Backport a patch from upstream that enables BTI on aarch64

Related: RHEL-50092
This commit is contained in:
Jakub Martisko 2024-07-23 11:02:00 +02:00
parent 823bc78a50
commit 1c20e3e4d2
2 changed files with 75 additions and 1 deletions

67
bti.patch Normal file
View File

@ -0,0 +1,67 @@
From a88781954a875c4f00883eba6a8c5d172c4f5c17 Mon Sep 17 00:00:00 2001
From: Nick Terrell <terrelln@fb.com>
Date: Wed, 13 Mar 2024 09:58:34 -0700
Subject: [PATCH] [asm][aarch64] Mark that BTI and PAC are supported
Mark that `huf_decompress_amd64.S` supports BTI and PAC, which it trivially does because it is empty for aarch64.
The issue only requested BTI markings, but it also makes sense to mark PAC, which is the only other feature.
Also run add a test for this mode to the ARM64 QEMU test. Before this PR it warns on `huf_decompress_amd64.S`, after it doesn't.
Fixes Issue #3841.
---
.github/workflows/dev-short-tests.yml | 1 +
lib/decompress/huf_decompress_amd64.S | 23 ++++++++++++++++++++++-
2 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/dev-short-tests.yml b/.github/workflows/dev-short-tests.yml
index b2aaff89cf7..5324b38d9ac 100644
--- a/.github/workflows/dev-short-tests.yml
+++ b/.github/workflows/dev-short-tests.yml
@@ -409,6 +409,7 @@ jobs:
- name: ARM64
if: ${{ matrix.name == 'ARM64' }}
run: |
+ LDFLAGS="-static -z force-bti" MOREFLAGS="-mbranch-protection=standard" CC=$XCC QEMU_SYS=$XEMU make clean check
LDFLAGS="-static" CC=$XCC QEMU_SYS=$XEMU make clean check
- name: PPC
if: ${{ matrix.name == 'PPC' }}
diff --git a/lib/decompress/huf_decompress_amd64.S b/lib/decompress/huf_decompress_amd64.S
index 3b96b44612f..78da291ee3c 100644
--- a/lib/decompress/huf_decompress_amd64.S
+++ b/lib/decompress/huf_decompress_amd64.S
@@ -10,11 +10,32 @@
#include "../common/portability_macros.h"
+#if defined(__ELF__) && defined(__GNUC__)
/* Stack marking
* ref: https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
*/
-#if defined(__ELF__) && defined(__GNUC__)
.section .note.GNU-stack,"",%progbits
+
+#if defined(__aarch64__)
+/* Mark that this assembly supports BTI & PAC, because it is empty for aarch64.
+ * See: https://github.com/facebook/zstd/issues/3841
+ * See: https://gcc.godbolt.org/z/sqr5T4ffK
+ * See: https://lore.kernel.org/linux-arm-kernel/20200429211641.9279-8-broonie@kernel.org/
+ * See: https://reviews.llvm.org/D62609
+ */
+.pushsection .note.gnu.property, "a"
+.p2align 3
+.long 4 /* size of the name - "GNU\0" */
+.long 0x10 /* size of descriptor */
+.long 0x5 /* NT_GNU_PROPERTY_TYPE_0 */
+.asciz "GNU"
+.long 0xc0000000 /* pr_type - GNU_PROPERTY_AARCH64_FEATURE_1_AND */
+.long 4 /* pr_datasz - 4 bytes */
+.long 3 /* pr_data - GNU_PROPERTY_AARCH64_FEATURE_1_BTI | GNU_PROPERTY_AARCH64_FEATURE_1_PAC */
+.p2align 3 /* pr_padding - bring everything to 8 byte alignment */
+.popsection
+#endif
+
#endif
#if ZSTD_ENABLE_ASM_X86_64_BMI2

View File

@ -18,7 +18,7 @@
Name: zstd Name: zstd
Version: 1.5.5 Version: 1.5.5
Release: 7%{?dist} Release: 8%{?dist}
Summary: Zstd compression library Summary: Zstd compression library
License: BSD-3-Clause AND GPL-2.0-only License: BSD-3-Clause AND GPL-2.0-only
@ -26,6 +26,7 @@ URL: https://github.com/facebook/zstd
Source0: https://github.com/facebook/zstd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source0: https://github.com/facebook/zstd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Patch1: pzstd.1.patch Patch1: pzstd.1.patch
Patch2: bti.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc %{?with_gtest:gtest-devel} BuildRequires: gcc %{?with_gtest:gtest-devel}
@ -74,6 +75,8 @@ find -name .gitignore -delete
%patch1 -p1 %patch1 -p1
%endif %endif
%patch2 -p1
%build %build
export CFLAGS="$RPM_OPT_FLAGS" export CFLAGS="$RPM_OPT_FLAGS"
export LDFLAGS="$RPM_LD_FLAGS" export LDFLAGS="$RPM_LD_FLAGS"
@ -140,6 +143,10 @@ install -D -m644 programs/%{name}.1 %{buildroot}%{_mandir}/man1/p%{name}.1
%ldconfig_scriptlets -n lib%{name} %ldconfig_scriptlets -n lib%{name}
%changelog %changelog
* Tue Jul 23 2024 Jakub Martisko <jamartis@redhat.com> - 1.5.5-8
- Backport the patch that enables BTI on aarch64
Related: RHEL-50092
* Mon Jul 22 2024 Jakub Martisko <jamartis@redhat.com> - 1.5.5-7 * Mon Jul 22 2024 Jakub Martisko <jamartis@redhat.com> - 1.5.5-7
- Add the gating test from rhel-9 - Add the gating test from rhel-9
Related: RHEL-50092 Related: RHEL-50092