Hi,
After some digging it turns out that boost 1.80 does have the required
endbr64 instructions in its context switch assembly code. But that is
not enough, to make PowerDNS Recursor work on my new laptop I had to
place three endbr64 instructions after jump_fcontext() calls in
pdns_recursor itself.
This way I could remove the USE_NOBTCFI marker.
So far only lightly tested but I thought I'd share this result as
others may benefit from this insight.
-Otto
Index: Makefile
===================================================================
RCS file: /home/cvs/ports/net/powerdns_recursor/Makefile,v
retrieving revision 1.46
diff -u -p -r1.46 Makefile
--- Makefile 30 Sep 2023 10:41:00 -0000 1.46
+++ Makefile 29 Oct 2023 08:04:58 -0000
@@ -4,7 +4,7 @@ V= 4.9.1
DISTNAME= pdns-recursor-${V}
EXTRACT_SUFX = .tar.bz2
PKGNAME= powerdns-recursor-${V}
-REVISION= 0
+REVISION= 1
CATEGORIES= net
@@ -16,9 +16,6 @@ PERMIT_PACKAGE= Yes
WANTLIB+= ${COMPILER_LIBCXX} boost_context-mt boost_filesystem-mt
WANTLIB+= boost_system-mt boost_thread-mt c crypto curl fstrm m
WANTLIB+= sodium ssl z
-
-# boost_context 1.80.0 doesn't have landing pads (1.81.0 should fix)
-USE_NOBTCFI= Yes
SITES= https://downloads.powerdns.com/releases/
MAINTAINER= Otto Moerbeek <o...@drijf.net>
Index: patches/patch-mtasker_fcontext_cc
===================================================================
RCS file: patches/patch-mtasker_fcontext_cc
diff -N patches/patch-mtasker_fcontext_cc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-mtasker_fcontext_cc 29 Oct 2023 08:04:58 -0000
@@ -0,0 +1,48 @@
+Index: mtasker_fcontext.cc
+--- mtasker_fcontext.cc.orig
++++ mtasker_fcontext.cc
+@@ -32,6 +32,20 @@ using boost::context::make_fcontext;
+ using boost::context::detail::make_fcontext;
+ #endif /* BOOST_VERSION < 106100 */
+
++# ifdef __LP64__
++# if __CET__ & 0x1
++# define _CET_ENDBR __asm("endbr64")
++# else
++# define _CET_ENDBR
++# endif
++# else
++# if __CET__ & 0x1
++# define _CET_ENDBR __asm("endbr32")
++# else
++# define _CET_ENDBR
++# endif
++# endif
++
+ #ifdef PDNS_USE_VALGRIND
+ #include <valgrind/valgrind.h>
+ #endif /* PDNS_USE_VALGRIND */
+@@ -132,6 +146,7 @@ extern "C"
+ static_cast<fcontext_t>(args->prev_ctx), 0);
+ #else
+ transfer_t res = jump_fcontext(t.fctx, 0);
++ _CET_ENDBR;
+ /* we got switched back from pdns_swapcontext() */
+ if (res.data) {
+ /* if res.data is not a nullptr, it holds a pointer to the context
+@@ -203,6 +218,7 @@ void pdns_swapcontext(pdns_ucontext_t& __restrict octx
+ std::rethrow_exception(origctx->exception);
+ #else
+ transfer_t res = jump_fcontext(static_cast<fcontext_t>(ctx.uc_mcontext),
&octx.uc_mcontext);
++ _CET_ENDBR;
+ if (res.data) {
+ /* if res.data is not a nullptr, it holds a pointer to the context
+ we just switched from, and we need to fill it to be able to
+@@ -235,6 +251,7 @@ void pdns_makecontext(pdns_ucontext_t& ctx, std::funct
+ #else
+ transfer_t res = jump_fcontext(static_cast<fcontext_t>(ctx.uc_mcontext),
+ &args);
++ _CET_ENDBR;
+ /* back from threadwrapper, updating the context */
+ ctx.uc_mcontext = res.fctx;
+ #endif
