Thursday, February 22, 2024

Re: security/libgcrypt: Sprinkle some ENDBR64 instructions

> From: Renato Aguiar <renato@renatoaguiar.net>
> Date: Wed, 21 Feb 2024 17:31:41 -0800

Apologies to Antoine, I forgot to CC you the first time I sent this
out. Anyway, here is a new version. Thinking about this a bit more
changing CFI_STARTPROC like we did on arm64 will make maintenance a
lot easier. This will over-BTI, but I'm also looking at having the
linker remove unnecessary ENDBR64 instructions at the start of a
function.

ok?

On Tue, Feb 20 2024, Mark Kettenis wrote:

> I probably could have done this by changing CFI_STARTPROC, like
> on
> arm64. But that would "over-BTI" and there is a benefit in
> trying to
> avoid that on amd64.
>
> Let me know what you think.

Index: security/libgcrypt/Makefile
===================================================================
RCS file: /cvs/ports/security/libgcrypt/Makefile,v
retrieving revision 1.93
diff -u -p -r1.93 Makefile
--- security/libgcrypt/Makefile 20 Nov 2023 16:53:17 -0000 1.93
+++ security/libgcrypt/Makefile 22 Feb 2024 13:57:00 -0000
@@ -6,7 +6,7 @@ USE_NOEXECONLY= Yes
COMMENT= crypto library based on code used in GnuPG

DISTNAME= libgcrypt-1.10.3
-REVISION= 0
+REVISION= 1

CATEGORIES= security

Index: security/libgcrypt/patches/patch-cipher_asm-common-amd64_h
===================================================================
RCS file: security/libgcrypt/patches/patch-cipher_asm-common-amd64_h
diff -N security/libgcrypt/patches/patch-cipher_asm-common-amd64_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ security/libgcrypt/patches/patch-cipher_asm-common-amd64_h 22 Feb 2024 13:57:00 -0000
@@ -0,0 +1,21 @@
+Index: cipher/asm-common-amd64.h
+--- cipher/asm-common-amd64.h.orig
++++ cipher/asm-common-amd64.h
+@@ -68,7 +68,7 @@
+
+ #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
+ /* CFI directives to emit DWARF stack unwinding information. */
+-# define CFI_STARTPROC() .cfi_startproc
++# define CFI_STARTPROC() .cfi_startproc; endbr64
+ # define CFI_ENDPROC() .cfi_endproc
+ # define CFI_REMEMBER_STATE() .cfi_remember_state
+ # define CFI_RESTORE_STATE() .cfi_restore_state
+@@ -136,7 +136,7 @@
+ DW_SLEB128_28BIT(rsp_offs)
+
+ #else
+-# define CFI_STARTPROC()
++# define CFI_STARTPROC() endbr64
+ # define CFI_ENDPROC()
+ # define CFI_REMEMBER_STATE()
+ # define CFI_RESTORE_STATE()

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)