commit: 662133e23b6925c1d1adf830f3650a9ddabb92de Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Wed Oct 16 03:22:09 2024 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Oct 16 03:27:35 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=662133e2
dev-libs/libffi: backport further patches (arm64 + BTI/PAC, ASAN) I should've done this earlier in -r1 but I equivocated. Signed-off-by: Sam James <sam <AT> gentoo.org> .../files/libffi-3.4.6-arm64-bti-spelling.patch | 26 ++ dev-libs/libffi/files/libffi-3.4.6-arm64-bti.patch | 81 +++++ .../files/libffi-3.4.6-arm64-fix-build.patch | 36 +++ .../files/libffi-3.4.6-arm64-support-pac.patch | 332 +++++++++++++++++++++ dev-libs/libffi/files/libffi-3.4.6-asan.patch | 88 ++++++ .../files/libffi-3.4.6-regenerate-autotools.patch | 48 +++ dev-libs/libffi/libffi-3.4.6-r2.ebuild | 94 ++++++ 7 files changed, 705 insertions(+) diff --git a/dev-libs/libffi/files/libffi-3.4.6-arm64-bti-spelling.patch b/dev-libs/libffi/files/libffi-3.4.6-arm64-bti-spelling.patch new file mode 100644 index 000000000000..2a06292546d0 --- /dev/null +++ b/dev-libs/libffi/files/libffi-3.4.6-arm64-bti-spelling.patch @@ -0,0 +1,26 @@ +https://github.com/libffi/libffi/commit/38732240c125b6af9db66d940c0725a69292cc49 + +From 38732240c125b6af9db66d940c0725a69292cc49 Mon Sep 17 00:00:00 2001 +From: Bill Roberts <152999275+billat...@users.noreply.github.com> +Date: Sat, 1 Jun 2024 12:33:28 -0500 +Subject: [PATCH] ffi: fix spelling mistake (#833) + +Signed-off-by: Bill Roberts <bill.robe...@arm.com> +--- + src/aarch64/ffi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/aarch64/ffi.c b/src/aarch64/ffi.c +index 8661a352..b13738e3 100644 +--- a/src/aarch64/ffi.c ++++ b/src/aarch64/ffi.c +@@ -682,7 +682,7 @@ ffi_call_int (ffi_cif *cif, void (*fn)(void), void *orig_rvalue, + else if (flags & AARCH64_RET_NEED_COPY) + rsize = 16; + +- /* Allocate consectutive stack for everything we'll need. ++ /* Allocate consecutive stack for everything we'll need. + The frame uses 40 bytes for: lr, fp, rvalue, flags, sp */ + context = alloca (sizeof(struct call_context) + stack_bytes + 40 + rsize); + stack = context + 1; + diff --git a/dev-libs/libffi/files/libffi-3.4.6-arm64-bti.patch b/dev-libs/libffi/files/libffi-3.4.6-arm64-bti.patch new file mode 100644 index 000000000000..66dc9f181b79 --- /dev/null +++ b/dev-libs/libffi/files/libffi-3.4.6-arm64-bti.patch @@ -0,0 +1,81 @@ +https://github.com/libffi/libffi/commit/f64141ee3f9e455a060bd09e9ab72b6c94653d7c + +From f64141ee3f9e455a060bd09e9ab72b6c94653d7c Mon Sep 17 00:00:00 2001 +From: Bill Roberts <152999275+billat...@users.noreply.github.com> +Date: Tue, 19 Mar 2024 11:44:55 -0500 +Subject: [PATCH] Fix bti support (#830) + +* bti: add identifier to ffi_closure_SYSV_V_alt + +This was missing BTI_C identifier. + +Old Code: +ffi_closure_SYSV_V_alt: +0000fffff7f70500: ldr x17, [sp, #8] + +Signed-off-by: Bill Roberts <bill.robe...@arm.com> + +* testsuite: fix whitespace in Makefile.am + +Signed-off-by: Bill Roberts <bill.robe...@arm.com> + +* aarch64: correct comment describing BTI + +The comment is incorrect, BTI is enabled per mapping via mprotect with +PROT_BTI flag set, not per-process. When the loader loads the library, +if the GNU Notes section is missing this, PROT_BTI will not be enabled +for that mapping, but is independent of other mappings. + +Signed-off-by: Bill Roberts <bill.robe...@arm.com> + +--------- + +Signed-off-by: Bill Roberts <bill.robe...@arm.com> +--- + src/aarch64/sysv.S | 4 +++- + testsuite/Makefile.am | 2 +- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/aarch64/sysv.S b/src/aarch64/sysv.S +index fdd0e8b7..60cfa505 100644 +--- a/src/aarch64/sysv.S ++++ b/src/aarch64/sysv.S +@@ -68,7 +68,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ + #define BTI_J hint #36 + /* + * The ELF Notes section needs to indicate if BTI is supported, as the first ELF loaded that doesn't +- * declare this support disables it for the whole process. ++ * declare this support disables it for memory region containing the loaded library. + */ + # define GNU_PROPERTY_AARCH64_BTI (1 << 0) /* Has Branch Target Identification */ + .text +@@ -527,6 +527,7 @@ L(do_closure): + #if defined(FFI_EXEC_STATIC_TRAMP) + .align 4 + CNAME(ffi_closure_SYSV_V_alt): ++ BTI_C + /* See the comments above trampoline_code_table. */ + ldr x17, [sp, #8] /* Load closure in x17 */ + add sp, sp, #16 /* Restore the stack */ +@@ -541,6 +542,7 @@ CNAME(ffi_closure_SYSV_V_alt): + + .align 4 + CNAME(ffi_closure_SYSV_alt): ++ BTI_C + /* See the comments above trampoline_code_table. */ + ldr x17, [sp, #8] /* Load closure in x17 */ + add sp, sp, #16 /* Restore the stack */ +diff --git a/testsuite/Makefile.am b/testsuite/Makefile.am +index d286cf7f..6ba98e12 100644 +--- a/testsuite/Makefile.am ++++ b/testsuite/Makefile.am +@@ -8,7 +8,7 @@ CLEANFILES = *.exe core* *.log *.sum + + EXTRA_DIST = config/default.exp emscripten/build.sh emscripten/conftest.py \ + emscripten/node-tests.sh emscripten/test.html emscripten/test_libffi.py \ +- emscripten/build-tests.sh lib/libffi.exp lib/target-libpath.exp \ ++ emscripten/build-tests.sh lib/libffi.exp lib/target-libpath.exp \ + lib/wrapper.exp libffi.bhaible/Makefile libffi.bhaible/README \ + libffi.bhaible/alignof.h libffi.bhaible/bhaible.exp libffi.bhaible/test-call.c \ + libffi.bhaible/test-callback.c libffi.bhaible/testcases.c libffi.call/align_mixed.c \ + diff --git a/dev-libs/libffi/files/libffi-3.4.6-arm64-fix-build.patch b/dev-libs/libffi/files/libffi-3.4.6-arm64-fix-build.patch new file mode 100644 index 000000000000..20eaf6a2d8cd --- /dev/null +++ b/dev-libs/libffi/files/libffi-3.4.6-arm64-fix-build.patch @@ -0,0 +1,36 @@ +https://github.com/libffi/libffi/commit/9c9e8368e49804c4f7c35ac9f0d7c1d0d533308b + +From 9c9e8368e49804c4f7c35ac9f0d7c1d0d533308b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Martin=20Storsj=C3=B6?= <mar...@martin.st> +Date: Tue, 4 Jun 2024 14:13:08 +0300 +Subject: [PATCH] aarch64: Add a missing no-op define of SIGN_LR_LINUX_ONLY + (#838) + +This is needed at least if building for Linux, with a toolchain +that doesn't default to having PAC enabled, fixing build errors +since 45d284f2d066cc3a080c5be88e51b4d934349797. +--- + src/aarch64/internal.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/aarch64/internal.h b/src/aarch64/internal.h +index c39f9cb2..50fa5c13 100644 +--- a/src/aarch64/internal.h ++++ b/src/aarch64/internal.h +@@ -88,6 +88,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ + #define AUTH_LR_AND_RET retab + #define AUTH_LR_WITH_REG(x) autib lr, x + #define BRANCH_AND_LINK_TO_REG blraaz ++ #define SIGN_LR_LINUX_ONLY + #define BRANCH_TO_REG braaz + #define PAC_CFI_WINDOW_SAVE + /* Linux PAC Support */ +@@ -136,6 +137,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ + #define AUTH_LR_AND_RET ret + #define AUTH_LR_WITH_REG(x) + #define BRANCH_AND_LINK_TO_REG blr ++ #define SIGN_LR_LINUX_ONLY + #define BRANCH_TO_REG br + #define PAC_CFI_WINDOW_SAVE + #endif /* HAVE_ARM64E_PTRAUTH */ + diff --git a/dev-libs/libffi/files/libffi-3.4.6-arm64-support-pac.patch b/dev-libs/libffi/files/libffi-3.4.6-arm64-support-pac.patch new file mode 100644 index 000000000000..288533367499 --- /dev/null +++ b/dev-libs/libffi/files/libffi-3.4.6-arm64-support-pac.patch @@ -0,0 +1,332 @@ +https://github.com/libffi/libffi/commit/45d284f2d066cc3a080c5be88e51b4d934349797 + +From 45d284f2d066cc3a080c5be88e51b4d934349797 Mon Sep 17 00:00:00 2001 +From: Bill Roberts <152999275+billat...@users.noreply.github.com> +Date: Sat, 1 Jun 2024 12:34:53 -0500 +Subject: [PATCH] aarch64: support pointer authentication (#834) + +* aarch64: fix callstack in ffi_call_SYSV + +The debug stack gets corrupted between the frame and stack pivots, update +the CFI directives so the call stack stays correct in the debugger. + +str x9, [x1, #32] // stack is ffi_call_SYSV() -> ffi_call_int() -> ffi_call_int() -> main() (good) +mov x29, x1 // stack is ffi_call_SYSV() -> ffi_call_int() -> ffi_call_int() -> ffi_call() -> main() (bad) +mov sp, x0 // stack is ffi_call_SYSV() -> ffi_call_int() -> ffi_call_int() -> main() (good) + +The CFA data needs to be updated around the pivots, after this patch the +callstack stays correct. + +Signed-off-by: Bill Roberts <bill.robe...@arm.com> + +* aarch64: remove uneeded CFI directive + +This directive doesn't actually set the CFA to anything valid, and +during unwinding this isn't even used. Note that the PAC/Darwin usage +is quite suspect as well, as the CFA is either x1 or x29 after the frame +pivot, and the CFA address is what's used as the modifier when verifying +the PAC. At least this is the behavior on Linux with PAC, I need to +verify ARME ABI unwinding. So for now leave Darwin as is. + +Signed-off-by: Bill Roberts <bill.robe...@arm.com> + +* ptrauth: rename define for clarity + +Rename the HAVE_PTRAUTH define for clarity that its associated with the +ARM64E ABI and not the ARM64 ABI that can be supported on Linux and +enabled with -mbranch-protection=standard. + +Signed-off-by: Bill Roberts <bill.robe...@arm.com> + +* aarch64: add PAC support to ffi_call_SYSV + +Support AARCH64 Pointer Authentication Codes (PAC) within ffi_call_SYSV +and support exception unwinding. + +The Linux ABI for PAC is to use paciasp/autiasp instructions which also +have hint space equivelent instructions. They sign the LR (x30) with the +A key and the current stack pointer as the salt. Note that this can also be +configured to use the B key and will use pacibsp/autibsp hint instructions. + +The Linux ABI for exception frame data when PAC is enabled assumes that the +Connonical Frame Address, or CFA is equal to the stack pointer. I.E sp is +equal to x29 (fp). When the unwinder is invoked the cfa will point to +the frame which will include the *signed* return address from the LR. +This will then be passed to __builtin_aarch64_autia1716 where the CFA +will be used as the salt and stored to register x16 and register x17 +will contain the signed address to demangle. This can be noted in: + - https://github.com/gcc-mirror/gcc/blob/d6d7afcdbc04adb0ec42a44b2d7e05600945af42/libgcc/config/aarch64/aarch64-unwind.h#L56 + +The other required portion of this is to indicate to the unwinder that +this is a signed address that needs to go the special demangle route in +the unwinder. This is accomplished by using CFI directive "cfi_window_save" +which marks that frame as being signed. + +Putting all of this together is a bit tricky, as the internals of +ffi_call_SYSV the callee allocates its stack and frame and passes it in +arg1 (x0) and arg2 (x1) to the called function, where that function +pivots its stack, so care must be taken to get the sp == fp before +paciasp is called and also restore that state before autiasp is called. + +Signed-off-by: Bill Roberts <bill.robe...@arm.com> + +--------- + +Signed-off-by: Bill Roberts <bill.robe...@arm.com> +--- + configure.ac | 6 ++-- + include/ffi_cfi.h | 2 ++ + src/aarch64/ffi.c | 4 +-- + src/aarch64/internal.h | 76 ++++++++++++++++++++++++++++++++---------- + src/aarch64/sysv.S | 20 ++++++----- + src/closures.c | 6 ++-- + 6 files changed, 81 insertions(+), 33 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 816bfd666..b35a999fb 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -189,17 +189,17 @@ AC_CACHE_CHECK([whether compiler supports pointer authentication], + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[ + #ifdef __clang__ + # if __has_feature(ptrauth_calls) +-# define HAVE_PTRAUTH 1 ++# define HAVE_ARM64E_PTRAUTH 1 + # endif + #endif + +-#ifndef HAVE_PTRAUTH ++#ifndef HAVE_ARM64E_PTRAUTH + # error Pointer authentication not supported + #endif + ]])],[libffi_cv_as_ptrauth=yes],[libffi_cv_as_ptrauth=no]) + ]) + if test "x$libffi_cv_as_ptrauth" = xyes; then +- AC_DEFINE(HAVE_PTRAUTH, 1, ++ AC_DEFINE(HAVE_ARM64E_PTRAUTH, 1, + [Define if your compiler supports pointer authentication.]) + fi + +diff --git a/include/ffi_cfi.h b/include/ffi_cfi.h +index f4c292d00..856566324 100644 +--- a/include/ffi_cfi.h ++++ b/include/ffi_cfi.h +@@ -49,6 +49,7 @@ + # define cfi_personality(enc, exp) .cfi_personality enc, exp + # define cfi_lsda(enc, exp) .cfi_lsda enc, exp + # define cfi_escape(...) .cfi_escape __VA_ARGS__ ++# define cfi_window_save .cfi_window_save + + #else + +@@ -71,6 +72,7 @@ + # define cfi_personality(enc, exp) + # define cfi_lsda(enc, exp) + # define cfi_escape(...) ++# define cfi_window_save + + #endif /* HAVE_AS_CFI_PSEUDO_OP */ + #endif /* FFI_CFI_H */ +diff --git a/src/aarch64/ffi.c b/src/aarch64/ffi.c +index b13738e38..964934dfb 100644 +--- a/src/aarch64/ffi.c ++++ b/src/aarch64/ffi.c +@@ -63,7 +63,7 @@ struct call_context + #if FFI_EXEC_TRAMPOLINE_TABLE + + #ifdef __MACH__ +-#ifdef HAVE_PTRAUTH ++#ifdef HAVE_ARM64E_PTRAUTH + #include <ptrauth.h> + #endif + #include <mach/vm_param.h> +@@ -877,7 +877,7 @@ ffi_prep_closure_loc (ffi_closure *closure, + + #if FFI_EXEC_TRAMPOLINE_TABLE + # ifdef __MACH__ +-# ifdef HAVE_PTRAUTH ++# ifdef HAVE_ARM64E_PTRAUTH + codeloc = ptrauth_auth_data(codeloc, ptrauth_key_function_pointer, 0); + # endif + void **config = (void **)((uint8_t *)codeloc - PAGE_MAX_SIZE); +diff --git a/src/aarch64/internal.h b/src/aarch64/internal.h +index b5d102b4a..c39f9cb22 100644 +--- a/src/aarch64/internal.h ++++ b/src/aarch64/internal.h +@@ -81,20 +81,62 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ + /* Helpers for writing assembly compatible with arm ptr auth */ + #ifdef LIBFFI_ASM + +-#ifdef HAVE_PTRAUTH +-#define SIGN_LR pacibsp +-#define SIGN_LR_WITH_REG(x) pacib lr, x +-#define AUTH_LR_AND_RET retab +-#define AUTH_LR_WITH_REG(x) autib lr, x +-#define BRANCH_AND_LINK_TO_REG blraaz +-#define BRANCH_TO_REG braaz +-#else +-#define SIGN_LR +-#define SIGN_LR_WITH_REG(x) +-#define AUTH_LR_AND_RET ret +-#define AUTH_LR_WITH_REG(x) +-#define BRANCH_AND_LINK_TO_REG blr +-#define BRANCH_TO_REG br +-#endif +- +-#endif ++ #if defined(HAVE_ARM64E_PTRAUTH) ++ /* ARM64E ABI For Darwin */ ++ #define SIGN_LR pacibsp ++ #define SIGN_LR_WITH_REG(x) pacib lr, x ++ #define AUTH_LR_AND_RET retab ++ #define AUTH_LR_WITH_REG(x) autib lr, x ++ #define BRANCH_AND_LINK_TO_REG blraaz ++ #define BRANCH_TO_REG braaz ++ #define PAC_CFI_WINDOW_SAVE ++ /* Linux PAC Support */ ++ #elif defined(__ARM_FEATURE_PAC_DEFAULT) ++ #define GNU_PROPERTY_AARCH64_POINTER_AUTH (1 << 1) ++ #define PAC_CFI_WINDOW_SAVE cfi_window_save ++ #define TMP_REG x9 ++ #define BRANCH_TO_REG br ++ #define BRANCH_AND_LINK_TO_REG blr ++ #define SIGN_LR_LINUX_ONLY SIGN_LR ++ /* Which key to sign with? */ ++ #if (__ARM_FEATURE_PAC_DEFAULT & 1) == 1 ++ /* Signed with A-key */ ++ #define SIGN_LR hint #25 /* paciasp */ ++ #define AUTH_LR hint #29 /* autiasp */ ++ #else ++ /* Signed with B-key */ ++ #define SIGN_LR hint #27 /* pacibsp */ ++ #define AUTH_LR hint #31 /* autibsp */ ++ #endif /* __ARM_FEATURE_PAC_DEFAULT */ ++ #define AUTH_LR_WITH_REG(x) _auth_lr_with_reg x ++.macro _auth_lr_with_reg modifier ++ mov TMP_REG, sp ++ mov sp, \modifier ++ AUTH_LR ++ mov sp, TMP_REG ++.endm ++ #define SIGN_LR_WITH_REG(x) _sign_lr_with_reg x ++.macro _sign_lr_with_reg modifier ++ mov TMP_REG, sp ++ mov sp, \modifier ++ SIGN_LR ++ mov sp, TMP_REG ++.endm ++ #define AUTH_LR_AND_RET _auth_lr_and_ret modifier ++.macro _auth_lr_and_ret modifier ++ AUTH_LR ++ ret ++.endm ++ #undef TMP_REG ++ ++ /* No Pointer Auth */ ++ #else ++ #define SIGN_LR ++ #define SIGN_LR_WITH_REG(x) ++ #define AUTH_LR_AND_RET ret ++ #define AUTH_LR_WITH_REG(x) ++ #define BRANCH_AND_LINK_TO_REG blr ++ #define BRANCH_TO_REG br ++ #define PAC_CFI_WINDOW_SAVE ++ #endif /* HAVE_ARM64E_PTRAUTH */ ++#endif /* LIBFFI_ASM */ +diff --git a/src/aarch64/sysv.S b/src/aarch64/sysv.S +index 60cfa505b..6a9a5611f 100644 +--- a/src/aarch64/sysv.S ++++ b/src/aarch64/sysv.S +@@ -92,27 +92,27 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ + cfi_startproc + CNAME(ffi_call_SYSV): + BTI_C +- /* Sign the lr with x1 since that is where it will be stored */ ++ PAC_CFI_WINDOW_SAVE ++ /* Sign the lr with x1 since that is the CFA which is the modifer used in auth instructions */ + SIGN_LR_WITH_REG(x1) + +- /* Use a stack frame allocated by our caller. */ +-#if defined(HAVE_PTRAUTH) && defined(__APPLE__) ++#if defined(HAVE_ARM64E_PTRAUTH) && defined(__APPLE__) + /* darwin's libunwind assumes that the cfa is the sp and that's the data + * used to sign the lr. In order to allow unwinding through this + * function it is necessary to point the cfa at the signing register. + */ + cfi_def_cfa(x1, 0); +-#else +- cfi_def_cfa(x1, 40); + #endif ++ /* Use a stack frame allocated by our caller. */ + stp x29, x30, [x1] ++ cfi_def_cfa_register(x1) ++ cfi_rel_offset (x29, 0) ++ cfi_rel_offset (x30, 8) + mov x9, sp + str x9, [x1, #32] + mov x29, x1 +- mov sp, x0 + cfi_def_cfa_register(x29) +- cfi_rel_offset (x29, 0) +- cfi_rel_offset (x30, 8) ++ mov sp, x0 + + mov x9, x2 /* save fn */ + mov x8, x3 /* install structure return */ +@@ -326,6 +326,7 @@ CNAME(ffi_closure_SYSV_V): + cfi_startproc + BTI_C + SIGN_LR ++ PAC_CFI_WINDOW_SAVE + stp x29, x30, [sp, #-ffi_closure_SYSV_FS]! + cfi_adjust_cfa_offset (ffi_closure_SYSV_FS) + cfi_rel_offset (x29, 0) +@@ -351,6 +352,7 @@ CNAME(ffi_closure_SYSV_V): + CNAME(ffi_closure_SYSV): + BTI_C + SIGN_LR ++ PAC_CFI_WINDOW_SAVE + stp x29, x30, [sp, #-ffi_closure_SYSV_FS]! + cfi_adjust_cfa_offset (ffi_closure_SYSV_FS) + cfi_rel_offset (x29, 0) +@@ -648,6 +650,8 @@ CNAME(ffi_go_closure_SYSV_V): + cfi_startproc + CNAME(ffi_go_closure_SYSV): + BTI_C ++ SIGN_LR_LINUX_ONLY ++ PAC_CFI_WINDOW_SAVE + stp x29, x30, [sp, #-ffi_closure_SYSV_FS]! + cfi_adjust_cfa_offset (ffi_closure_SYSV_FS) + cfi_rel_offset (x29, 0) +diff --git a/src/closures.c b/src/closures.c +index 67a94a822..02cf78fa2 100644 +--- a/src/closures.c ++++ b/src/closures.c +@@ -164,7 +164,7 @@ ffi_tramp_is_present (__attribute__((unused)) void *ptr) + + #include <mach/mach.h> + #include <pthread.h> +-#ifdef HAVE_PTRAUTH ++#ifdef HAVE_ARM64E_PTRAUTH + #include <ptrauth.h> + #endif + #include <stdio.h> +@@ -223,7 +223,7 @@ ffi_trampoline_table_alloc (void) + /* Remap the trampoline table on top of the placeholder page */ + trampoline_page = config_page + PAGE_MAX_SIZE; + +-#ifdef HAVE_PTRAUTH ++#ifdef HAVE_ARM64E_PTRAUTH + trampoline_page_template = (vm_address_t)(uintptr_t)ptrauth_auth_data((void *)&ffi_closure_trampoline_table_page, ptrauth_key_function_pointer, 0); + #else + trampoline_page_template = (vm_address_t)&ffi_closure_trampoline_table_page; +@@ -268,7 +268,7 @@ ffi_trampoline_table_alloc (void) + ffi_trampoline_table_entry *entry = &table->free_list_pool[i]; + entry->trampoline = + (void *) (trampoline_page + (i * FFI_TRAMPOLINE_SIZE)); +-#ifdef HAVE_PTRAUTH ++#ifdef HAVE_ARM64E_PTRAUTH + entry->trampoline = ptrauth_sign_unauthenticated(entry->trampoline, ptrauth_key_function_pointer, 0); + #endif + + diff --git a/dev-libs/libffi/files/libffi-3.4.6-asan.patch b/dev-libs/libffi/files/libffi-3.4.6-asan.patch new file mode 100644 index 000000000000..4c62f970a3c9 --- /dev/null +++ b/dev-libs/libffi/files/libffi-3.4.6-asan.patch @@ -0,0 +1,88 @@ +https://github.com/libffi/libffi/commit/01db744b4af8665f9b7494d00cc2a1cc45ee9636 + +From 01db744b4af8665f9b7494d00cc2a1cc45ee9636 Mon Sep 17 00:00:00 2001 +From: KJ Tsanaktsidis <k...@kjtsanaktsidis.id.au> +Date: Fri, 20 Sep 2024 20:00:49 +1000 +Subject: [PATCH] Disable ASAN in ffi_call_int functions (#858) + +The pattern for several of the architectures is for ffi_call_int to +stack-allocate some arguments + the registers, and then +ffi_call_$ARCH will pop the top of that structure into registers, and +then adjust the stack pointer such that the alloca'd buffer _becomes_ +the stack-passed arguments for the function being called. + +If libffi is compiled with ASAN, then there will be a redzone inserted +after the alloca'd buffer which is marked as poisoned. This redzone +appears beyond the end of $sp upon entry to the called function. + +If the called function does anything to use this stack memory, ASAN will +notice that it's poisoned and report an error. + +This commit fixes the situation (on the architectures that I have access +to) disabling instrumentation for ffi_call_int; that means there will be +no alloca redzone left on the shadow-stack. +--- a/include/ffi_common.h ++++ b/include/ffi_common.h +@@ -83,6 +83,23 @@ char *alloca (); + #include <stdio.h> + #endif + ++#ifndef __SANITIZE_ADDRESS__ ++# ifdef __clang__ ++# if __has_feature(address_sanitizer) ++# define FFI_ASAN ++# endif ++# endif ++#endif ++#ifdef __SANITIZE_ADDRESS__ ++#define FFI_ASAN ++#endif ++ ++#ifdef FFI_ASAN ++#define FFI_ASAN_NO_SANITIZE __attribute__((no_sanitize_address)) ++#else ++#define FFI_ASAN_NO_SANITIZE ++#endif ++ + #ifdef FFI_DEBUG + NORETURN void ffi_assert(const char *expr, const char *file, int line); + void ffi_stop_here(void); +--- a/src/aarch64/ffi.c ++++ b/src/aarch64/ffi.c +@@ -645,7 +645,10 @@ extern void ffi_call_SYSV (struct call_context *context, void *frame, + void *closure) FFI_HIDDEN; + + /* Call a function with the provided arguments and capture the return +- value. */ ++ value. ++ n.b. ffi_call_SYSV will steal the alloca'd `stack` variable here for use ++ _as its own stack_ - so we need to compile this function without ASAN */ ++FFI_ASAN_NO_SANITIZE + static void + ffi_call_int (ffi_cif *cif, void (*fn)(void), void *orig_rvalue, + void **avalue, void *closure) +--- a/src/x86/ffi.c ++++ b/src/x86/ffi.c +@@ -270,6 +270,9 @@ extern void FFI_DECLARE_FASTCALL ffi_call_i386(struct call_frame *, char *) FFI_ + #if defined(_MSC_VER) + #pragma runtime_checks("s", off) + #endif ++/* n.b. ffi_call_unix64 will steal the alloca'd `stack` variable here for use ++ _as its own stack_ - so we need to compile this function without ASAN */ ++FFI_ASAN_NO_SANITIZE + static void + ffi_call_int (ffi_cif *cif, void (*fn)(void), void *rvalue, + void **avalue, void *closure) +--- a/src/x86/ffi64.c ++++ b/src/x86/ffi64.c +@@ -557,6 +557,9 @@ ffi_prep_cif_machdep (ffi_cif *cif) + return FFI_OK; + } + ++/* n.b. ffi_call_unix64 will steal the alloca'd `stack` variable here for use ++ _as its own stack_ - so we need to compile this function without ASAN */ ++FFI_ASAN_NO_SANITIZE + static void + ffi_call_int (ffi_cif *cif, void (*fn)(void), void *rvalue, + void **avalue, void *closure) + diff --git a/dev-libs/libffi/files/libffi-3.4.6-regenerate-autotools.patch b/dev-libs/libffi/files/libffi-3.4.6-regenerate-autotools.patch new file mode 100644 index 000000000000..81fe671f509c --- /dev/null +++ b/dev-libs/libffi/files/libffi-3.4.6-regenerate-autotools.patch @@ -0,0 +1,48 @@ +The arm64 patches we backported to 3.4.6 mean we need to autoreconf ourselves, +apply this patch to avoid needing to do it in the ebuild b/c of deps. +--- a/Makefile.in ++++ b/Makefile.in +@@ -330,8 +330,8 @@ am__define_uniq_tagged_files = \ + done | $(am__uniquify_input)` + DIST_SUBDIRS = include testsuite man doc + am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/fficonfig.h.in \ +- $(srcdir)/libffi.pc.in README.md compile config.guess \ +- config.sub depcomp install-sh ltmain.sh missing ++ $(srcdir)/libffi.pc.in ChangeLog README.md compile \ ++ config.guess config.sub depcomp install-sh ltmain.sh missing + DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + distdir = $(PACKAGE)-$(VERSION) + top_distdir = $(distdir) +--- a/fficonfig.h.in ++++ b/fficonfig.h.in +@@ -31,6 +31,9 @@ + /* Define to 1 if you have the <alloca.h> header file. */ + #undef HAVE_ALLOCA_H + ++/* Define if your compiler supports pointer authentication. */ ++#undef HAVE_ARM64E_PTRAUTH ++ + /* Define if your assembler supports .cfi_* directives. */ + #undef HAVE_AS_CFI_PSEUDO_OP + +@@ -71,9 +74,6 @@ + /* Define to 1 if you have the `memfd_create' function. */ + #undef HAVE_MEMFD_CREATE + +-/* Define if your compiler supports pointer authentication. */ +-#undef HAVE_PTRAUTH +- + /* Define if .eh_frame sections should be read-only. */ + #undef HAVE_RO_EH_FRAME + +--- a/testsuite/Makefile.in ++++ b/testsuite/Makefile.in +@@ -292,7 +292,7 @@ EXTRA_DEJAGNU_SITE_CONFIG = ../local.exp + CLEANFILES = *.exe core* *.log *.sum + EXTRA_DIST = config/default.exp emscripten/build.sh emscripten/conftest.py \ + emscripten/node-tests.sh emscripten/test.html emscripten/test_libffi.py \ +- emscripten/build-tests.sh lib/libffi.exp lib/target-libpath.exp \ ++ emscripten/build-tests.sh lib/libffi.exp lib/target-libpath.exp \ + lib/wrapper.exp libffi.bhaible/Makefile libffi.bhaible/README \ + libffi.bhaible/alignof.h libffi.bhaible/bhaible.exp libffi.bhaible/test-call.c \ + libffi.bhaible/test-callback.c libffi.bhaible/testcases.c libffi.call/align_mixed.c \ diff --git a/dev-libs/libffi/libffi-3.4.6-r2.ebuild b/dev-libs/libffi/libffi-3.4.6-r2.ebuild new file mode 100644 index 000000000000..bf85a9e552da --- /dev/null +++ b/dev-libs/libffi/libffi-3.4.6-r2.ebuild @@ -0,0 +1,94 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit multilib-minimal preserve-libs + +MY_PV=${PV/_rc/-rc} +MY_P=${PN}-${MY_PV} + +DESCRIPTION="Portable, high level programming interface to various calling conventions" +HOMEPAGE="https://sourceware.org/libffi/"; + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/libffi/libffi"; + inherit git-r3 +else + SRC_URI="https://github.com/libffi/libffi/releases/download/v${MY_PV}/${MY_P}.tar.gz"; + + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris" +fi + +S="${WORKDIR}"/${MY_P} + +LICENSE="MIT" +# This is a core package which is depended on by e.g. Python. +# Please use preserve-libs.eclass in pkg_{pre,post}inst to cover users +# with FEATURES="-preserved-libs" or another package manager if SONAME changes. +SLOT="0/8" # SONAME=libffi.so.8 +IUSE="debug exec-static-trampoline pax-kernel static-libs test" + +RESTRICT="!test? ( test )" +BDEPEND="test? ( dev-util/dejagnu )" + +PATCHES=( + "${FILESDIR}"/${P}-arm64-bti.patch + "${FILESDIR}"/${P}-arm64-bti-spelling.patch + "${FILESDIR}"/${P}-arm64-support-pac.patch + "${FILESDIR}"/${P}-arm64-fix-build.patch + "${FILESDIR}"/${P}-sparc-struct-targs.patch + "${FILESDIR}"/${P}-test-typo.patch + "${FILESDIR}"/${P}-x86-sse.patch + "${FILESDIR}"/${P}-arm64-cfi.patch + "${FILESDIR}"/${P}-asan.patch + "${FILESDIR}"/${P}-regenerate-autotools.patch +) + +src_prepare() { + default + + if [[ ${CHOST} == arm64-*-darwin* ]] ; then + # ensure we use aarch64 asm, not x86 on arm64 + sed -i -e 's/aarch64\*-\*-\*/arm64*-*-*|&/' \ + configure configure.host || die + fi +} + +multilib_src_configure() { + # --includedir= path maintains a few properties: + # 1. have stable name across libffi versions: some packages like + # dev-lang/ghc or kde-frameworks/networkmanager-qt embed + # ${includedir} at build-time. Don't require those to be + # rebuilt unless SONAME changes. bug #695788 + # + # We use /usr/.../${PN} (instead of former /usr/.../${P}). + # + # 2. have ${ABI}-specific location as ffi.h is target-dependent. + # + # We use /usr/$(get_libdir)/... to have ABI identifier. + ECONF_SOURCE="${S}" econf \ + --includedir="${EPREFIX}"/usr/$(get_libdir)/${PN}/include \ + --disable-multi-os-directory \ + $(use_enable static-libs static) \ + $(use_enable exec-static-trampoline exec-static-tramp) \ + $(use_enable pax-kernel pax_emutramp) \ + $(use_enable debug) +} + +multilib_src_test() { + emake -Onone check +} + +multilib_src_install_all() { + einstalldocs + find "${ED}" -name "*.la" -delete || die +} + +pkg_preinst() { + preserve_old_lib /usr/$(get_libdir)/libffi.so.7 +} + +pkg_postinst() { + preserve_old_lib_notify /usr/$(get_libdir)/libffi.so.7 +}
