This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch hjl/cet/property created. glibc-2.25-615-g0e65227
- From: hjl at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 28 Jun 2017 00:24:41 -0000
- Subject: GNU C Library master sources branch hjl/cet/property created. glibc-2.25-615-g0e65227
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, hjl/cet/property has been created
at 0e652272e397ab63c19e5277724d414c541073bf (commit)
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0e652272e397ab63c19e5277724d414c541073bf
commit 0e652272e397ab63c19e5277724d414c541073bf
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Tue Jun 27 17:23:06 2017 -0700
Add _dl_cet_init
diff --git a/sysdeps/x86/cpu-features.h b/sysdeps/x86/cpu-features.h
index 67bae77..3ceeceb 100644
--- a/sysdeps/x86/cpu-features.h
+++ b/sysdeps/x86/cpu-features.h
@@ -244,7 +244,7 @@ extern const struct cpu_features *__get_cpu_features (void)
# include <dlfcn.h>
extern void _dl_check_cet (const ElfW(Phdr) *, size_t,
const ElfW(Addr), bool)
- attribute_hidden;
+ internal_function attribute_hidden;
# endif
# if defined (_LIBC) && !IS_IN (nonlib)
diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c
index 85e128e..a303854 100644
--- a/sysdeps/x86/dl-cet.c
+++ b/sysdeps/x86/dl-cet.c
@@ -19,8 +19,8 @@
#include <link.h>
#include <ldsodefs.h>
-attribute_hidden
void
+internal_function
_dl_check_cet (const ElfW(Phdr) *phdr, size_t phnum,
const ElfW(Addr) addr, bool is_executable)
{
@@ -84,3 +84,10 @@ _dl_check_cet (const ElfW(Phdr) *phdr, size_t phnum,
cpu_features->feature[index_arch_SHSTK_Usable]
&= ~bit_arch_SHSTK_Usable;
}
+
+void
+internal_function
+_dl_cet_init (struct link_map *main_map, int argc, char **argv, char **env)
+{
+ _dl_init (main_map, argc, argv, env);
+}
diff --git a/sysdeps/x86_64/dl-machine.h b/sysdeps/x86_64/dl-machine.h
index f42ec90..25d0232 100644
--- a/sysdeps/x86_64/dl-machine.h
+++ b/sysdeps/x86_64/dl-machine.h
@@ -158,6 +158,12 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile)
return lazy;
}
+#ifdef ENABLE_CET
+# define DL_INIT "_dl_cet_init"
+#else
+# define DL_INIT "_dl_init"
+#endif
+
/* Initial entry point code for the dynamic linker.
The C function `_dl_start' is the real entry point;
its return value is the user program's entry point. */
@@ -199,7 +205,7 @@ _dl_start_user:\n\
# Clear %rbp to mark outermost frame obviously even for constructors.\n\
xorl %ebp, %ebp\n\
# Call the function to run the initializers.\n\
- call _dl_init\n\
+ call " DL_INIT "\n\
# Pass our finalizer function to the user in %rdx, as per ELF ABI.\n\
leaq _dl_fini(%rip), %rdx\n\
# And make sure %rsp points to argc stored on the stack.\n\
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=033fa3c314503f49fc0ff8e5f6d4620df0bfd2b0
commit 033fa3c314503f49fc0ff8e5f6d4620df0bfd2b0
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Tue Jun 27 16:09:45 2017 -0700
Check ENABLE_CET
diff --git a/sysdeps/x86/cpu-features.h b/sysdeps/x86/cpu-features.h
index 0167ad7..67bae77 100644
--- a/sysdeps/x86/cpu-features.h
+++ b/sysdeps/x86/cpu-features.h
@@ -238,12 +238,14 @@ struct cpu_features
extern const struct cpu_features *__get_cpu_features (void)
__attribute__ ((const));
+# ifdef ENABLE_CET
/* If <link.h> is included before <dlfcn.h>, _dl_addr won't be
declared. */
-# include <dlfcn.h>
+# include <dlfcn.h>
extern void _dl_check_cet (const ElfW(Phdr) *, size_t,
const ElfW(Addr), bool)
attribute_hidden;
+# endif
# if defined (_LIBC) && !IS_IN (nonlib)
/* Unused for x86. */
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=3b7b249e6046547a96a96af561720da75f8fa9ed
commit 3b7b249e6046547a96a96af561720da75f8fa9ed
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Tue Jun 27 16:07:23 2017 -0700
Call _dl_check_cet
diff --git a/sysdeps/unix/sysv/linux/x86/dl-sysdep.c b/sysdeps/unix/sysv/linux/x86/dl-sysdep.c
index 64eb0d7..4b77022 100644
--- a/sysdeps/unix/sysv/linux/x86/dl-sysdep.c
+++ b/sysdeps/unix/sysv/linux/x86/dl-sysdep.c
@@ -18,4 +18,5 @@
#include <config.h>
#include <sysdeps/x86/cpu-tunables.c>
+#include <sysdeps/x86/dl-cet.c>
#include <sysdeps/unix/sysv/linux/dl-sysdep.c>
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
index 1d087ea..ff7e421 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
@@ -256,6 +256,18 @@ init_cpu_features (struct cpu_features *cpu_features)
cpu_features->feature[index_arch_Use_dl_runtime_resolve_opt]
|= bit_arch_Use_dl_runtime_resolve_opt;
}
+
+#ifdef ENABLE_CET
+ /* Mark IBT and SHSTK usable if they are supported by CPU.
+ _dl_setup_cet will clear them if they are enabled in the
+ executable. */
+ if (CPU_FEATURES_CPU_P (cpu_features, IBT))
+ cpu_features->feature[index_arch_IBT_Usable]
+ |= bit_arch_IBT_Usable;
+ if (CPU_FEATURES_CPU_P (cpu_features, SHSTK))
+ cpu_features->feature[index_arch_SHSTK_Usable]
+ |= bit_arch_SHSTK_Usable;
+#endif
}
/* This spells out "AuthenticAMD". */
else if (ebx == 0x68747541 && ecx == 0x444d4163 && edx == 0x69746e65)
diff --git a/sysdeps/x86/cpu-features.h b/sysdeps/x86/cpu-features.h
index d2a9929..0167ad7 100644
--- a/sysdeps/x86/cpu-features.h
+++ b/sysdeps/x86/cpu-features.h
@@ -238,6 +238,13 @@ struct cpu_features
extern const struct cpu_features *__get_cpu_features (void)
__attribute__ ((const));
+/* If <link.h> is included before <dlfcn.h>, _dl_addr won't be
+ declared. */
+# include <dlfcn.h>
+extern void _dl_check_cet (const ElfW(Phdr) *, size_t,
+ const ElfW(Addr), bool)
+ attribute_hidden;
+
# if defined (_LIBC) && !IS_IN (nonlib)
/* Unused for x86. */
# define INIT_ARCH()
diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c
new file mode 100644
index 0000000..85e128e
--- /dev/null
+++ b/sysdeps/x86/dl-cet.c
@@ -0,0 +1,86 @@
+/* This file is part of the GNU C Library.
+ Copyright (C) 2017 Free Software Foundation, Inc.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+
+#include <link.h>
+#include <ldsodefs.h>
+
+attribute_hidden
+void
+_dl_check_cet (const ElfW(Phdr) *phdr, size_t phnum,
+ const ElfW(Addr) addr, bool is_executable)
+{
+ if (phdr == NULL)
+ return;
+
+ struct cpu_features *cpu_features = &GLRO(dl_x86_cpu_features);
+ size_t i;
+ bool ibt_enabled = false;
+ bool shstk_enabled = false;
+
+ for (i = 0; i < phnum; i++)
+ {
+ if (phdr[i].p_type == PT_NOTE)
+ {
+ const ElfW(Addr) start = phdr[i].p_vaddr + addr;
+ const ElfW(Nhdr) *note = (const void *) start;
+
+ while ((ElfW(Addr)) (note + 1) - start < phdr[i].p_memsz)
+ {
+ /* Find the NT_GNU_PROPERTY_TYPE_0 note. */
+ if (note->n_namesz == 4
+ && note->n_type == NT_GNU_PROPERTY_TYPE_0
+ && memcmp (note + 1, "GNU", 4) == 0)
+ {
+#define ROUND(len) (((len) + sizeof (ElfW(Addr)) - 1) & -sizeof (ElfW(Addr)))
+ unsigned int *ptr
+ = (unsigned int *) ((char *) ¬e->n_type
+ + ROUND (note->n_namesz));
+ if (ptr[0] == GNU_PROPERTY_X86_FEATURE_1_AND)
+ {
+ if (ptr[1] == 4)
+ {
+ unsigned int pr_data = ptr[2];
+ ibt_enabled
+ = !!(pr_data & GNU_PROPERTY_X86_FEATURE_1_IBT);
+ shstk_enabled
+ = !!(pr_data & GNU_PROPERTY_X86_FEATURE_1_SHSTK);
+ }
+ break;
+ }
+#undef ROUND
+ }
+/* Note sections like .note.ABI-tag and .note.gnu.build-id are aligned
+ to 4 bytes in 64-bit ELF objects. */
+#define ROUND(len) (((len) + sizeof note->n_type - 1) & -sizeof note->n_type)
+ note = ((const void *) (note + 1)
+ + ROUND (note->n_namesz) + ROUND (note->n_descsz));
+#undef ROUND
+ }
+ }
+ }
+
+ /* If IBT isn't enabled on executable, disable IBT. */
+ if (is_executable && !ibt_enabled)
+ cpu_features->feature[index_arch_IBT_Usable]
+ &= ~bit_arch_IBT_Usable;
+
+ /* If SHSTK isn't enabled, disable SHSTK. */
+ if (!shstk_enabled)
+ cpu_features->feature[index_arch_SHSTK_Usable]
+ &= ~bit_arch_SHSTK_Usable;
+}
diff --git a/sysdeps/x86/libc-start.c b/sysdeps/x86/libc-start.c
index e11b490..85d059d 100644
--- a/sysdeps/x86/libc-start.c
+++ b/sysdeps/x86/libc-start.c
@@ -22,7 +22,16 @@
extern struct cpu_features _dl_x86_cpu_features;
-#define ARCH_INIT_CPU_FEATURES() init_cpu_features (&_dl_x86_cpu_features)
+#ifdef ENABLE_CET
+#define ARCH_INIT_CPU_FEATURES() \
+ { \
+ init_cpu_features (&_dl_x86_cpu_features); \
+ _dl_check_cet (_dl_phdr, _dl_phnum, 0, true); \
+ }
+#else
+# define ARCH_INIT_CPU_FEATURES() \
+ init_cpu_features (&_dl_x86_cpu_features);
+#endif
#endif
# include <csu/libc-start.c>
diff --git a/sysdeps/x86_64/dl-machine.h b/sysdeps/x86_64/dl-machine.h
index 6a04cbc..f42ec90 100644
--- a/sysdeps/x86_64/dl-machine.h
+++ b/sysdeps/x86_64/dl-machine.h
@@ -76,6 +76,11 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile)
extern void _dl_runtime_profile_avx (ElfW(Word)) attribute_hidden;
extern void _dl_runtime_profile_avx512 (ElfW(Word)) attribute_hidden;
+#ifdef ENABLE_CET
+ _dl_check_cet (l->l_phdr, l->l_phnum, l->l_addr,
+ l->l_type == lt_executable);
+#endif
+
if (l->l_info[DT_JMPREL] && lazy)
{
/* The GOT entries for functions in the PLT have not yet been filled
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=1326ac2e3e812179ddeb1a20544d1ede59bc28a0
commit 1326ac2e3e812179ddeb1a20544d1ede59bc28a0
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Thu Jun 22 08:51:42 2017 -0700
x86: Add IBT/SHSTK support to cpu-features
* sysdeps/x86/cpu-features.h (bit_arch_IBT_Usable): New.
(bit_arch_SHSTK_Usable): Likewise.
(bit_cpu_SHSTK): Likewise.
(index_cpu_IBT): Likewise.
(index_cpu_SHSTK): Likewise.
(index_arch_IBT_Usable): Likewise.
(index_arch_SHSTK_Usable): Likewise.
(reg_IBT): Likewise.
(reg_SHSTK): Likewise.
diff --git a/sysdeps/x86/cpu-features.h b/sysdeps/x86/cpu-features.h
index 3ed67f5..d2a9929 100644
--- a/sysdeps/x86/cpu-features.h
+++ b/sysdeps/x86/cpu-features.h
@@ -40,6 +40,8 @@
#define bit_arch_Use_dl_runtime_resolve_opt (1 << 20)
#define bit_arch_Use_dl_runtime_resolve_slow (1 << 21)
#define bit_arch_Prefer_No_AVX512 (1 << 22)
+#define bit_arch_IBT_Usable (1 << 23)
+#define bit_arch_SHSTK_Usable (1 << 24)
/* CPUID Feature flags. */
@@ -74,6 +76,8 @@
#define bit_cpu_AVX512CD (1 << 28)
#define bit_cpu_AVX512BW (1 << 30)
#define bit_cpu_AVX512VL (1u << 31)
+#define bit_cpu_IBT (1u << 20)
+#define bit_cpu_SHSTK (1u << 7)
/* XCR0 Feature flags. */
#define bit_XMM_state (1 << 1)
@@ -103,6 +107,8 @@
# define index_cpu_AVX2 COMMON_CPUID_INDEX_7*CPUID_SIZE+CPUID_EBX_OFFSET
# define index_cpu_ERMS COMMON_CPUID_INDEX_7*CPUID_SIZE+CPUID_EBX_OFFSET
# define index_cpu_MOVBE COMMON_CPUID_INDEX_1*CPUID_SIZE+CPUID_ECX_OFFSET
+# define index_cpu_IBT COMMON_CPUID_INDEX_7*CPUID_SIZE+CPUID_EDX_OFFSET
+# define index_cpu_SHSTK COMMON_CPUID_INDEX_7*CPUID_SIZE+CPUID_ECX_OFFSET
# define index_arch_Fast_Rep_String FEATURE_INDEX_1*FEATURE_SIZE
# define index_arch_Fast_Copy_Backward FEATURE_INDEX_1*FEATURE_SIZE
@@ -126,6 +132,8 @@
# define index_arch_Use_dl_runtime_resolve_opt FEATURE_INDEX_1*FEATURE_SIZE
# define index_arch_Use_dl_runtime_resolve_slow FEATURE_INDEX_1*FEATURE_SIZE
# define index_arch_Prefer_No_AVX512 FEATURE_INDEX_1*FEATURE_SIZE
+# define index_arch_IBT_Usable FEATURE_INDEX_1*FEATURE_SIZE
+# define index_arch_SHSTK_Usable FEATURE_INDEX_1*FEATURE_SIZE
# if defined (_LIBC) && !IS_IN (nonlib)
@@ -277,6 +285,8 @@ extern const struct cpu_features *__get_cpu_features (void)
# define index_cpu_LZCNT COMMON_CPUID_INDEX_1
# define index_cpu_MOVBE COMMON_CPUID_INDEX_1
# define index_cpu_POPCNT COMMON_CPUID_INDEX_1
+# define index_cpu_IBT COMMON_CPUID_INDEX_7
+# define index_cpu_SHSTK COMMON_CPUID_INDEX_7
# define reg_CX8 edx
# define reg_CMOV edx
@@ -306,6 +316,8 @@ extern const struct cpu_features *__get_cpu_features (void)
# define reg_LZCNT ecx
# define reg_MOVBE ecx
# define reg_POPCNT ecx
+# define reg_IBT edx
+# define reg_SHSTK ecx
# define index_arch_Fast_Rep_String FEATURE_INDEX_1
# define index_arch_Fast_Copy_Backward FEATURE_INDEX_1
@@ -329,6 +341,8 @@ extern const struct cpu_features *__get_cpu_features (void)
# define index_arch_Use_dl_runtime_resolve_opt FEATURE_INDEX_1
# define index_arch_Use_dl_runtime_resolve_slow FEATURE_INDEX_1
# define index_arch_Prefer_No_AVX512 FEATURE_INDEX_1
+# define index_arch_IBT_Usable FEATURE_INDEX_1
+# define index_arch_SHSTK_Usable FEATURE_INDEX_1
#endif /* !__ASSEMBLER__ */
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=914d67bea5e17bb4bd2cf4d53b6411da71ed44bb
commit 914d67bea5e17bb4bd2cf4d53b6411da71ed44bb
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Tue Jun 27 14:20:22 2017 -0700
Add ENABLE_CET
diff --git a/config.h.in b/config.h.in
index 2241857..3654b6e 100644
--- a/config.h.in
+++ b/config.h.in
@@ -139,6 +139,10 @@
/* Define if lock elision should be enabled by default. */
#undef ENABLE_LOCK_ELISION
+/* Define if Intel Control-flow Enforcement Technology (CET) should be
+ enabled. */
+#undef ENABLE_CET
+
/* Package description. */
#undef PKGVERSION
diff --git a/sysdeps/unix/sysv/linux/x86/configure b/sysdeps/unix/sysv/linux/x86/configure
index b865567..f7134f4 100644
--- a/sysdeps/unix/sysv/linux/x86/configure
+++ b/sysdeps/unix/sysv/linux/x86/configure
@@ -32,12 +32,17 @@ $as_echo "$libc_cv_x86_cet" >&6; }
if test x"$enable_cet" = xdefault; then
enable_cet=no
else
- as_fn_error $? "$CC doesn't support $libc_cv_x86_cet_cflags" "$LINENO" 5
+ as_fn_error $? "$CC doesn't support $libc_cv_x86_cet_cflags" "$LINENO" 5
fi
libc_cv_x86_cet_cflags=
fi
else
libc_cv_x86_cet_cflags=
fi
+if test $enable_cet = yes; then
+
+$as_echo "#define ENABLE_CET 1" >>confdefs.h
+
+fi
config_vars="$config_vars
cet_cflags = $libc_cv_x86_cet_cflags"
diff --git a/sysdeps/unix/sysv/linux/x86/configure.ac b/sysdeps/unix/sysv/linux/x86/configure.ac
index 7797814..0702232 100644
--- a/sysdeps/unix/sysv/linux/x86/configure.ac
+++ b/sysdeps/unix/sysv/linux/x86/configure.ac
@@ -21,11 +21,15 @@ if test x"$enable_cet" = xdefault || test x"$enable_cet" = xyes; then
if test x"$enable_cet" = xdefault; then
enable_cet=no
else
- AC_MSG_ERROR([$CC doesn't support $libc_cv_x86_cet_cflags])
+ AC_MSG_ERROR([$CC doesn't support $libc_cv_x86_cet_cflags])
fi
libc_cv_x86_cet_cflags=
fi
else
libc_cv_x86_cet_cflags=
fi
+if test $enable_cet = yes; then
+ AC_DEFINE(ENABLE_CET, 1,
+ [Enable Intel Control-flow Enforcement Technology (CET)])
+fi
LIBC_CONFIG_VAR([cet_cflags], [$libc_cv_x86_cet_cflags])
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=44856f931072e8504a2b030b1f6eb4c3c0eb6e24
commit 44856f931072e8504a2b030b1f6eb4c3c0eb6e24
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Thu Jun 22 04:15:39 2017 -0700
x86: Add <sys/cet.h> to support Intel CET
To support Intel Control-flow Enforcement Technology (CET) instructions:
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-en
forcement-technology-preview.pdf
include sysdeps/unix/sysv/linux/x86/sys/cet.h for assembly codes so that
ELF program property can be added to relocatable objects generated from
assembly codes if defines__IBT__ or __SHSTK__ is defined. If compiler
defines__IBT__, the IBT bit is turned on in x86 feature. If compiler
defines __SHSTK__, the SHSTK bit is turned on in x86 feature.
* configure.ac: Add --enable-cet.
* configure: Regenerated.
* sysdeps/unix/sysv/linux/x86/Makefile (asm-CPPFLAGS): Add
$(cet_cflags) -include $(..)sysdeps/unix/sysv/linux/x86/sys/cet.h.
(+cflags): Add $(cet_cflags).
* sysdeps/unix/sysv/linux/x86/configure: New file.
* sysdeps/unix/sysv/linux/x86/configure.ac: Likewise.
* sysdeps/unix/sysv/linux/x86/sys/cet.h: Likewise.
diff --git a/configure b/configure
index 97a2dad..1b3897e 100755
--- a/configure
+++ b/configure
@@ -788,6 +788,7 @@ enable_nscd
enable_pt_chown
enable_tunables
enable_mathvec
+enable_cet
with_cpu
'
ac_precious_vars='build_alias
@@ -1463,6 +1464,8 @@ Optional Features:
'no' and 'valstring'
--enable-mathvec Enable building and installing mathvec [default
depends on architecture]
+ --enable-cet enable Intel Control-flow Enforcement Technology
+ (CET), x86 only
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
@@ -3754,6 +3757,14 @@ else
fi
+# Check whether --enable-cet was given.
+if test "${enable_cet+set}" = set; then :
+ enableval=$enable_cet; enable_cet=$enableval
+else
+ enable_cet=default
+fi
+
+
# We keep the original values in `$config_*' and never modify them, so we
# can write them unchanged into config.make. Everything else uses
# $machine, $vendor, and $os, and changes them whenever convenient.
diff --git a/configure.ac b/configure.ac
index 16e97d3..63b8648 100644
--- a/configure.ac
+++ b/configure.ac
@@ -460,6 +460,12 @@ AC_ARG_ENABLE([mathvec],
[build_mathvec=$enableval],
[build_mathvec=notset])
+AC_ARG_ENABLE([cet],
+ AC_HELP_STRING([--enable-cet],
+ [enable Intel Control-flow Enforcement Technology (CET), x86 only]),
+ [enable_cet=$enableval],
+ [enable_cet=default])
+
# We keep the original values in `$config_*' and never modify them, so we
# can write them unchanged into config.make. Everything else uses
# $machine, $vendor, and $os, and changes them whenever convenient.
diff --git a/sysdeps/unix/sysv/linux/x86/Makefile b/sysdeps/unix/sysv/linux/x86/Makefile
index 9e6ec44..9fb0c6e 100644
--- a/sysdeps/unix/sysv/linux/x86/Makefile
+++ b/sysdeps/unix/sysv/linux/x86/Makefile
@@ -22,3 +22,11 @@ endif
ifeq ($(subdir),elf)
sysdep_routines += dl-vdso
endif
+
+ifneq ($(cet_cflags),)
+# Build relocatable objects from assembly codes with <sys/cet.h> if CET
+# is enabled.
+asm-CPPFLAGS += $(cet_cflags) \
+ -include $(..)sysdeps/unix/sysv/linux/x86/sys/cet.h
++cflags += $(cet_cflags)
+endif
diff --git a/sysdeps/unix/sysv/linux/x86/configure b/sysdeps/unix/sysv/linux/x86/configure
new file mode 100644
index 0000000..b865567
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/x86/configure
@@ -0,0 +1,43 @@
+# This file is generated from configure.ac by Autoconf. DO NOT EDIT!
+ # Local configure fragment for sysdeps/unix/sysv/linux/x86.
+
+if test x"$enable_cet" = xdefault || test x"$enable_cet" = xyes; then
+ # See whether GCC supports CET.
+ libc_cv_x86_cet_cflags="-mibt -mshstk"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports $libc_cv_x86_cet_cflags" >&5
+$as_echo_n "checking whether $CC supports $libc_cv_x86_cet_cflags... " >&6; }
+if ${libc_cv_x86_cet+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ echo 'void foo (void) { }' > conftest.c
+ libc_cv_x86_cet=no
+ if { ac_try='${CC-cc} -S $CFLAGS conftest.c $libc_cv_x86_cet_cflags -o conftest.s 1>&5'
+ { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
+ libc_cv_x86_cet=yes
+ fi
+ rm -rf conftest*
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_x86_cet" >&5
+$as_echo "$libc_cv_x86_cet" >&6; }
+
+ if test $libc_cv_x86_cet = yes; then
+ if test x"$enable_cet" = xdefault; then
+ enable_cet=yes
+ fi
+ else
+ if test x"$enable_cet" = xdefault; then
+ enable_cet=no
+ else
+ as_fn_error $? "$CC doesn't support $libc_cv_x86_cet_cflags" "$LINENO" 5
+ fi
+ libc_cv_x86_cet_cflags=
+ fi
+else
+ libc_cv_x86_cet_cflags=
+fi
+config_vars="$config_vars
+cet_cflags = $libc_cv_x86_cet_cflags"
diff --git a/sysdeps/unix/sysv/linux/x86/configure.ac b/sysdeps/unix/sysv/linux/x86/configure.ac
new file mode 100644
index 0000000..7797814
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/x86/configure.ac
@@ -0,0 +1,31 @@
+GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory.
+# Local configure fragment for sysdeps/unix/sysv/linux/x86.
+
+if test x"$enable_cet" = xdefault || test x"$enable_cet" = xyes; then
+ # See whether GCC supports CET.
+ libc_cv_x86_cet_cflags="-mibt -mshstk"
+ AC_CACHE_CHECK(whether $CC supports $libc_cv_x86_cet_cflags,
+ libc_cv_x86_cet, [dnl
+ echo 'void foo (void) { }' > conftest.c
+ libc_cv_x86_cet=no
+ if AC_TRY_COMMAND(${CC-cc} -S $CFLAGS conftest.c $libc_cv_x86_cet_cflags -o conftest.s 1>&AS_MESSAGE_LOG_FD); then
+ libc_cv_x86_cet=yes
+ fi
+ rm -rf conftest*])
+
+ if test $libc_cv_x86_cet = yes; then
+ if test x"$enable_cet" = xdefault; then
+ enable_cet=yes
+ fi
+ else
+ if test x"$enable_cet" = xdefault; then
+ enable_cet=no
+ else
+ AC_MSG_ERROR([$CC doesn't support $libc_cv_x86_cet_cflags])
+ fi
+ libc_cv_x86_cet_cflags=
+ fi
+else
+ libc_cv_x86_cet_cflags=
+fi
+LIBC_CONFIG_VAR([cet_cflags], [$libc_cv_x86_cet_cflags])
diff --git a/sysdeps/unix/sysv/linux/x86/sys/cet.h b/sysdeps/unix/sysv/linux/x86/sys/cet.h
new file mode 100644
index 0000000..9b0bf04
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/x86/sys/cet.h
@@ -0,0 +1,82 @@
+/* ELF program property for Intel CET.
+ Copyright (C) 2017 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#ifndef _SYS_CET_H
+#define _SYS_CET_H 1
+
+/* Add x86 feature with IBT and/or SHSTK bits to ELF program property
+ if they are enabled. Otherwise, contents in this header file are
+ unused. */
+
+# ifdef __ASSEMBLER__
+
+# ifdef __LP64__
+# define __PROPERTY_ALIGN 3
+# else
+# define __PROPERTY_ALIGN 2
+# endif
+
+# ifdef __IBT__
+ .pushsection ".note.gnu.property", "a"
+ .p2align __PROPERTY_ALIGN
+ .long 1f - 0f /* name length. */
+ .long 4f - 1f /* data length. */
+ /* NT_GNU_PROPERTY_TYPE_0. */
+ .long 5 /* note type. */
+0:
+ .asciz "GNU" /* vendor name. */
+1:
+ .p2align __PROPERTY_ALIGN
+ /* GNU_PROPERTY_X86_FEATURE_1_AND. */
+ .long 0xc0000002 /* pr_type. */
+ .long 3f - 2f /* pr_datasz. */
+2:
+ /* GNU_PROPERTY_X86_FEATURE_1_IBT. */
+ .long 0x1
+3:
+ .p2align __PROPERTY_ALIGN
+4:
+ .popsection
+# endif
+
+# ifdef __SHSTK__
+ .pushsection ".note.gnu.property", "a"
+ .p2align __PROPERTY_ALIGN
+ .long 1f - 0f /* name length. */
+ .long 4f - 1f /* data length. */
+ /* NT_GNU_PROPERTY_TYPE_0. */
+ .long 5 /* note type. */
+0:
+ .asciz "GNU" /* vendor name. */
+1:
+ .p2align __PROPERTY_ALIGN
+ /* GNU_PROPERTY_X86_FEATURE_1_AND. */
+ .long 0xc0000002 /* pr_type. */
+ .long 3f - 2f /* pr_datasz. */
+2:
+ /* GNU_PROPERTY_X86_FEATURE_1_SHSTK. */
+ .long 0x2
+3:
+ .p2align __PROPERTY_ALIGN
+4:
+ .popsection
+# endif
+
+# endif
+
+#endif /* _SYS_CET_H */
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=300929595c2b63ed299c597f8ac6de114d35e469
commit 300929595c2b63ed299c597f8ac6de114d35e469
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed Jun 21 13:07:05 2017 -0700
Add NT_GNU_PROPERTY_TYPE_0 macros
diff --git a/elf/elf.h b/elf/elf.h
index 3900b4c..f690af8 100644
--- a/elf/elf.h
+++ b/elf/elf.h
@@ -1247,6 +1247,59 @@ typedef struct
/* Version note generated by GNU gold containing a version string. */
#define NT_GNU_GOLD_VERSION 4
+/* Program property. */
+#define NT_GNU_PROPERTY_TYPE_0 5
+
+/* Note section name of program property. */
+#define NOTE_GNU_PROPERTY_SECTION_NAME ".note.gnu.property"
+
+/* Values used in GNU .note.gnu.property notes (NT_GNU_PROPERTY_TYPE_0). */
+#define GNU_PROPERTY_STACK_SIZE 1
+#define GNU_PROPERTY_NO_COPY_ON_PROTECTED 2
+
+/* Processor-specific semantics, lo */
+#define GNU_PROPERTY_LOPROC 0xc0000000
+/* Processor-specific semantics, hi */
+#define GNU_PROPERTY_HIPROC 0xdfffffff
+/* Application-specific semantics, lo */
+#define GNU_PROPERTY_LOUSER 0xe0000000
+/* Application-specific semantics, hi */
+#define GNU_PROPERTY_HIUSER 0xffffffff
+
+/* The x86 instruction sets indicated by the corresponding bits are
+ used in program. Their support in the hardware is optional. */
+#define GNU_PROPERTY_X86_ISA_1_USED 0xc0000000
+/* The x86 instruction sets indicated by the corresponding bits are
+ used in program and they must be supported by the hardware. */
+#define GNU_PROPERTY_X86_ISA_1_NEEDED 0xc0000001
+/* X86 processor-specific features used in program. */
+#define GNU_PROPERTY_X86_FEATURE_1_AND 0xc0000002
+
+#define GNU_PROPERTY_X86_ISA_1_486 (1U << 0)
+#define GNU_PROPERTY_X86_ISA_1_586 (1U << 1)
+#define GNU_PROPERTY_X86_ISA_1_686 (1U << 2)
+#define GNU_PROPERTY_X86_ISA_1_SSE (1U << 3)
+#define GNU_PROPERTY_X86_ISA_1_SSE2 (1U << 4)
+#define GNU_PROPERTY_X86_ISA_1_SSE3 (1U << 5)
+#define GNU_PROPERTY_X86_ISA_1_SSSE3 (1U << 6)
+#define GNU_PROPERTY_X86_ISA_1_SSE4_1 (1U << 7)
+#define GNU_PROPERTY_X86_ISA_1_SSE4_2 (1U << 8)
+#define GNU_PROPERTY_X86_ISA_1_AVX (1U << 9)
+#define GNU_PROPERTY_X86_ISA_1_AVX2 (1U << 10)
+#define GNU_PROPERTY_X86_ISA_1_AVX512F (1U << 11)
+#define GNU_PROPERTY_X86_ISA_1_AVX512CD (1U << 12)
+#define GNU_PROPERTY_X86_ISA_1_AVX512ER (1U << 13)
+#define GNU_PROPERTY_X86_ISA_1_AVX512PF (1U << 14)
+#define GNU_PROPERTY_X86_ISA_1_AVX512VL (1U << 15)
+#define GNU_PROPERTY_X86_ISA_1_AVX512DQ (1U << 16)
+#define GNU_PROPERTY_X86_ISA_1_AVX512BW (1U << 17)
+
+/* This indicates that all executable sections are compatible with
+ IBT. */
+#define GNU_PROPERTY_X86_FEATURE_1_IBT (1U << 0)
+/* This indicates that all executable sections are compatible with
+ SHSTK. */
+#define GNU_PROPERTY_X86_FEATURE_1_SHSTK (1U << 1)
/* Move records. */
typedef struct
-----------------------------------------------------------------------
hooks/post-receive
--
GNU C Library master sources