Re: [Mingw-w64-public] [PATCH] crt: Always include load config in mingwex."

Sun, 02 Mar 2025 12:33:11 -0800 

On 2.03.2025 10:14, Alvin Wong wrote:

On 1/3/2025 20:25, Jacek Caban wrote:
This is mandatory on ARM64EC and also required on AArch64 for ARM64X builds. Instead of extending the existing logic, unify it by always including it in mingwex. 


In practice, this means load config will always be present in output 
images when using

LLD. Since ld.bfd does not support load config, it remains unaffected.
---
  mingw-w64-crt/Makefile.am                                  | 7 +------
  mingw-w64-crt/configure.ac                                 | 4 +---
  .../{cfguard/mingw_cfguard_loadcfg.S => crt/loadcfg.S} | 0
  3 files changed, 2 insertions(+), 9 deletions(-)

  rename mingw-w64-crt/{cfguard/mingw_cfguard_loadcfg.S => 
crt/loadcfg.S} (100%)


diff --git a/mingw-w64-crt/Makefile.am b/mingw-w64-crt/Makefile.am
index 423e233ac..baf65badd 100644
--- a/mingw-w64-crt/Makefile.am
+++ b/mingw-w64-crt/Makefile.am
@@ -928,6 +928,7 @@ src_msvcr120_app=\
    # These mingwex sources are target independent:
  src_libmingwex=\
+  crt/loadcfg.S \
    cfguard/mingw_cfguard_support.c \
    \
    misc/dllmain.c \
@@ -1015,12 +1016,6 @@ src_libmingwex=\
    stdio/vsnprintf.c        stdio/vsnwprintf.c \

    stdio/wtoll.c            stdio/mingw_asprintf.c 
stdio/mingw_vasprintf.c
  -# Include the default load config struct only for Control Flow 
Guard support.

-if CFGUARD
-src_libmingwex+=\
-  cfguard/mingw_cfguard_loadcfg.S
-endif
-
  # these go into both 32 and 64 bit x86 versions:
  src_libmingwex_x86=\

    math/cbrtl.c              math/erfl.c math/fdiml.c              
math/fmal.c math/fmaxl.c              \

diff --git a/mingw-w64-crt/configure.ac b/mingw-w64-crt/configure.ac
index 37851f605..03aa705d7 100644
--- a/mingw-w64-crt/configure.ac
+++ b/mingw-w64-crt/configure.ac
@@ -273,10 +273,8 @@ AC_ARG_ENABLE([cfguard],
  AC_MSG_RESULT([$enable_cfguard])
  AS_CASE([$enable_cfguard],
    [no],[],
-  [yes],[AS_VAR_SET([CFGUARD])
-     AS_VAR_SET([CFGUARD_CFLAGS],[-mguard=cf])],
+  [yes],[AS_VAR_SET([CFGUARD_CFLAGS],[-mguard=cf])],
    [AC_MSG_ERROR([invalid argument.  Must be either yes or no.])])
-AM_CONDITIONAL([CFGUARD], [AS_VAR_TEST_SET([CFGUARD])])
  AC_SUBST([CFGUARD_CFLAGS])
    AC_MSG_CHECKING([whether to enable experimental features])

diff --git a/mingw-w64-crt/cfguard/mingw_cfguard_loadcfg.S 
b/mingw-w64-crt/crt/loadcfg.S

similarity index 100%
rename from mingw-w64-crt/cfguard/mingw_cfguard_loadcfg.S
rename to mingw-w64-crt/crt/loadcfg.S



I am concerned that `loadcfg.S` currently always embed the symbols 
related to control flow guard (`__guard_check_icall_fptr`, 
`__guard_fids_table`, `__guard_flags`, etc.). In my opinion they 
should not be included in the load config if mingw-w64 itself isn't 
compiled with CFGuard, i.e. the fields should be hardcoded to 0 to 
reflect that.



The reason for this is that LLD has extra checks to make sure these 
CFGuard-related fields are filled up with the correct symbols when 
linking with CFGuard enabled. This gives users a warning as an 
indication that their mingw-w64 has not been compiled with CFGuard. I 
believe it is beneficial to keep this warning functional. 




I think both the current approach of lacking load config and the 
proposed solution are fragile. Instead of relying on unrelated linker 
warnings, if such a warning is necessary, it should be implemented 
properly, with a clear message that users can understand without needing 
to dive into mingw-w64 specifics.



I’ve attached a possible solution on the LLD side. In its current form, 
it would warn on recent CFGuard-enabled mingw-w64 due to the missing 
@feat.00 flag, but it's just an example of a potential approach.


Anyway, I’ve sent v2 with your proposed changes. Thanks for the reviews.


Jacek

From b6d7e2f219d25b8c1b3253ef34feb388bc8bba11 Mon Sep 17 00:00:00 2001
From: Jacek Caban <ja...@codeweavers.com>
Date: Sun, 2 Mar 2025 19:52:31 +0100
Subject: [PATCH] [LLD][COFF] Warn if CF Guard is enabled but unsupported by
 the runtime library

---
 lld/COFF/Writer.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lld/COFF/Writer.cpp b/lld/COFF/Writer.cpp
index a8148446a265..a10f9cd379a0 100644
--- a/lld/COFF/Writer.cpp
+++ b/lld/COFF/Writer.cpp
@@ -2902,6 +2902,10 @@ void Writer::prepareLoadConfig(SymbolTable &symtab, T 
*loadConfig) {
 
   if (ctx.config.guardCF == GuardCFLevel::Off)
     return;
+
+  if (!symtab.loadConfigSym->getChunk()->file->hasGuardCF())
+      Warn(ctx) << "CF Guard is enabled but not supported by the runtime 
library";
+
   RETURN_IF_NOT_CONTAINS(GuardFlags)
   CHECK_VA(GuardCFFunctionTable, "__guard_fids_table")
   CHECK_ABSOLUTE(GuardCFFunctionCount, "__guard_fids_count")
-- 
2.45.3


_______________________________________________
Mingw-w64-public mailing list
Mingw-w64-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mingw-w64-public






















					Reply via email to