From 51994e505dbb1cd0dd76869ec962e2948b77b585 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hongjiu.lu@intel.com>
Date: Fri, 31 Jan 2020 09:13:27 -0800
Subject: x86_64: Always generate .note.gnu.property section for ELF outputs

We should always generate .note.gnu.property section in x86_64 assembly
codes for ELF outputs to mark Intel CET support since all input files
must be marked with Intel CET support in order for linker to mark output
with Intel CET support.  Also .note.gnu.property section in x32 should
be aligned to 4 bytes, not 8 bytes and .p2align should be used
consistently.

Verified with

$ CC="gcc -Wl,-z,cet-report=error" ./Configure shared linux-x86_64 -fcf-protection
$ make
$ make test

and

$ CC="gcc -mx32 -Wl,-z,cet-report=error" ./Configure shared linux-x32 -fcf-protection
$ make
$ make test # <<< 90-test_sslapi.t failed because 8-byte pointer size.

Fix #10896

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10985)
---
 crypto/perlasm/x86_64-xlate.pl | 21 ++++++++++++++-------
 1 file changed, 14 insertions(+), 7 deletions(-)

(limited to 'crypto/perlasm')

diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index e5644014ab..7a282109ef 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -101,24 +101,33 @@ elsif (!$gas)
     $decor="\$L\$";
 }
 
-my $cet_property = <<'_____';
+my $cet_property;
+if ($flavour =~ /elf/) {
+	# Always generate .note.gnu.property section for ELF outputs to
+	# mark Intel CET support since all input files must be marked
+	# with Intel CET support in order for linker to mark output with
+	# Intel CET support.
+	my $p2align=3; $p2align=2 if ($flavour eq "elf32");
+	$cet_property = <<_____;
 	.section ".note.gnu.property", "a"
-	.align 8
+	.p2align $p2align
 	.long 1f - 0f
 	.long 4f - 1f
 	.long 5
 0:
 	.asciz "GNU"
 1:
-	.align 8
+	.p2align $p2align
 	.long 0xc0000002
 	.long 3f - 2f
 2:
 	.long 3
 3:
-	.p2align 3
+	.p2align $p2align
 4:
 _____
+}
+
 my $current_segment;
 my $current_function;
 my %globals;
@@ -1145,9 +1154,7 @@ my $vprotq = sub {
 # Intel Control-flow Enforcement Technology extension. All functions and
 # indirect branch targets will have to start with this instruction...
 
-my $used_cet = 0;
 my $endbranch = sub {
-    $used_cet = 1;
     (0xf3,0x0f,0x1e,0xfa);
 };
 
@@ -1233,7 +1240,7 @@ while(defined(my $line=<>)) {
     print $line,"\n";
 }
 
-print "$cet_property"			if ($gas && $used_cet);
+print "$cet_property"			if ($cet_property);
 print "\n$current_segment\tENDS\n"	if ($current_segment && $masm);
 print "END\n"				if ($masm);
 
-- 
cgit v1.2.3