Message ID | 20231213104755.3895396-1-ross.burton@arm.com |
---|---|
State | Accepted, archived |
Commit | 4bf06bc5487da05e6b4a4895e5ca2da65cdc25d8 |
Headers | show |
Series | openssl: mark assembler sections as call targets for PAC/BTI support on aarch64 | expand |
On Wed, Dec 13, 2023 at 2:48 AM Ross Burton <ross.burton@arm.com> wrote: > > From: Ross Burton <ross.burton@arm.com> > > The assembler sections in OpenSSL were not marked as valid call targets, > so branch protection could not be enabled for libcrypto.so. > > Signed-off-by: Ross Burton <ross.burton@arm.com> > --- > .../openssl/openssl/aarch64-bti.patch | 35 +++++++++++++++++++ > .../openssl/openssl_3.2.0.bb | 1 + > 2 files changed, 36 insertions(+) > create mode 100644 meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch > > diff --git a/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch b/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch > new file mode 100644 > index 00000000000..2a16debb76e > --- /dev/null > +++ b/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch > @@ -0,0 +1,35 @@ > +From ad347c9ff0fd93bdd2fa2085611c65b88e94829f Mon Sep 17 00:00:00 2001 > +From: "fangming.fang" <fangming.fang@arm.com> > +Date: Thu, 7 Dec 2023 06:17:51 +0000 > +Subject: [PATCH] Enable BTI feature for md5 on aarch64 > + > +Fixes: #22959 > + > +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> > +Reviewed-by: Tomas Mraz <tomas@openssl.org> > +(Merged from https://github.com/openssl/openssl/pull/22971) > + > +Upstream-Status: Backport > +Signed-off-by: Ross Burton <ross.burton@arm.com> > +--- > + crypto/md5/asm/md5-aarch64.pl | 3 +++ > + 1 file changed, 3 insertions(+) > + > +diff --git a/crypto/md5/asm/md5-aarch64.pl b/crypto/md5/asm/md5-aarch64.pl > +index 3200a0fa9bff0..5a8608069691d 100755 > +--- a/crypto/md5/asm/md5-aarch64.pl > ++++ b/crypto/md5/asm/md5-aarch64.pl > +@@ -28,10 +28,13 @@ > + *STDOUT=*OUT; > + > + $code .= <<EOF; > ++#include "arm_arch.h" > ++ > + .text > + .globl ossl_md5_block_asm_data_order > + .type ossl_md5_block_asm_data_order,\@function > + ossl_md5_block_asm_data_order: > ++ AARCH64_VALID_CALL_TARGET > + // Save all callee-saved registers > + stp x19,x20,[sp,#-80]! > + stp x21,x22,[sp,#16] > diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.0.bb b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb > index ab0562bd730..1c97d853f11 100644 > --- a/meta/recipes-connectivity/openssl/openssl_3.2.0.bb > +++ b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb > @@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ > file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ > file://0001-Configure-do-not-tweak-mips-cflags.patch \ > file://0001-Added-handshake-history-reporting-when-test-fails.patch \ > + file://aarch64-bti.patch \ it looks funnily indented :) > " > > SRC_URI:append:class-nativesdk = " \ > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#192280): https://lists.openembedded.org/g/openembedded-core/message/192280 > Mute This Topic: https://lists.openembedded.org/mt/103147125/1997914 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch b/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch new file mode 100644 index 00000000000..2a16debb76e --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/aarch64-bti.patch @@ -0,0 +1,35 @@ +From ad347c9ff0fd93bdd2fa2085611c65b88e94829f Mon Sep 17 00:00:00 2001 +From: "fangming.fang" <fangming.fang@arm.com> +Date: Thu, 7 Dec 2023 06:17:51 +0000 +Subject: [PATCH] Enable BTI feature for md5 on aarch64 + +Fixes: #22959 + +Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> +Reviewed-by: Tomas Mraz <tomas@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/22971) + +Upstream-Status: Backport +Signed-off-by: Ross Burton <ross.burton@arm.com> +--- + crypto/md5/asm/md5-aarch64.pl | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/crypto/md5/asm/md5-aarch64.pl b/crypto/md5/asm/md5-aarch64.pl +index 3200a0fa9bff0..5a8608069691d 100755 +--- a/crypto/md5/asm/md5-aarch64.pl ++++ b/crypto/md5/asm/md5-aarch64.pl +@@ -28,10 +28,13 @@ + *STDOUT=*OUT; + + $code .= <<EOF; ++#include "arm_arch.h" ++ + .text + .globl ossl_md5_block_asm_data_order + .type ossl_md5_block_asm_data_order,\@function + ossl_md5_block_asm_data_order: ++ AARCH64_VALID_CALL_TARGET + // Save all callee-saved registers + stp x19,x20,[sp,#-80]! + stp x21,x22,[sp,#16] diff --git a/meta/recipes-connectivity/openssl/openssl_3.2.0.bb b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb index ab0562bd730..1c97d853f11 100644 --- a/meta/recipes-connectivity/openssl/openssl_3.2.0.bb +++ b/meta/recipes-connectivity/openssl/openssl_3.2.0.bb @@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ file://0001-Configure-do-not-tweak-mips-cflags.patch \ file://0001-Added-handshake-history-reporting-when-test-fails.patch \ + file://aarch64-bti.patch \ " SRC_URI:append:class-nativesdk = " \