[PATCH 5/5] Add CET support for i386 assembly

[Jussi Kivilinna]

* cipher/asm-common-i386.h (ENDBRANCH): New.
(CFI_STARTPROC): Add ENDBRANCH.
[__CET__] (note.gnu.property): Add CET property section.
--

GnuPG-bug-id: 7220
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
 cipher/asm-common-i386.h | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/cipher/asm-common-i386.h b/cipher/asm-common-i386.h
index d746ebc4..346a8ff2 100644
--- a/cipher/asm-common-i386.h
+++ b/cipher/asm-common-i386.h
@@ -59,9 +59,15 @@
 	movl name##@GOT(%reg), %reg;
 #endif
 
+#ifdef __CET__
+#define ENDBRANCH endbr32
+#else
+#define ENDBRANCH /*_*/
+#endif
+
 #ifdef HAVE_GCC_ASM_CFI_DIRECTIVES
 /* CFI directives to emit DWARF stack unwinding information. */
-# define CFI_STARTPROC()            .cfi_startproc
+# define CFI_STARTPROC()            .cfi_startproc; ENDBRANCH
 # define CFI_ENDPROC()              .cfi_endproc
 # define CFI_REMEMBER_STATE()       .cfi_remember_state
 # define CFI_RESTORE_STATE()        .cfi_restore_state
@@ -121,7 +127,7 @@
 	    DW_SLEB128_28BIT(esp_offs)
 
 #else
-# define CFI_STARTPROC()
+# define CFI_STARTPROC() ENDBRANCH
 # define CFI_ENDPROC()
 # define CFI_REMEMBER_STATE()
 # define CFI_RESTORE_STATE()
@@ -158,4 +164,24 @@
 	vpopcntb xmm7, xmm7; /* Supported only by newer AVX512 CPUs. */ \
 	vpxord ymm7, ymm7, ymm7;
 
+#ifdef __CET__
+/* Generate CET property for all assembly files including this header. */
+ELF(.section .note.gnu.property,"a")
+ELF(.align 4)
+ELF(.long 1f - 0f)
+ELF(.long 4f - 1f)
+ELF(.long 5)
+ELF(0:)
+ELF(.byte 0x47, 0x4e, 0x55, 0) /* string "GNU" */
+ELF(1:)
+ELF(.align 4)
+ELF(.long 0xc0000002)
+ELF(.long 3f - 2f)
+ELF(2:)
+ELF(.long 0x3)
+ELF(3:)
+ELF(.align 4)
+ELF(4:)
+#endif
+
 #endif /* GCRY_ASM_COMMON_AMD64_H */
-- 
2.43.0