arm64 BTI for libnettle

Thu, 20 Apr 2023 13:26:53 -0700 

So libnettle is interesting.  I already has support for the x86
variant.  This is done through defining some variables based on
autoconf checks.  We can add similar checks and defines for arm64.
Maybe the names of the defines don't make sense, but that is something
to discuss with upstream I guess?

This diff modifies both configure.ac and configure.  In fact the
configure patch is generated by just running the right version of
autoconf.  However, this leads to errors in the "fake" install phase
because it tries to run autoheader.  I worked around this by dropping
the configure.ac patch.  But you folks probably know better what to do
here.

Would be nice if one of you could take it from here.


Index: security/libnettle/patches/patch-configure
===================================================================
RCS file: security/libnettle/patches/patch-configure
diff -N security/libnettle/patches/patch-configure
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ security/libnettle/patches/patch-configure  20 Apr 2023 20:18:14 -0000
@@ -0,0 +1,94 @@
+Index: configure
+--- configure.orig
++++ configure
+@@ -7489,6 +7489,90 @@ if test "$nettle_cv_asm_x86_gnu_property" = yes; then
+       .popsection'
+ fi
+ 
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if Arm BTI is enabled" >&5
++$as_echo_n "checking if Arm BTI is enabled... " >&6; }
++if ${nettle_cv_asm_arm_bti+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++#ifndef __ARM_FEATURE_BTI_DEFAULT
++#error Arm BTI is not enabled
++#endif
++
++int
++main ()
++{
++
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_compile "$LINENO"; then :
++  nettle_cv_asm_arm_bti=yes
++else
++  nettle_cv_asm_arm_bti=no
++fi
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $nettle_cv_asm_arm_bti" >&5
++$as_echo "$nettle_cv_asm_arm_bti" >&6; }
++if test "$nettle_cv_asm_arm_bti" = yes; then
++  ASM_X86_ENDBR="bti c"
++  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if .note.gnu.property 
section is needed" >&5
++$as_echo_n "checking if .note.gnu.property section is needed... " >&6; }
++if ${nettle_cv_asm_arm_gnu_property+:} false; then :
++  $as_echo_n "(cached) " >&6
++else
++  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h.  */
++
++#if !defined __ELF__ || !defined __ARM_FEATURE_BTI_DEFAULT
++#error GNU property is not needed
++#endif
++
++int
++main ()
++{
++
++  ;
++  return 0;
++}
++_ACEOF
++if ac_fn_c_try_compile "$LINENO"; then :
++  nettle_cv_asm_arm_gnu_property=yes
++else
++  nettle_cv_asm_arm_gnu_property=no
++fi
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: 
$nettle_cv_asm_arm_gnu_property" >&5
++$as_echo "$nettle_cv_asm_arm_gnu_property" >&6; }
++else
++  nettle_cv_asm_arm_gnu_property=no
++fi
++if test "$nettle_cv_asm_arm_gnu_property" = yes; then
++  ASM_X86_MARK_CET='
++      .pushsection ".note.gnu.property", "a"
++      .p2align 3
++      .long 1f - 0f
++      .long 4f - 1f
++      .long 5
++0:
++      .asciz "GNU"
++1:
++      .p2align 3
++      .long 0xc0000000
++      .long 3f - 2f
++2:
++      .long 1
++3:
++      .p2align 3
++4:
++      .popsection'
++fi
++
+ 
+ 
+ 
Index: security/libnettle/patches/patch-configure_ac
===================================================================
RCS file: security/libnettle/patches/patch-configure_ac
diff -N security/libnettle/patches/patch-configure_ac
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ security/libnettle/patches/patch-configure_ac       20 Apr 2023 20:18:14 
-0000
@@ -0,0 +1,58 @@
+Index: configure.ac
+--- configure.ac.orig
++++ configure.ac
+@@ -1047,6 +1047,54 @@ if test "$nettle_cv_asm_x86_gnu_property" = yes; then
+       .popsection'
+ fi
+ 
++dnl  Define
++dnl  1. ASM_X86_ENDBR for bti.
++dnl  2. ASM_X86_MARK_CET to add a .note.gnu.property section to mark
++dnl  Arm BTI support if needed.
++AC_CACHE_CHECK([if Arm BTI is enabled],
++  [nettle_cv_asm_arm_bti],
++  [AC_TRY_COMPILE([
++#ifndef __ARM_FEATURE_BTI_DEFAULT
++#error Arm BTI is not enabled
++#endif
++  ], [],
++  [nettle_cv_asm_arm_bti=yes],
++  [nettle_cv_asm_arm_bti=no])])
++if test "$nettle_cv_asm_arm_bti" = yes; then
++  ASM_X86_ENDBR="bti c"
++  AC_CACHE_CHECK([if .note.gnu.property section is needed],
++    [nettle_cv_asm_arm_gnu_property],
++    [AC_TRY_COMPILE([
++#if !defined __ELF__ || !defined __ARM_FEATURE_BTI_DEFAULT
++#error GNU property is not needed
++#endif
++    ], [],
++    [nettle_cv_asm_arm_gnu_property=yes],
++    [nettle_cv_asm_arm_gnu_property=no])])
++else
++  nettle_cv_asm_arm_gnu_property=no
++fi
++if test "$nettle_cv_asm_arm_gnu_property" = yes; then
++  ASM_X86_MARK_CET='
++      .pushsection ".note.gnu.property", "a"
++      .p2align 3
++      .long 1f - 0f
++      .long 4f - 1f
++      .long 5
++0:
++      .asciz "GNU"
++1:
++      .p2align 3
++      .long 0xc0000000
++      .long 3f - 2f
++2:
++      .long 1
++3:
++      .p2align 3
++4:
++      .popsection'
++fi
++
+ AC_SUBST(ASM_SYMBOL_PREFIX)
+ AC_SUBST(ASM_ELF_STYLE)
+ AC_SUBST(ASM_COFF_STYLE)

Reply via email to