This is an archive of the discontinued LLVM Phabricator instance.

Differential D79617

Add cet.h for writing CET-enabled assembly code
ClosedPublic

Authored by xiangzhangllvm on May 8 2020, 12:50 AM.

Details

Reviewers
hjl.tools
annita.zhang
LuoYuanke
craig.topper
tstellar
pengfei
rsmith
Commits
rGbcc0c894f38f: Add cet.h for writing CET-enabled assembly code
rGe7e84ff24a5f: Add cet.h for writing CET-enabled assembly code
Summary

Add x86 feature with IBT and/or SHSTK bits to ELF program property if they are enabled. Otherwise, contents in this header file are unused.
This file is mainly design for assembly source code which want to enable CET

Diff Detail

Event Timeline

xiangzhangllvm created this revision.May 8 2020, 12:50 AM
Herald added a subscriber: mgorny. · View Herald TranscriptMay 8 2020, 12:50 AM
hjl.tools added inline comments.May 8 2020, 4:04 AM
clang/test/CodeGen/asm-cet.S
2

Please replace -DIBT -DSHSTK with -fcf-protection and also test i386-pc-linux.

hjl.tools added inline comments.May 8 2020, 4:09 AM
clang/lib/Headers/cet.h
18

Please also define _CET_ENDBR. It should be for endbr64/endbr32 when IBT is enabled
and empty when IBT is disabled.

23

Please check CET instead of IBT and SHSTK.

xiangzhangllvm marked 3 inline comments as done.May 8 2020, 5:59 PM
xiangzhangllvm added inline comments.
clang/lib/Headers/cet.h
18

Hello, H.J., I not much understand here,
if CET can instead of IBT and SHSTK, why we need extra define _CET_ENDBR ?

23

So here you mean: ?
-fcf-protection --> define macro "CET" 0x3 internally in compiler;
-fcf-protection=ibt --> define macro "CET" 0x1 internally in compiler;
-fcf-protection=shstk --> define macro "CET" 0x2 internally in compiler;

clang/test/CodeGen/asm-cet.S
2

You mean use "-fcf-protection" to define macro "CET" internally in compiler?

xiangzhangllvm marked an inline comment as done.May 8 2020, 6:07 PM
xiangzhangllvm added inline comments.
clang/lib/Headers/cet.h
18

Oh, I understand it, you want define _CET_ENDBR for endbr64/endbr32, let user to use it when he/she write the assembly code.

hjl.tools added inline comments.May 8 2020, 6:48 PM
clang/lib/Headers/cet.h
18

User can use _CET_ENDBR unconditionally. You should a CET enabled assembly
codes to understand how <cet.h> is used.

23

Yes.

clang/test/CodeGen/asm-cet.S
2

Yes,

6

Add a function label and use _CET_ENDBR. You should check endbr32/endbr64.
You should assemble the same testcase without -fcf-protection. There should be
no endbr32/endbr64 nor CET marker.

xiangzhangllvm updated this revision to Diff 262996.May 8 2020, 11:50 PM
xiangzhangllvm added a reviewer: pengfei.

Good thing is that: CET is already defined to 1/2/3 according to -fcf-protection=xxx at front end, So we directly used it for preprocessor.

xiangzhangllvm marked 5 inline comments as done.May 9 2020, 1:13 AM

I want to put this patch to llvm10.0.1, could you help review and then accept this patch?

hjl.tools added inline comments.May 9 2020, 4:17 AM
clang/lib/Headers/cet.h
16

Move it after __CET__ block and define it only if it isn't defined.

LuoYuanke added inline comments.May 9 2020, 7:17 AM
clang/test/CodeGen/asm-cet.S
17

This seems not test anything. Maybe test as below code.
NOENDBR-NOT: endbr

xiangzhangllvm marked 2 inline comments as done.May 10 2020, 5:23 PM
xiangzhangllvm added inline comments.
clang/lib/Headers/cet.h
16

I think It's better outside of CET block, because user can write the _CET_ENDBR in their assembly code in any case (CET enable or disable).
Or it will fail to compile if user write the _CET_ENDBR in *.S when he/she not use -fcf-protection to enable CET.

clang/test/CodeGen/asm-cet.S
17

Oh! yes, sorry for this mistake.

xiangzhangllvm updated this revision to Diff 263092.May 10 2020, 5:37 PM
hjl.tools added inline comments.May 10 2020, 7:07 PM
clang/lib/Headers/cet.h
16

You have

#define _CET_ENDBR
...
#define _CET_ENDBR endbr64

Don't clang complain like

x.c:2:9: warning: '_CET_ENDBR' macro redefined [-Wmacro-redefined]
#define _CET_ENDBR endbr64
        ^
x.c:1:9: note: previous definition is here
#define _CET_ENDBR
        ^
1 warning generated.
xiangzhangllvm marked an inline comment as done.May 10 2020, 7:20 PM
xiangzhangllvm added inline comments.
clang/lib/Headers/cet.h
16

Yes, I tested it directly use the llvm-lit before, so I miss the warning information.

I add "#ifndef _CET_ENDBR" this time now.

xiangzhangllvm marked an inline comment as done.May 10 2020, 8:06 PM
xiangzhangllvm added inline comments.
clang/lib/Headers/cet.h
16

I test it, It do not have warning.
But gcc will have warning.

xiangzhangllvm updated this revision to Diff 263099.May 10 2020, 8:16 PM

Add #undef _CET_ENDBR

xiangzhangllvm marked an inline comment as done.May 10 2020, 8:19 PM
xiangzhangllvm added inline comments.
clang/lib/Headers/cet.h
16

I retest it, It really has warning!! Add "#undef xxx" now.

LuoYuanke added inline comments.May 10 2020, 8:24 PM
clang/lib/Headers/cet.h
16

Should we remove line 15? If _CET_ENDBR is defined in another file, we should report warning.

hjl.tools added inline comments.May 10 2020, 8:57 PM
clang/lib/Headers/cet.h
16

I think you should do

#ifdef __CET__
...
#define _CET_ENDBR
...
#endif

#ifndef _CET_ENDBR
#define _CET_ENDBR
#endif

If _CET_ENDBR is defined by programmer, there will be a warnng,

xiangzhangllvm updated this revision to Diff 263103.May 10 2020, 9:58 PM

Refine the Macro _CET_ENDBR

xiangzhangllvm marked 3 inline comments as done.May 11 2020, 12:56 AM
hjl.tools added a comment.May 11 2020, 5:00 AM
In D79617#2028862, @xiangzhangllvm wrote:

Refine the Macro _CET_ENDBR

Works for me.

xiangzhangllvm added a comment.May 11 2020, 5:24 AM

! In D79617#2029228, @hjl.tools wrote:
Works for me.

Hello, H.J., could you help accept this patch, I hope it can go to llvm 10.0.1.
Thank you!!

tstellar added a reviewer: rsmith.May 11 2020, 6:43 AM

Richard, should review this, since he raised some questions on the bug report.

xiangzhangllvm added a comment.EditedMay 12 2020, 5:25 PM

Hello @rsmith if you feel OK too, could you help accept it. Thank you!
Hello every friends, I plan to commit it in these days, if you do not oppose it, thank you!

LuoYuanke accepted this revision.May 18 2020, 7:01 PM

LGTM

This revision is now accepted and ready to land.May 18 2020, 7:01 PM
Closed by commit rGe7e84ff24a5f: Add cet.h for writing CET-enabled assembly code (authored by xiangzhangllvm). · Explain WhyMay 18 2020, 8:04 PM
This revision was automatically updated to reflect the committed changes.
Herald added a project: Restricted Project. · View Herald TranscriptMay 18 2020, 8:04 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
tstellar reopened this revision.May 18 2020, 9:04 PM

Did @rsmith ever approve this patch? I was following the discussion at llvm.org/PR45484 but did not see an explicit approval.

This revision is now accepted and ready to land.May 18 2020, 9:04 PM
xiangzhangllvm added a comment.May 18 2020, 10:42 PM

@rsmith

Closed by commit rGbcc0c894f38f: Add cet.h for writing CET-enabled assembly code (authored by xiangzhangllvm). · Explain WhyMay 18 2020, 11:17 PM
This revision was automatically updated to reflect the committed changes.
rsmith added a comment.May 19 2020, 5:43 PM

I would like a specification for this header to be added somewhere. We shouldn't be implementing random things with no specification. (Suppose someone claims that our <cet.h> is wrong in some way. How would we know whether they're right?)

Ideally, I'd also like this header to be installed somewhere where we look for assembler-with-cpp preprocessing but not for regular compilation; it doesn't make sense to me to pollute the header namespace for all C and C++ compilations with a header that is not meaningful in C and C++. But knowing whether that change is correct depends on having, you know, a specification.

I don't think we should be porting this to Clang 10. It seems clear that this is a new feature, not a bug fix.

hjl.tools added a comment.May 19 2020, 6:21 PM
In D79617#2045552, @rsmith wrote:

I would like a specification for this header to be added somewhere. We shouldn't be implementing random things with no specification. (Suppose someone claims that our <cet.h> is wrong in some way. How would we know whether they're right?)

Ideally, I'd also like this header to be installed somewhere where we look for assembler-with-cpp preprocessing but not for regular compilation; it doesn't make sense to me to pollute the header namespace for all C and C++ compilations with a header that is not meaningful in C and C++. But knowing whether that change is correct depends on having, you know, a specification.

<cet.h> from GCC is as close as you can get for a reference implementation/specification.

xiangzhangllvm added a comment.May 19 2020, 6:33 PM

Hello rsmith,
first, very sorry for have committed this patch before your reply, I waited 10 days, I thought you have agreed it.
I think the linux-ABI can be the specification of this head file. The context of this cet.h is according to the linux ABI about CET.
We explained in which case we should use this cet.h file. (line 2-4)
tks

Revision Contents

PathSize
clang/
lib/
Headers/
1 line
66 lines
test/
CodeGen/
27 lines

Diff 264799

clang/lib/Headers/CMakeLists.txt

Show All 40 Linesset(files
__clang_cuda_cmath.h __clang_cuda_cmath.h
__clang_cuda_complex_builtins.h __clang_cuda_complex_builtins.h
__clang_cuda_device_functions.h __clang_cuda_device_functions.h
__clang_cuda_intrinsics.h __clang_cuda_intrinsics.h
__clang_cuda_libdevice_declares.h __clang_cuda_libdevice_declares.h
__clang_cuda_math_forward_declares.h __clang_cuda_math_forward_declares.h
__clang_cuda_runtime_wrapper.h __clang_cuda_runtime_wrapper.h
cetintrin.h cetintrin.h
cet.h
cldemoteintrin.h cldemoteintrin.h
clzerointrin.h clzerointrin.h
cpuid.h cpuid.h
clflushoptintrin.h clflushoptintrin.h
clwbintrin.h clwbintrin.h
emmintrin.h emmintrin.h
enqcmdintrin.h enqcmdintrin.h
f16cintrin.h f16cintrin.h
▲ Show 20 LinesShow All 172 LinesShow Last 20 Lines

clang/lib/Headers/cet.h

  • This file was added.
/*===------ cet.h -Control-flow Enforcement Technology feature ------------===
* Add x86 feature with IBT and/or SHSTK bits to ELF program property if they
* are enabled. Otherwise, contents in this header file are unused. This file
* is mainly design for assembly source code which want to enable CET.
*
* Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
* See https://llvm.org/LICENSE.txt for license information.
* SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
*
*===-----------------------------------------------------------------------===
*/
#ifndef __CET_H
#define __CET_H
#ifdef __ASSEMBLER__
hjl.toolsUnsubmitted
Not Done
ReplyInline Actions

Move it after __CET__ block and define it only if it isn't defined.

hjl.tools: Move it after `__CET__` block and define it only if it isn't defined.
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

I think It's better outside of CET block, because user can write the _CET_ENDBR in their assembly code in any case (CET enable or disable).
Or it will fail to compile if user write the _CET_ENDBR in *.S when he/she not use -fcf-protection to enable CET.

xiangzhangllvm: I think It's better outside of __CET__ block, because user can write the _CET_ENDBR in their…
hjl.toolsUnsubmitted
Done
ReplyInline Actions

You have

#define _CET_ENDBR
...
#define _CET_ENDBR endbr64

Don't clang complain like

x.c:2:9: warning: '_CET_ENDBR' macro redefined [-Wmacro-redefined]
#define _CET_ENDBR endbr64
        ^
x.c:1:9: note: previous definition is here
#define _CET_ENDBR
        ^
1 warning generated.
hjl.tools: You have ``` #define _CET_ENDBR ... #define _CET_ENDBR endbr64 ``` Don't clang complain like…
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

Yes, I tested it directly use the llvm-lit before, so I miss the warning information.

I add "#ifndef _CET_ENDBR" this time now.

xiangzhangllvm: Yes, I tested it directly use the llvm-lit before, so I miss the warning information. I add…
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

I test it, It do not have warning.
But gcc will have warning.

xiangzhangllvm: I test it, It do not have warning. But gcc will have warning.
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

I retest it, It really has warning!! Add "#undef xxx" now.

xiangzhangllvm: I retest it, It really has warning!! Add "#undef xxx" now.
hjl.toolsUnsubmitted
Done
ReplyInline Actions

I think you should do

#ifdef __CET__
...
#define _CET_ENDBR
...
#endif

#ifndef _CET_ENDBR
#define _CET_ENDBR
#endif

If _CET_ENDBR is defined by programmer, there will be a warnng,

hjl.tools: I think you should do ``` #ifdef __CET__ ... #define _CET_ENDBR ... #endif #ifndef _CET_ENDBR…
LuoYuankeUnsubmitted
Done
ReplyInline Actions

Should we remove line 15? If _CET_ENDBR is defined in another file, we should report warning.

LuoYuanke: Should we remove line 15? If _CET_ENDBR is defined in another file, we should report warning.
#ifndef __CET__
# define _CET_ENDBR
hjl.toolsUnsubmitted
Done
ReplyInline Actions

Please also define _CET_ENDBR. It should be for endbr64/endbr32 when IBT is enabled
and empty when IBT is disabled.

hjl.tools: Please also define _CET_ENDBR. It should be for endbr64/endbr32 when IBT is enabled and empty…
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

Hello, H.J., I not much understand here,
if CET can instead of IBT and SHSTK, why we need extra define _CET_ENDBR ?

xiangzhangllvm: Hello, H.J., I not much understand here, if __CET__ can instead of __IBT__ and __SHSTK__, why…
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

Oh, I understand it, you want define _CET_ENDBR for endbr64/endbr32, let user to use it when he/she write the assembly code.

xiangzhangllvm: Oh, I understand it, you want define _CET_ENDBR for endbr64/endbr32, let user to use it when…
hjl.toolsUnsubmitted
Done
ReplyInline Actions

User can use _CET_ENDBR unconditionally. You should a CET enabled assembly
codes to understand how <cet.h> is used.

hjl.tools: User can use _CET_ENDBR unconditionally. You should a CET enabled assembly codes to…
#endif
#ifdef __CET__
# ifdef __LP64__
hjl.toolsUnsubmitted
Done
ReplyInline Actions

Please check CET instead of IBT and SHSTK.

hjl.tools: Please check __CET__ instead of __IBT__ and __SHSTK__.
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

So here you mean: ?
-fcf-protection --> define macro "CET" 0x3 internally in compiler;
-fcf-protection=ibt --> define macro "CET" 0x1 internally in compiler;
-fcf-protection=shstk --> define macro "CET" 0x2 internally in compiler;

xiangzhangllvm: So here you mean: ? -fcf-protection --> define macro "CET"…
hjl.toolsUnsubmitted
Not Done
ReplyInline Actions

Yes.

hjl.tools: Yes.
# if __CET__ & 0x1
# define _CET_ENDBR endbr64
# else
# define _CET_ENDBR
# endif
# else
# if __CET__ & 0x1
# define _CET_ENDBR endbr32
# else
# define _CET_ENDBR
# endif
# endif
# ifdef __LP64__
# define __PROPERTY_ALIGN 3
# else
# define __PROPERTY_ALIGN 2
# endif
.pushsection ".note.gnu.property", "a"
.p2align __PROPERTY_ALIGN
.long 1f - 0f /* name length. */
.long 4f - 1f /* data length. */
/* NT_GNU_PROPERTY_TYPE_0. */
.long 5 /* note type. */
0:
.asciz "GNU" /* vendor name. */
1:
.p2align __PROPERTY_ALIGN
/* GNU_PROPERTY_X86_FEATURE_1_AND. */
.long 0xc0000002 /* pr_type. */
.long 3f - 2f /* pr_datasz. */
2:
/* GNU_PROPERTY_X86_FEATURE_1_XXX. */
.long __CET__
3:
.p2align __PROPERTY_ALIGN
4:
.popsection
#endif
#endif
#endif

clang/test/CodeGen/asm-cet.S

  • This file was added.
// REQUIRES: x86-registered-target
// RUN: %clang --target=x86_64-pc-linux -fcf-protection -include cet.h -c %s -o - | llvm-readelf -n | FileCheck %s
hjl.toolsUnsubmitted
Done
ReplyInline Actions

Please replace -DIBT -DSHSTK with -fcf-protection and also test i386-pc-linux.

hjl.tools: Please replace -D__IBT__ -D__SHSTK__ with -fcf-protection and also test i386-pc-linux.
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

You mean use "-fcf-protection" to define macro "CET" internally in compiler?

xiangzhangllvm: You mean use "-fcf-protection" to define macro "__CET__" internally in compiler?
hjl.toolsUnsubmitted
Not Done
ReplyInline Actions

Yes,

hjl.tools: Yes,
// RUN: %clang --target=x86_64-pc-linux -include cet.h -c %s -o - | llvm-readelf -S | FileCheck %s --check-prefixes=NOCET
// RUN: %clang --target=x86_64-pc-linux -include cet.h -S %s -o - | FileCheck %s --check-prefixes=NOENDBR
// RUN: %clang --target=x86_64-pc-linux -fcf-protection -include cet.h -S %s -o - | FileCheck %s --check-prefixes=ENDBR64
hjl.toolsUnsubmitted
Done
ReplyInline Actions

Add a function label and use _CET_ENDBR. You should check endbr32/endbr64.
You should assemble the same testcase without -fcf-protection. There should be
no endbr32/endbr64 nor CET marker.

hjl.tools: Add a function label and use _CET_ENDBR. You should check endbr32/endbr64. You should assemble…
// RUN: %clang --target=i386-pc-linux -fcf-protection -include cet.h -c %s -o - | llvm-readelf -n | FileCheck %s
// RUN: %clang --target=i386-pc-linux -include cet.h -c %s -o - | llvm-readelf -S | FileCheck %s --check-prefixes=NOCET
// RUN: %clang --target=i386-pc-linux -include cet.h -S %s -o - | FileCheck %s --check-prefixes=NOENDBR
// RUN: %clang --target=i386-pc-linux -fcf-protection -include cet.h -S %s -o - | FileCheck %s --check-prefixes=ENDBR32
// CHECK: IBT, SHSTK
// NOCET: Section Headers
// NOCET-NOT: .note.gnu.property
// NOENDBR: foo
LuoYuankeUnsubmitted
Not Done
ReplyInline Actions

This seems not test anything. Maybe test as below code.
NOENDBR-NOT: endbr

LuoYuanke: This seems not test anything. Maybe test as below code. NOENDBR-NOT: endbr
xiangzhangllvmAuthorUnsubmitted
Done
ReplyInline Actions

Oh! yes, sorry for this mistake.

xiangzhangllvm: Oh! yes, sorry for this mistake.
// NOENDBR-NOT: endbr
// ENDBR64: endbr64
// ENDBR32: endbr32
.text
.globl foo
.type foo, @function
foo:
_CET_ENDBR
ret