Skip to content

Commit

Permalink
Rollup merge of rust-lang#134760 - jieyouxu:enable-branch-protection-…
Browse files Browse the repository at this point in the history
…check-IBT, r=lqd

Migrate `branch-protection-check-IBT` to rmake.rs

- The Makefile version *never* ran because of Makefile syntax confusion because `ifeq ($(filter x86,$(LLVM_COMPONENTS)),x86_64)` [compares `x86` to `x86_64`, which always evaluates to false](rust-lang#126720 (comment)).
- The test would've always failed because precompiled std is not built with `-Z cf-protection=branch`, but linkers require all input object files to indicate IBT support in order to enable IBT for the executable, which is not the case for std.
- Thus, the test input file is instead changed to a `no_std` program.
- The test is currently limited to only `x86_64-unknown-linux-gnu` host, there are various other problems when the test is cross-compiled that I didn't want to fix atm, and is left as an exercise for the `-Z cf-protection` implementers.

The GNU property note was added by rust-lang#110304 in order to address rust-lang#103001.

Partially supersedes rust-lang#129156.
The rmake.rs port was initially authored by `@Rejyr` in rust-lang#126720.
This PR is co-authored with `@Oneirical` and `@Rejyr.`

r? `@bjorn3` or reroll

try-job: x86_64-mingw-1
try-job: x86_64-mingw-2
try-job: x86_64-msvc
try-job: x86_64-apple-1
try-job: x86_64-apple-2
  • Loading branch information
Zalathar authored Dec 28, 2024
2 parents 3e3db73 + b32591e commit dd03fba
Show file tree
Hide file tree
Showing 5 changed files with 58 additions and 54 deletions.
1 change: 0 additions & 1 deletion src/tools/tidy/src/allowed_run_make_makefiles.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
run-make/branch-protection-check-IBT/Makefile
run-make/cat-and-grep-sanity-check/Makefile
run-make/extern-fn-reachable/Makefile
run-make/jobserver-error/Makefile
Expand Down
21 changes: 0 additions & 21 deletions tests/run-make/branch-protection-check-IBT/Makefile

This file was deleted.

29 changes: 0 additions & 29 deletions tests/run-make/branch-protection-check-IBT/_rmake.rs

This file was deleted.

8 changes: 5 additions & 3 deletions tests/run-make/branch-protection-check-IBT/main.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
fn main() {
println!("hello world");
}
#![feature(no_core)]
#![allow(internal_features)]
#![no_core]
#![no_std]
#![no_main]
53 changes: 53 additions & 0 deletions tests/run-make/branch-protection-check-IBT/rmake.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
// ignore-tidy-linelength
//! A basic smoke test to check for GNU Property Note to see that for `x86_64` targets when [`-Z
//! cf-protection=branch`][intel-cet-tracking-issue] is requested, that the
//!
//! ```text
//! NT_GNU_PROPERTY_TYPE_0 Properties: x86 feature: IBT
//! ```
//!
//! Intel Indirect Branch Tracking (IBT) property is emitted. This was generated in
//! <https://github.com/rust-lang/rust/pull/110304> in order to address
//! <https://github.com/rust-lang/rust/issues/103001>.
//!
//! Note that the precompiled std currently is not compiled with `-Z cf-protection=branch`!
//!
//! In particular, it is expected that:
//!
//! > IBT to only be enabled for the process if `.note.gnu.property` indicates that the executable
//! > was compiled with IBT support and the linker to only tell that IBT is supported if all input
//! > object files indicate that they support IBT, which in turn requires the standard library to be
//! > compiled with IBT enabled.
//!
//! Note that Intel IBT (Indirect Branch Tracking) is not to be confused with Arm's BTI (Branch
//! Target Identification). See below for link to Intel IBT docs.
//!
//! ## Related links
//!
//! - [Tracking Issue for Intel Control Enforcement Technology (CET)][intel-cet-tracking-issue]
//! - Zulip question about this test:
//! <https://rust-lang.zulipchat.com/#narrow/channel/182449-t-compiler.2Fhelp/topic/.E2.9C.94.20Branch.20protection.20and.20.60.2Enote.2Egnu.2Eproperty.60>
//! - Intel IBT docs:
//! <https://edc.intel.com/content/www/us/en/design/ipla/software-development-platforms/client/platforms/alder-lake-desktop/12th-generation-intel-core-processors-datasheet-volume-1-of-2/006/indirect-branch-tracking/>
//!
//! [intel-cet-tracking-issue]: https://github.com/rust-lang/rust/issues/93754
//@ needs-llvm-components: x86

// FIXME(#93754): increase the test coverage of this test.
//@ only-x86_64-unknown-linux-gnu
//@ ignore-cross-compile

use run_make_support::{bare_rustc, llvm_readobj};

fn main() {
// `main.rs` is `#![no_std]` to not pull in the currently not-compiled-with-IBT precompiled std.
bare_rustc()
.input("main.rs")
.target("x86_64-unknown-linux-gnu")
.arg("-Zcf-protection=branch")
.arg("-Clink-args=-nostartfiles")
.run();

llvm_readobj().arg("-nW").input("main").run().assert_stdout_contains(".note.gnu.property");
}

0 comments on commit dd03fba

Please sign in to comment.