From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on starla X-Spam-Level: X-Spam-Status: No, score=-1.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,MAILING_LIST_MULTI,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 Received: from nue.mailmanlists.eu (nue.mailmanlists.eu [94.130.110.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 259EE1F451 for ; Fri, 5 Jan 2024 21:28:05 +0000 (UTC) Authentication-Results: dcvr.yhbt.net; dkim=pass (1024-bit key; secure) header.d=ml.ruby-lang.org header.i=@ml.ruby-lang.org header.a=rsa-sha256 header.s=mail header.b=E7v8/HSC; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ruby-lang.org header.i=@ruby-lang.org header.a=rsa-sha256 header.s=s1 header.b=OgpyOPEh; dkim-atps=neutral Received: from nue.mailmanlists.eu (localhost [127.0.0.1]) by nue.mailmanlists.eu (Postfix) with ESMTP id C3D5481B6C; Fri, 5 Jan 2024 21:27:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ml.ruby-lang.org; s=mail; t=1704490077; bh=8oJ8Mqluk4DqLA4IyCQa+5XqrkDTfDXVDVvwwV9reAg=; h=Date:References:To:Reply-To:Subject:List-Id:List-Archive: List-Help:List-Owner:List-Post:List-Subscribe:List-Unsubscribe: From:Cc:From; b=E7v8/HSCzKOAkfjaoQQWN8PgwRN5eFglEx0nzRz0wDKoEH8Z2km1REu888DLzCh4E e6vA2K/5LZm9m9ko2EUeDVJ8wIG4sAkMQwPfoPGAJM0P3QniCmX2b2Kjcn5oPAqdz6 Nj2NNjIsUz+zjiK3d2/1cEJjqL4F+n4TWaPGpB+E= Received: from wrqvtvvn.outbound-mail.sendgrid.net (wrqvtvvn.outbound-mail.sendgrid.net [149.72.120.130]) by nue.mailmanlists.eu (Postfix) with ESMTPS id 9C20681B6A for ; Fri, 5 Jan 2024 21:27:54 +0000 (UTC) Authentication-Results: nue.mailmanlists.eu; dkim=pass (2048-bit key; unprotected) header.d=ruby-lang.org header.i=@ruby-lang.org header.a=rsa-sha256 header.s=s1 header.b=OgpyOPEh; dkim-atps=neutral DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ruby-lang.org; h=from:references:subject:mime-version:content-type: content-transfer-encoding:list-id:to:cc:content-type:from:subject:to; s=s1; bh=WNKr5QfZHn1T7wC6moufCtkWB9HVubCYXRMcN3EPBXk=; b=OgpyOPEh+sv9jIHAdKZTXWOP/OPwrCTSkRmLqMwrNU4BkfsBi6TB15MXZ+4XGdMknlw6 OWdSCEefRj9YrVh+yqCOiE6eJBhk4MZe82qOiMn1yOTyNkbYPvNhD6YdLwl+O3ZtsSBp38 zwLAOhpMuk53VLqhEqsLPugjWsD/qMbIR1byMUj1kvRSscSjqZaWyxonEQd9cWXQcTNGey JOyb4MfZ/AV+g49rBvHg2Fur0q8u77hsLFzAXFQ2p+MaYhbj2WJBvkOsnCZ+oqnE9zDmht Pk1ok/kNwobXIPF5uiOiNx/OCV8szxPGMT6oIocKNh6nS0CjsVC+YgTyWb7gSdmg== Received: by filterdrecv-5bbdbb56cd-khxc7 with SMTP id filterdrecv-5bbdbb56cd-khxc7-1-65987459-18 2024-01-05 21:27:53.329212829 +0000 UTC m=+2179480.744511519 Received: from herokuapp.com (unknown) by geopod-ismtpd-14 (SG) with ESMTP id Mq0P2XBuQe24OetDFvYVRQ for ; Fri, 05 Jan 2024 21:27:53.281 +0000 (UTC) Date: Fri, 05 Jan 2024 21:27:53 +0000 (UTC) Message-ID: References: Mime-Version: 1.0 X-Redmine-Project: ruby-master X-Redmine-Issue-Tracker: Bug X-Redmine-Issue-Id: 20154 X-Redmine-Issue-Author: jprokop X-Redmine-Sender: jprokop X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-Redmine-MailingListIntegration-Message-Ids: 92602 X-SG-EID: =?us-ascii?Q?H46QOCwvUFDCSn1o93vkQf9On+EJgqdRglU6HFpNlmI8frpujmTYVnZabSPGoU?= =?us-ascii?Q?lDQV40KcZWXb9RAQvCkIsuKE+tb1ZdRBGPvmO6r?= =?us-ascii?Q?aYyKn+TbMGErP+AcFTe+UO9S9sd58WRCRHBrLzh?= =?us-ascii?Q?PXPNKekWEXnZz+0xgqV0VvQ=2FkVk27wUWIKG6nEU?= =?us-ascii?Q?oodi6wwci7tm6nSb5vpXI28+khSglMvU8yz6wMK?= =?us-ascii?Q?j+RuxPhi09GT38JjnVeJ4qrooqI+KSLYqITKH7O?= =?us-ascii?Q?shfOhpTf6IEcalHBYHBAQ=3D=3D?= To: ruby-core@ml.ruby-lang.org X-Entity-ID: b/2+PoftWZ6GuOu3b0IycA== Message-ID-Hash: ZUQOP5FSK774BAAUTU2BM6DJYEGF753Y X-Message-ID-Hash: ZUQOP5FSK774BAAUTU2BM6DJYEGF753Y X-MailFrom: bounces+313651-b711-ruby-core=ml.ruby-lang.org@em5188.ruby-lang.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.3 Precedence: list Reply-To: Ruby developers Subject: [ruby-core:116040] [Ruby master Bug#20154] aarch64: configure overrides `-mbranch-protection` if it was set in CFLAGS via environment List-Id: Ruby developers Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: "jprokop (Jarek Prokop) via ruby-core" Cc: "jprokop (Jarek Prokop)" Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Issue #20154 has been updated by jprokop (Jarek Prokop). ruby -v set to ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [aarch64-linux] I have looked at other aspects of the options and inspected the assembly outputted with -mbranch-protection={standard,pac-ret} in Fedora PR's workaround https://src.fedoraproject.org/rpms/ruby/pull-request/167 ---------------------------------------- Bug #20154: aarch64: configure overrides `-mbranch-protection` if it was set in CFLAGS via environment https://bugs.ruby-lang.org/issues/20154#change-106038 * Author: jprokop (Jarek Prokop) * Status: Open * Priority: Normal * ruby -v: ruby 3.3.0 (2023-12-25 revision 5124f9ac75) [aarch64-linux] * Backport: 3.0: UNKNOWN, 3.1: UNKNOWN, 3.2: UNKNOWN, 3.3: UNKNOWN ---------------------------------------- Recently a GH PR was merged For PAC/BTI support on ARM CPUs for Coroutine.S. Without proper compilation support in configure.ac it segfaults Ruby with fibers on CPUs where PAC is supported: https://bugs.ruby-lang.org/issues/20085 At the time of writing, configure.ac appends the first option from a list for flag `-mbranch-protection` that successfully compiles a program , to XCFLAGS and now also ASFLAGS to fix issue 20085 for Ruby master. This is suboptimal for Fedora as we set -mbranch-protection=standard by default in C{,XX}FLAGS: ``` CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Werror=implicit-function-declaration -Werror=implicit-int -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer ' export CFLAGS CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -mbranch-protection=standard -fasynchronous-unwind-tables -fstack-clash-protection -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer' export CXXFLAGS ``` And the appended flag overrides distribution's compilation configuration, which in this case ends up omitting BTI instructions and only using PAC. Would it make sense to check if such flags exist and not overwrite them if they do? Serious proposals: 1. Simplest fix that does not overwrite what is set in the distribution and results in higher security is simply prepending the list of options with `-mbranch-protection=standard`, it should cause no problems on ARMv8 CPUs and forward, BTI similarly to PAC instructions result into NOP, it is only extending the capability. See attached 0001-aarch64-Check-mbranch-protection-standard-first-to-u.patch 2. Other fix that sounds more sane IMO and dodges this kind of guessing where are all the correct places for the flag is what another Fedora contributor Florian Weimer suggested: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/CVTNF2OQCL3XZHUUFNYMDK6ZEF2SWUEN/ "The reliable way to do this would be to compile a C file and check whether that enables __ARM_FEATURE_PAC_DEFAULT, and if that's the case, define a *different* macro for use in the assembler implementation. This way, you don't need to care about the exact name of the option." IOW instead of using __ARM_FEATURE_* directly in that code, define a macro in the style of "USE_PAC" with value of the feature if it is defined, I think that way we shouldn't need to append ASFLAGS anymore. However it's also important to catch the value of those macros as their values have meaning, I have an idea how to do that but I'd get on that monday earliest. ---Files-------------------------------- 0001-aarch64-Check-mbranch-protection-standard-first-to-u.patch (1004 Bytes) -- https://bugs.ruby-lang.org/ ______________________________________________ ruby-core mailing list -- ruby-core@ml.ruby-lang.org To unsubscribe send an email to ruby-core-leave@ml.ruby-lang.org ruby-core info -- https://ml.ruby-lang.org/mailman3/postorius/lists/ruby-core.ml.ruby-lang.org/