Thursday, February 22, 2024

Re: security/libgcrypt: Sprinkle some ENDBR64 instructions

No need for an apology.
You understand that stuff much better than I do anyway :-)

Clueless OK for me.


Antoine

> On Feb 22, 2024, at 09:57, Mark Kettenis <mark.kettenis@xs4all.nl> wrote:
>
> 
>>
>> From: Renato Aguiar <renato@renatoaguiar.net>
>> Date: Wed, 21 Feb 2024 17:31:41 -0800
>
> Apologies to Antoine, I forgot to CC you the first time I sent this
> out. Anyway, here is a new version. Thinking about this a bit more
> changing CFI_STARTPROC like we did on arm64 will make maintenance a
> lot easier. This will over-BTI, but I'm also looking at having the
> linker remove unnecessary ENDBR64 instructions at the start of a
> function.
>
> ok?
>
>> On Tue, Feb 20 2024, Mark Kettenis wrote:
>>
>> I probably could have done this by changing CFI_STARTPROC, like
>> on
>> arm64. But that would "over-BTI" and there is a benefit in
>> trying to
>> avoid that on amd64.
>>
>> Let me know what you think.
>
> Index: security/libgcrypt/Makefile
> ===================================================================
> RCS file: /cvs/ports/security/libgcrypt/Makefile,v
> retrieving revision 1.93
> diff -u -p -r1.93 Makefile
> --- security/libgcrypt/Makefile 20 Nov 2023 16:53:17 -0000 1.93
> +++ security/libgcrypt/Makefile 22 Feb 2024 13:57:00 -0000
> @@ -6,7 +6,7 @@ USE_NOEXECONLY= Yes
> COMMENT= crypto library based on code used in GnuPG
>
> DISTNAME= libgcrypt-1.10.3
> -REVISION= 0
> +REVISION= 1
>
> CATEGORIES= security
>
> Index: security/libgcrypt/patches/patch-cipher_asm-common-amd64_h
> ===================================================================
> RCS file: security/libgcrypt/patches/patch-cipher_asm-common-amd64_h
> diff -N security/libgcrypt/patches/patch-cipher_asm-common-amd64_h
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ security/libgcrypt/patches/patch-cipher_asm-common-amd64_h 22 Feb 2024 13:57:00 -0000
> @@ -0,0 +1,21 @@
> +Index: cipher/asm-common-amd64.h
> +--- cipher/asm-common-amd64.h.orig
> ++++ cipher/asm-common-amd64.h
> +@@ -68,7 +68,7 @@
> +
> + #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
> + /* CFI directives to emit DWARF stack unwinding information. */
> +-# define CFI_STARTPROC() .cfi_startproc
> ++# define CFI_STARTPROC() .cfi_startproc; endbr64
> + # define CFI_ENDPROC() .cfi_endproc
> + # define CFI_REMEMBER_STATE() .cfi_remember_state
> + # define CFI_RESTORE_STATE() .cfi_restore_state
> +@@ -136,7 +136,7 @@
> + DW_SLEB128_28BIT(rsp_offs)
> +
> + #else
> +-# define CFI_STARTPROC()
> ++# define CFI_STARTPROC() endbr64
> + # define CFI_ENDPROC()
> + # define CFI_REMEMBER_STATE()
> + # define CFI_RESTORE_STATE()

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)