Index | Thread | Search

From:
Mark Kettenis <mark.kettenis@xs4all.nl>
Subject:
Re: security/libgcrypt: Sprinkle some ENDBR64 instructions
To:
ports@openbsd.org, ajacoutot@openbsd.org
Cc:
Renato Aguiar <renato@renatoaguiar.net>,
Date:
Thu, 22 Feb 2024 14:57:39 +0100

Download raw body.

Thread 
> From: Renato Aguiar <renato@renatoaguiar.net>
> Date: Wed, 21 Feb 2024 17:31:41 -0800

Apologies to Antoine, I forgot to CC you the first time I sent this
out.  Anyway, here is a new version.  Thinking about this a bit more
changing CFI_STARTPROC like we did on arm64 will make maintenance a
lot easier.  This will over-BTI, but I'm also looking at having the
linker remove unnecessary ENDBR64 instructions at the start of a
function.

ok?

On Tue, Feb 20 2024, Mark Kettenis wrote:

> I probably could have done this by changing CFI_STARTPROC, like 
> on
> arm64.  But that would "over-BTI" and there is a benefit in 
> trying to
> avoid that on amd64.
>
> Let me know what you think.

Index: security/libgcrypt/Makefile
===================================================================
RCS file: /cvs/ports/security/libgcrypt/Makefile,v
retrieving revision 1.93
diff -u -p -r1.93 Makefile
--- security/libgcrypt/Makefile	20 Nov 2023 16:53:17 -0000	1.93
+++ security/libgcrypt/Makefile	22 Feb 2024 13:57:00 -0000
@@ -6,7 +6,7 @@ USE_NOEXECONLY=		Yes
 COMMENT=		crypto library based on code used in GnuPG
 
 DISTNAME=		libgcrypt-1.10.3
-REVISION=		0
+REVISION=		1
 
 CATEGORIES=		security
 
Index: security/libgcrypt/patches/patch-cipher_asm-common-amd64_h
===================================================================
RCS file: security/libgcrypt/patches/patch-cipher_asm-common-amd64_h
diff -N security/libgcrypt/patches/patch-cipher_asm-common-amd64_h
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ security/libgcrypt/patches/patch-cipher_asm-common-amd64_h	22 Feb 2024 13:57:00 -0000
@@ -0,0 +1,21 @@
+Index: cipher/asm-common-amd64.h
+--- cipher/asm-common-amd64.h.orig
++++ cipher/asm-common-amd64.h
+@@ -68,7 +68,7 @@
+ 
+ #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
+ /* CFI directives to emit DWARF stack unwinding information. */
+-# define CFI_STARTPROC()            .cfi_startproc
++# define CFI_STARTPROC()            .cfi_startproc; endbr64
+ # define CFI_ENDPROC()              .cfi_endproc
+ # define CFI_REMEMBER_STATE()       .cfi_remember_state
+ # define CFI_RESTORE_STATE()        .cfi_restore_state
+@@ -136,7 +136,7 @@
+ 	    DW_SLEB128_28BIT(rsp_offs)
+ 
+ #else
+-# define CFI_STARTPROC()
++# define CFI_STARTPROC() endbr64
+ # define CFI_ENDPROC()
+ # define CFI_REMEMBER_STATE()
+ # define CFI_RESTORE_STATE()