V2 [PATCH 4/4] i386: Add _CET_ENDBR to indirect jump targets

H.J. Lu hjl.tools at gmail.com
Sun Jan 19 15:40:25 CET 2020


* mpi/i386/mpih-add1.S (_gcry_mpih_add_n): Save and restore
%ebx if IBT is enabed.  Add _CET_ENDBR to indirect jump targets
and adjust jump destination for _CET_ENDBR.
* mpi/i386/mpih-sub1.S (_gcry_mpih_sub_n): Likewise.
--

i386 mpih-add1.S and mpih-sub1.S use a trick to implment jump tables
with LEA.  We can't use conditional branches nor normal jump tables
since jump table entries use EFLAGS set by jump table index.  This
patch adds _CET_ENDBR to indirect jump targets and adjust destination
for _CET_ENDBR.

Signed-off-by: H.J. Lu <hjl.tools at gmail.com>
---
 mpi/i386/mpih-add1.S | 37 +++++++++++++++++++++++++++++++++++++
 mpi/i386/mpih-sub1.S | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+)

diff --git a/mpi/i386/mpih-add1.S b/mpi/i386/mpih-add1.S
index 32091f34..2f1ae931 100644
--- a/mpi/i386/mpih-add1.S
+++ b/mpi/i386/mpih-add1.S
@@ -55,6 +55,11 @@ C_SYMBOL_NAME(_gcry_mpih_add_n:)
 	movl 20(%esp),%edx		/* s2_ptr */
 	movl 24(%esp),%ecx		/* size */
 
+#if defined __CET__ && (__CET__ & 1) != 0
+	pushl	%ebx
+	CFI_PUSH(%ebx)
+#endif
+
 	movl	%ecx,%eax
 	shrl	$3,%ecx 		/* compute count for unrolled loop */
 	negl	%eax
@@ -66,6 +71,9 @@ C_SYMBOL_NAME(_gcry_mpih_add_n:)
 	subl	%eax,%esi		/* ... by a constant when we ... */
 	subl	%eax,%edx		/* ... enter the loop */
 	shrl	$2,%eax 		/* restore previous value */
+#if defined __CET__ && (__CET__ & 1) != 0
+	leal	-4(,%eax,4),%ebx	/* Count for 4-byte endbr32 */
+#endif
 #ifdef PIC
 /* Calculate start address in loop for PIC.  Due to limitations in some
    assemblers, Loop-L0-3 cannot be put into the leal */
@@ -77,30 +85,54 @@ L0:	leal	(%eax,%eax,8),%eax
 #else
 /* Calculate start address in loop for non-PIC.  */
 	leal	(Loop - 3)(%eax,%eax,8),%eax
+#endif
+#if defined __CET__ && (__CET__ & 1) != 0
+	addl	%ebx,%eax		/* Adjust for endbr32 */
 #endif
 	jmp	*%eax			/* jump into loop */
 	ALIGN (3)
 Loop:	movl	(%esi),%eax
 	adcl	(%edx),%eax
 	movl	%eax,(%edi)
+#ifdef _CET_ENDBR
+	_CET_ENDBR
+#endif
 	movl	4(%esi),%eax
 	adcl	4(%edx),%eax
 	movl	%eax,4(%edi)
+#ifdef _CET_ENDBR
+	_CET_ENDBR
+#endif
 	movl	8(%esi),%eax
 	adcl	8(%edx),%eax
 	movl	%eax,8(%edi)
+#ifdef _CET_ENDBR
+	_CET_ENDBR
+#endif
 	movl	12(%esi),%eax
 	adcl	12(%edx),%eax
 	movl	%eax,12(%edi)
+#ifdef _CET_ENDBR
+	_CET_ENDBR
+#endif
 	movl	16(%esi),%eax
 	adcl	16(%edx),%eax
 	movl	%eax,16(%edi)
+#ifdef _CET_ENDBR
+	_CET_ENDBR
+#endif
 	movl	20(%esi),%eax
 	adcl	20(%edx),%eax
 	movl	%eax,20(%edi)
+#ifdef _CET_ENDBR
+	_CET_ENDBR
+#endif
 	movl	24(%esi),%eax
 	adcl	24(%edx),%eax
 	movl	%eax,24(%edi)
+#ifdef _CET_ENDBR
+	_CET_ENDBR
+#endif
 	movl	28(%esi),%eax
 	adcl	28(%edx),%eax
 	movl	%eax,28(%edi)
@@ -113,6 +145,11 @@ Loop:	movl	(%esi),%eax
 	sbbl	%eax,%eax
 	negl	%eax
 
+#if defined __CET__ && (__CET__ & 1) != 0
+	popl	%ebx
+	CFI_POP(%ebx)
+#endif
+
 	popl %esi
 	CFI_POP(%esi)
 	popl %edi
diff --git a/mpi/i386/mpih-sub1.S b/mpi/i386/mpih-sub1.S
index 501c4a9f..01e977e5 100644
--- a/mpi/i386/mpih-sub1.S
+++ b/mpi/i386/mpih-sub1.S
@@ -56,6 +56,11 @@ C_SYMBOL_NAME(_gcry_mpih_sub_n:)
 	movl 20(%esp),%edx		/* s2_ptr */
 	movl 24(%esp),%ecx		/* size */
 
+#if defined __CET__ && (__CET__ & 1) != 0
+	pushl	%ebx
+	CFI_PUSH(%ebx)
+#endif
+
 	movl	%ecx,%eax
 	shrl	$3,%ecx 		/* compute count for unrolled loop */
 	negl	%eax
@@ -67,6 +72,9 @@ C_SYMBOL_NAME(_gcry_mpih_sub_n:)
 	subl	%eax,%esi		/* ... by a constant when we ... */
 	subl	%eax,%edx		/* ... enter the loop */
 	shrl	$2,%eax 		/* restore previous value */
+#if defined __CET__ && (__CET__ & 1) != 0
+	leal	-4(,%eax,4),%ebx	/* Count for 4-byte endbr32 */
+#endif
 #ifdef PIC
 /* Calculate start address in loop for PIC.  Due to limitations in some
    assemblers, Loop-L0-3 cannot be put into the leal */
@@ -78,30 +86,54 @@ L0:	leal	(%eax,%eax,8),%eax
 #else
 /* Calculate start address in loop for non-PIC.  */
 	leal	(Loop - 3)(%eax,%eax,8),%eax
+#endif
+#if defined __CET__ && (__CET__ & 1) != 0
+	addl	%ebx,%eax		/* Adjust for endbr32 */
 #endif
 	jmp	*%eax			/* jump into loop */
 	ALIGN (3)
 Loop:	movl	(%esi),%eax
 	sbbl	(%edx),%eax
 	movl	%eax,(%edi)
+#ifdef _CET_ENDBR
+	_CET_ENDBR
+#endif
 	movl	4(%esi),%eax
 	sbbl	4(%edx),%eax
 	movl	%eax,4(%edi)
+#ifdef _CET_ENDBR
+	_CET_ENDBR
+#endif
 	movl	8(%esi),%eax
 	sbbl	8(%edx),%eax
 	movl	%eax,8(%edi)
+#ifdef _CET_ENDBR
+	_CET_ENDBR
+#endif
 	movl	12(%esi),%eax
 	sbbl	12(%edx),%eax
 	movl	%eax,12(%edi)
+#ifdef _CET_ENDBR
+	_CET_ENDBR
+#endif
 	movl	16(%esi),%eax
 	sbbl	16(%edx),%eax
 	movl	%eax,16(%edi)
+#ifdef _CET_ENDBR
+	_CET_ENDBR
+#endif
 	movl	20(%esi),%eax
 	sbbl	20(%edx),%eax
 	movl	%eax,20(%edi)
+#ifdef _CET_ENDBR
+	_CET_ENDBR
+#endif
 	movl	24(%esi),%eax
 	sbbl	24(%edx),%eax
 	movl	%eax,24(%edi)
+#ifdef _CET_ENDBR
+	_CET_ENDBR
+#endif
 	movl	28(%esi),%eax
 	sbbl	28(%edx),%eax
 	movl	%eax,28(%edi)
@@ -114,6 +146,11 @@ Loop:	movl	(%esi),%eax
 	sbbl	%eax,%eax
 	negl	%eax
 
+#if defined __CET__ && (__CET__ & 1) != 0
+	popl	%ebx
+	CFI_POP(%ebx)
+#endif
+
 	popl %esi
 	CFI_POP(%esi)
 	popl %edi
-- 
2.24.1




More information about the Gcrypt-devel mailing list