)
+
+# Flags for other kinds of sources
+AM_CFLAGS=$(CET_FLAGS)
+AM_CCASFLAGS=$(CET_FLAGS)
 
 # Install all D and DI files
 ALL_DRUNTIME_INSTALL_DSOURCES = $(DRUNTIME_DSOURCES) \
diff --git a/libphobos/libdruntime/Makefile.in b/libphobos/libdruntime/Makefile.in
index 28b4333838f..d0bb3242c4f 100644
--- a/libphobos/libdruntime/Makefile.in
+++ b/libphobos/libdruntime/Makefile.in
@@ -567,6 +567,7 @@ CC = @CC@
 CCAS = @CCAS@
 CCASFLAGS = @CCASFLAGS@
 CC_FOR_BUILD = @CC_FOR_BUILD@
+CET_DFLAGS = @CET_DFLAGS@
 CET_FLAGS = @CET_FLAGS@
 CFLAGS = @CFLAGS@
 CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@
@@ -576,7 +577,6 @@ CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
 DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
-DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
 DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
 DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
 DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@
@@ -719,9 +719,13 @@ D_EXTRA_DFLAGS = -nostdinc -I $(srcdir) -I .
 # D flags for compilation
 AM_DFLAGS = \
 	$(phobos_compiler_pic_flag) \
-	$(WARN_DFLAGS) $(CHECKING_DFLAGS)
+	$(WARN_DFLAGS) $(CHECKING_DFLAGS) $(CET_DFLAGS)
 
 
+# Flags for other kinds of sources
+AM_CFLAGS = $(CET_FLAGS)
+AM_CCASFLAGS = $(CET_FLAGS)
+
 # Install all D and DI files
 ALL_DRUNTIME_INSTALL_DSOURCES = $(DRUNTIME_DSOURCES) \
 	$(DRUNTIME_DSOURCES_BIONIC) $(DRUNTIME_DSOURCES_DARWIN) \
diff --git a/libphobos/libdruntime/core/thread.d b/libphobos/libdruntime/core/thread.d
index 8f4603d3d2f..eaf088d53c1 100644
--- a/libphobos/libdruntime/core/thread.d
+++ b/libphobos/libdruntime/core/thread.d
@@ -3586,45 +3586,44 @@ private
     }
     else version (X86)
     {
-        import gcc.config;
-
         version = AlignFiberStackTo16Byte;
 
-        static if (!GNU_Enable_CET)
+        version (CET)
+        {
+            // fiber_switchContext does not support shadow stack from
+            // Intel CET.  So use ucontext implementation.
+        }
+        else
         {
             version = AsmExternal;
 
             version (MinGW)
-            {
                 version = GNU_AsmX86_Windows;
-            }
             else version (Posix)
-            {
                 version = AsmX86_Posix;
-            }
         }
     }
     else version (X86_64)
     {
-        import gcc.config;
-
         version = AlignFiberStackTo16Byte;
 
-        static if (!GNU_Enable_CET)
+        version (CET)
         {
-            version (D_X32)
-            {
-                // let X32 be handled by ucontext swapcontext
-            }
-            else
-            {
-                version = AsmExternal;
+            // fiber_switchContext does not support shadow stack from
+            // Intel CET.  So use ucontext implementation.
+        }
+        else version (D_X32)
+        {
+            // let X32 be handled by ucontext swapcontext
+        }
+        else
+        {
+            version = AsmExternal;
 
-                version (MinGW)
-                    version = GNU_AsmX86_64_Windows;
-                else version (Posix)
-                    version = AsmX86_64_Posix;
-            }
+            version (MinGW)
+                version = GNU_AsmX86_64_Windows;
+            else version (Posix)
+                version = AsmX86_64_Posix;
         }
     }
     else version (PPC)
diff --git a/libphobos/libdruntime/gcc/config.d.in b/libphobos/libdruntime/gcc/config.d.in
index 9ac7d055271..6301aaff069 100644
--- a/libphobos/libdruntime/gcc/config.d.in
+++ b/libphobos/libdruntime/gcc/config.d.in
@@ -49,6 +49,3 @@ enum GNU_Have_LibAtomic = @DCFG_HAVE_LIBATOMIC@;
 
 // Do we have qsort_r function
 enum Have_Qsort_R = @DCFG_HAVE_QSORT_R@;
-
-// Whether libphobos been configured with --enable-cet.
-enum GNU_Enable_CET = @DCFG_ENABLE_CET@;
diff --git a/libphobos/src/Makefile.am b/libphobos/src/Makefile.am
index 9fb416ecc32..3769d8efafc 100644
--- a/libphobos/src/Makefile.am
+++ b/libphobos/src/Makefile.am
@@ -25,7 +25,10 @@ D_EXTRA_DFLAGS=-nostdinc -I $(srcdir) \
 # D flags for compilation
 AM_DFLAGS= \
 	$(phobos_compiler_pic_flag) \
-	$(WARN_DFLAGS) $(CHECKING_DFLAGS)
+	$(WARN_DFLAGS) $(CHECKING_DFLAGS) $(CET_DFLAGS)
+
+# Flags for other kinds of sources
+AM_CFLAGS=$(CET_FLAGS)
 
 # Install all D files
 ALL_PHOBOS_INSTALL_DSOURCES = $(PHOBOS_DSOURCES)
diff --git a/libphobos/src/Makefile.in b/libphobos/src/Makefile.in
index dc5f4f5ca57..4a0612a613b 100644
--- a/libphobos/src/Makefile.in
+++ b/libphobos/src/Makefile.in
@@ -323,6 +323,7 @@ CC = @CC@
 CCAS = @CCAS@
 CCASFLAGS = @CCASFLAGS@
 CC_FOR_BUILD = @CC_FOR_BUILD@
+CET_DFLAGS = @CET_DFLAGS@
 CET_FLAGS = @CET_FLAGS@
 CFLAGS = @CFLAGS@
 CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@
@@ -332,7 +333,6 @@ CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
 DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
-DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
 DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
 DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
 DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@
@@ -477,9 +477,12 @@ D_EXTRA_DFLAGS = -nostdinc -I $(srcdir) \
 # D flags for compilation
 AM_DFLAGS = \
 	$(phobos_compiler_pic_flag) \
-	$(WARN_DFLAGS) $(CHECKING_DFLAGS)
+	$(WARN_DFLAGS) $(CHECKING_DFLAGS) $(CET_DFLAGS)
 
 
+# Flags for other kinds of sources
+AM_CFLAGS = $(CET_FLAGS)
+
 # Install all D files
 ALL_PHOBOS_INSTALL_DSOURCES = $(PHOBOS_DSOURCES)
 
diff --git a/libphobos/testsuite/Makefile.in b/libphobos/testsuite/Makefile.in
index 5a4c0317509..2f6911d4d47 100644
--- a/libphobos/testsuite/Makefile.in
+++ b/libphobos/testsuite/Makefile.in
@@ -151,6 +151,7 @@ CC = @CC@
 CCAS = @CCAS@
 CCASFLAGS = @CCASFLAGS@
 CC_FOR_BUILD = @CC_FOR_BUILD@
+CET_DFLAGS = @CET_DFLAGS@
 CET_FLAGS = @CET_FLAGS@
 CFLAGS = @CFLAGS@
 CFLAGS_FOR_BUILD = @CFLAGS_FOR_BUILD@
@@ -160,7 +161,6 @@ CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DCFG_ARM_EABI_UNWINDER = @DCFG_ARM_EABI_UNWINDER@
 DCFG_DLPI_TLS_MODID = @DCFG_DLPI_TLS_MODID@
-DCFG_ENABLE_CET = @DCFG_ENABLE_CET@
 DCFG_HAVE_64BIT_ATOMICS = @DCFG_HAVE_64BIT_ATOMICS@
 DCFG_HAVE_ATOMIC_BUILTINS = @DCFG_HAVE_ATOMIC_BUILTINS@
 DCFG_HAVE_LIBATOMIC = @DCFG_HAVE_LIBATOMIC@

Re: [PATCH] libphobos: libdruntime doesn't support shadow stack (PR95680)

[Rainer Orth]

Hi Iain,

>> this patch broke Solaris/x86 bootstrap:
>> 
>> /vol/gcc/src/hg/master/local/libphobos/libdruntime/core/thread.d:3595:23:
>> error: version AsmExternal defined after use
>>  3595 |             version = AsmExternal;
>>       |                       ^
>> /vol/gcc/src/hg/master/local/libphobos/libdruntime/core/thread.d:3603:27:
>> error: version AsmX86_Posix defined after use
>>  3603 |                 version = AsmX86_Posix;
>>       |                           ^
>> 
>> and similarly for the 64-bit version.  libdruntime/gcc/config.d has
>> 
>> // Whether libphobos been configured with --enable-cet.
>> enum GNU_Enable_CET = false;
>> 
>> 	Rainer
>> 
>
> Looks like I can only use version conditions, or static if conditions.
> Not both at the same time.  Found a related bug in upstream dmd
> https://issues.dlang.org/show_bug.cgi?id=7386
>
> Fixing the front-end here will not be possible without some pervasive
> changes in how symbol resolving is handled.  Which is a shame.
>
> I'm just testing passing -fversion=CET during compilation.

I've just tested it no i386-pc-solaris2.11: worked fine.

Thanks.
	Rainer

-- 
-----------------------------------------------------------------------------
Rainer Orth, Center for Biotechnology, Bielefeld University

[PATCH] libphobos: Include <cet.h> to generate the CET marker for -fcf-protection

[H.J. Lu]

[-- Attachment #1: Type: text/plain, Size: 1602 bytes --]

On Mon, Sep 7, 2020 at 7:09 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> On Mon, Sep 7, 2020 at 2:35 PM Iain Buclaw <ibuclaw@gdcproject.org> wrote:
> >
> > Hi,
> >
> > This patch removes whatever CET support was in the switchContext routine
> > for x86 D runtime, and instead uses the ucontext fallback, which propely
> > handles shadow stack handling.
> >
> > Rather than implementing support within D runtime itself, use libc
> > getcontext/setcontext functions if CET is enabled instead.
> >
> > HJ, does this look reasonable before I commit it?  The detection has
> > been done at configure-time, rather than adding a predefined version
> > condition for CET within the compiler.
> >
> > Done regression testing on x86_64-linux-gnu/-m32/-mx32.
> >
> > Regards
> > Iain.
> >
> > ---
> > libphobos/ChangeLog:
> >
> >         PR d/95680
> >         * Makefile.in: Regenerate.
> >         * configure: Regenerate.
> >         * configure.ac (DCFG_ENABLE_CET): Substitute.
> >         * libdruntime/Makefile.in: Regenerate.
> >         * libdruntime/config/x86/switchcontext.S: Remove CET support code.
> >         * libdruntime/core/thread.d: Import gcc.config.  Don't set version
> >         AsmExternal when GNU_Enable_CET is true.
> >         * libdruntime/gcc/config.d.in (GNU_Enable_CET): Define.
> >         * src/Makefile.in: Regenerate.
> >         * testsuite/Makefile.in: Regenerate.
>
> Looks good.  I can try it on Tiger Lake after it has been checked in.
>

Here is the patch to enable the CET marker for -fcf-protection.
I saw some D run-time failures.  I will investigate them.

-- 
H.J.

[-- Attachment #2: 0001-libphobos-Include-cet.h-to-generate-the-CET-marker-f.patch --]
[-- Type: text/x-patch, Size: 1328 bytes --]

From a6e0f81ceebb0fc8791340349b43270fce3d0bf1 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 8 Sep 2020 05:54:56 -0700
Subject: [PATCH] libphobos: Include <cet.h> to generate the CET marker for
 -fcf-protection

Include <cet.h> to generate the CET marker for -fcf-protection to avoid

/bin/ld: ../libdruntime/.libs/libgdruntime_convenience.a(libgdruntime_convenience_la-switchcontext.o): error: missing IBT and SHSTK properties

when -z cet-report=error is passed to the linker to create libgphobos.so
and libgdruntime.so.

	PR d/95680
	* libdruntime/config/x86/switchcontext.S: Include <cet.h> to
	generate the CET marker for -fcf-protection.
---
 libphobos/libdruntime/config/x86/switchcontext.S | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libphobos/libdruntime/config/x86/switchcontext.S b/libphobos/libdruntime/config/x86/switchcontext.S
index 85f2e00d186..f2f8efa218e 100644
--- a/libphobos/libdruntime/config/x86/switchcontext.S
+++ b/libphobos/libdruntime/config/x86/switchcontext.S
@@ -24,6 +24,11 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
 
 #include "../common/threadasm.S"
 
+/* NB: Generate the CET marker for -fcf-protection.  */
+#ifdef __CET__
+# include <cet.h>
+#endif
+
 #if defined(__i386__) && !defined(__CET__)
 
     .text
-- 
2.26.2

Re: [PATCH] libphobos: Include <cet.h> to generate the CET marker for -fcf-protection

[Iain Buclaw]

Excerpts from H.J. Lu's message of September 9, 2020 7:08 pm:
> On Mon, Sep 7, 2020 at 7:09 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>>
>> On Mon, Sep 7, 2020 at 2:35 PM Iain Buclaw <ibuclaw@gdcproject.org> wrote:
>> >
>> > Hi,
>> >
>> > This patch removes whatever CET support was in the switchContext routine
>> > for x86 D runtime, and instead uses the ucontext fallback, which propely
>> > handles shadow stack handling.
>> >
>> > Rather than implementing support within D runtime itself, use libc
>> > getcontext/setcontext functions if CET is enabled instead.
>> >
>> > HJ, does this look reasonable before I commit it?  The detection has
>> > been done at configure-time, rather than adding a predefined version
>> > condition for CET within the compiler.
>> >
>> > Done regression testing on x86_64-linux-gnu/-m32/-mx32.
>> >
>> > Regards
>> > Iain.
>> >
>> > ---
>> > libphobos/ChangeLog:
>> >
>> >         PR d/95680
>> >         * Makefile.in: Regenerate.
>> >         * configure: Regenerate.
>> >         * configure.ac (DCFG_ENABLE_CET): Substitute.
>> >         * libdruntime/Makefile.in: Regenerate.
>> >         * libdruntime/config/x86/switchcontext.S: Remove CET support code.
>> >         * libdruntime/core/thread.d: Import gcc.config.  Don't set version
>> >         AsmExternal when GNU_Enable_CET is true.
>> >         * libdruntime/gcc/config.d.in (GNU_Enable_CET): Define.
>> >         * src/Makefile.in: Regenerate.
>> >         * testsuite/Makefile.in: Regenerate.
>>
>> Looks good.  I can try it on Tiger Lake after it has been checked in.
>>
> 
> Here is the patch to enable the CET marker for -fcf-protection.
> I saw some D run-time failures.  I will investigate them.
> 

Thanks, feel free to commit.

Iain.