Skip to content

Commit

Permalink
Auto merge of rust-lang#134760 - jieyouxu:enable-branch-protection-ch…
Browse files Browse the repository at this point in the history
…eck-IBT, r=<try>

Migrate `branch-protection-check-IBT` to rmake.rs

- The Makefile version *never* ran because of Makefile syntax confusion because `ifeq ($(filter x86,$(LLVM_COMPONENTS)),x86_64)` [compares `x86` to `x86_64`, which always evaluates to false](rust-lang#126720 (comment)).
- The test would've always failed because precompiled std is not built with `-Z cf-protection=branch`, but linkers require all input object files to indicate IBT support in order to enable IBT for the executable, which is not the case for std.
- Thus, the test input file is instead changed to a `no_std` program.

The GNU property note was added by rust-lang#110304 in order to address rust-lang#103001.

Partially supersedes rust-lang#129156.
The rmake.rs port was initially authored by `@Rejyr` in rust-lang#126720.
This PR is co-authored with `@Oneirical` and `@Rejyr.`

r? `@bjorn3` or reroll

try-job: x86_64-msvc
try-job: x86_64-apple
  • Loading branch information
bors committed Dec 25, 2024
2 parents a0a5c42 + 5871cee commit e5bf8bf
Show file tree
Hide file tree
Showing 5 changed files with 64 additions and 53 deletions.
1 change: 0 additions & 1 deletion src/tools/tidy/src/allowed_run_make_makefiles.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
run-make/branch-protection-check-IBT/Makefile
run-make/cat-and-grep-sanity-check/Makefile
run-make/extern-fn-reachable/Makefile
run-make/incr-add-rust-src-component/Makefile
Expand Down
21 changes: 0 additions & 21 deletions tests/run-make/branch-protection-check-IBT/Makefile

This file was deleted.

29 changes: 0 additions & 29 deletions tests/run-make/branch-protection-check-IBT/_rmake.rs

This file was deleted.

13 changes: 11 additions & 2 deletions tests/run-make/branch-protection-check-IBT/main.rs
Original file line number Diff line number Diff line change
@@ -1,3 +1,12 @@
fn main() {
println!("hello world");
#![no_std]
#![no_main]

#[panic_handler]
fn panic(_info: &core::panic::PanicInfo) -> ! {
loop {}
}

#[no_mangle]
pub extern "C" fn main(argc: i32, argv: *const *const u8) -> i32 {
0
}
53 changes: 53 additions & 0 deletions tests/run-make/branch-protection-check-IBT/rmake.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
// ignore-tidy-linelength
//! A basic smoke test to check for GNU Property Note to see that for `x86_64` targets when [`-Z
//! cf-protection=branch`][intel-cet-tracking-issue] is requested, that the
//!
//! ```text
//! NT_GNU_PROPERTY_TYPE_0 Properties: x86 feature: IBT
//! ```
//!
//! Intel Indirect Branch Tracking (IBT) property is emitted. This was generated in
//! <https://github.com/rust-lang/rust/pull/110304> in order to address
//! <https://github.com/rust-lang/rust/issues/103001>.
//!
//! Note that the precompiled std currently is not compiled with `-Z cf-protection=branch`!
//!
//! In particular, it is expected that:
//!
//! > IBT to only be enabled for the process if `.note.gnu.property` indicates that the executable
//! > was compiled with IBT support and the linker to only tell that IBT is supported if all input
//! > object files indicate that they support IBT, which in turn requires the standard library to be
//! > compiled with IBT enabled.
//!
//! Note that Intel IBT (Indirect Branch Tracking) is not to be confused with Arm's BTI (Branch
//! Target Identification). See below for link to Intel IBT docs.
//!
//! ## Related links
//!
//! - [Tracking Issue for Intel Control Enforcement Technology (CET)][intel-cet-tracking-issue]
//! - Zulip question about this test:
//! <https://rust-lang.zulipchat.com/#narrow/channel/182449-t-compiler.2Fhelp/topic/.E2.9C.94.20Branch.20protection.20and.20.60.2Enote.2Egnu.2Eproperty.60>
//! - Intel IBT docs:
//! <https://edc.intel.com/content/www/us/en/design/ipla/software-development-platforms/client/platforms/alder-lake-desktop/12th-generation-intel-core-processors-datasheet-volume-1-of-2/006/indirect-branch-tracking/>
//!
//! [intel-cet-tracking-issue]: https://github.com/rust-lang/rust/issues/93754
// Only checks Intel IBT.
//@ only-x86_64
//@ needs-llvm-components: x86

use run_make_support::{bare_rustc, llvm_readobj};

fn main() {
// `main.rs` is `#![no_std]` to not pull in the currently not-compiled-with-IBT precompiled std.
bare_rustc()
.input("main.rs")
.target("x86_64-unknown-linux-gnu")
.panic("abort")
.arg("-Zcf-protection=branch")
.arg("-Clink-args=-nostartfiles")
.arg("-Csave-temps")
.run();

llvm_readobj().arg("-nW").input("main").run().assert_stdout_contains(".note.gnu.property");
}

0 comments on commit e5bf8bf

Please sign in to comment.