forked from rust-lang/rust
-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto merge of rust-lang#134760 - jieyouxu:enable-branch-protection-ch…
…eck-IBT, r=<try> Migrate `branch-protection-check-IBT` to rmake.rs - The Makefile version *never* ran because of Makefile syntax confusion because `ifeq ($(filter x86,$(LLVM_COMPONENTS)),x86_64)` [compares `x86` to `x86_64`, which always evaluates to false](rust-lang#126720 (comment)). - The test would've always failed because precompiled std is not built with `-Z cf-protection=branch`, but linkers require all input object files to indicate IBT support in order to enable IBT for the executable, which is not the case for std. - Thus, the test input file is instead changed to a `no_std` program. The GNU property note was added by rust-lang#110304 in order to address rust-lang#103001. Partially supersedes rust-lang#129156. The rmake.rs port was initially authored by `@Rejyr` in rust-lang#126720. This PR is co-authored with `@Oneirical` and `@Rejyr.` r? `@bjorn3` or reroll try-job: x86_64-msvc try-job: x86_64-apple-1 try-job: x86_64-apple-2
- Loading branch information
Showing
5 changed files
with
64 additions
and
53 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,12 @@ | ||
fn main() { | ||
println!("hello world"); | ||
#![no_std] | ||
#![no_main] | ||
|
||
#[panic_handler] | ||
fn panic(_info: &core::panic::PanicInfo) -> ! { | ||
loop {} | ||
} | ||
|
||
#[no_mangle] | ||
pub extern "C" fn main(argc: i32, argv: *const *const u8) -> i32 { | ||
0 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
// ignore-tidy-linelength | ||
//! A basic smoke test to check for GNU Property Note to see that for `x86_64` targets when [`-Z | ||
//! cf-protection=branch`][intel-cet-tracking-issue] is requested, that the | ||
//! | ||
//! ```text | ||
//! NT_GNU_PROPERTY_TYPE_0 Properties: x86 feature: IBT | ||
//! ``` | ||
//! | ||
//! Intel Indirect Branch Tracking (IBT) property is emitted. This was generated in | ||
//! <https://github.com/rust-lang/rust/pull/110304> in order to address | ||
//! <https://github.com/rust-lang/rust/issues/103001>. | ||
//! | ||
//! Note that the precompiled std currently is not compiled with `-Z cf-protection=branch`! | ||
//! | ||
//! In particular, it is expected that: | ||
//! | ||
//! > IBT to only be enabled for the process if `.note.gnu.property` indicates that the executable | ||
//! > was compiled with IBT support and the linker to only tell that IBT is supported if all input | ||
//! > object files indicate that they support IBT, which in turn requires the standard library to be | ||
//! > compiled with IBT enabled. | ||
//! | ||
//! Note that Intel IBT (Indirect Branch Tracking) is not to be confused with Arm's BTI (Branch | ||
//! Target Identification). See below for link to Intel IBT docs. | ||
//! | ||
//! ## Related links | ||
//! | ||
//! - [Tracking Issue for Intel Control Enforcement Technology (CET)][intel-cet-tracking-issue] | ||
//! - Zulip question about this test: | ||
//! <https://rust-lang.zulipchat.com/#narrow/channel/182449-t-compiler.2Fhelp/topic/.E2.9C.94.20Branch.20protection.20and.20.60.2Enote.2Egnu.2Eproperty.60> | ||
//! - Intel IBT docs: | ||
//! <https://edc.intel.com/content/www/us/en/design/ipla/software-development-platforms/client/platforms/alder-lake-desktop/12th-generation-intel-core-processors-datasheet-volume-1-of-2/006/indirect-branch-tracking/> | ||
//! | ||
//! [intel-cet-tracking-issue]: https://github.com/rust-lang/rust/issues/93754 | ||
// Only checks Intel IBT. | ||
//@ only-x86_64 | ||
//@ needs-llvm-components: x86 | ||
|
||
use run_make_support::{bare_rustc, llvm_readobj}; | ||
|
||
fn main() { | ||
// `main.rs` is `#![no_std]` to not pull in the currently not-compiled-with-IBT precompiled std. | ||
bare_rustc() | ||
.input("main.rs") | ||
.target("x86_64-unknown-linux-gnu") | ||
.panic("abort") | ||
.arg("-Zcf-protection=branch") | ||
.arg("-Clink-args=-nostartfiles") | ||
.arg("-Csave-temps") | ||
.run(); | ||
|
||
llvm_readobj().arg("-nW").input("main").run().assert_stdout_contains(".note.gnu.property"); | ||
} |