|
e409225b
|
2022-05-28T09:42:13
|
|
Pass large structs by value for Linux x86_64 and Aarch64.
Aarch patch by Andreas Schwab. https://github.com/libffi/libffi/commit/482b37f00467325e3389bab322525099860dd9aa
|
|
01d54435
|
2022-05-24T21:38:51
|
|
Mention loongson64
|
|
f259a6f6
|
2022-05-25T09:31:08
|
|
Support loongarch64 (#678)
* update config.{guess,sub}
* Support loongarch64
Co-Authored-By: Cheng Lulu <chenglulu@loongson.cn>
Co-Authored-By: Xi Ruoyao <xry111@mengyan1223.wang>
Co-Authored-By: Xu Hao
Co-Authored-By: Zhang Wenlong <zhangwenlong@loongson.cn>
Co-Authored-By: Pan Xuefeng <panxuefeng@loongson.cn>
Co-authored-by: panxuefeng <panxuefeng@loongson.cn>
Co-authored-by: Cheng Lulu <chenglulu@loongson.cn>
Co-authored-by: Xi Ruoyao <xry111@mengyan1223.wang>
|
|
d02d4660
|
2022-05-24T12:28:08
|
|
Debug cygwin builds
|
|
7e93ded9
|
2022-05-23T21:42:52
|
|
Revert "Don't dereference beyond the last array entry. (#667)" (#715)
This reverts commit 92d77d0e87a5f2a8c9c9b2431ffd264cb664e17a.
|
|
432384b6
|
2022-05-24T09:06:19
|
|
Add support for ARM64 as an Apple simulator platform. (#712)
|
|
9af445fd
|
2022-05-23T18:05:01
|
|
Upstream FreeBSD riscv patch (#708)
Like 8276f812a99b10d1f2c387dbd6ef2ca4f597c733 commit message:
> devel/libffi: Fix abort() on ARM related to __clear_cache()
>
> The current FreeBSD __clear_cache() implementation does nothing #if
> __i386__ || __x86_64__ #else abort();
>
> cognet@ advises this is an issue for anything !Apple that is using the
> libcompiler_rt provided by Clang on ARM, and requires upstreaming.
Co-authored-by: Kristof Provost <kp@FreeBSD.org>
|
|
de95947a
|
2022-05-24T03:04:43
|
|
Fix check for invalid varargs arguments. (#707)
|
|
92d77d0e
|
2022-05-23T21:03:00
|
|
Don't dereference beyond the last array entry. (#667)
|
|
e504f90f
|
2022-05-23T18:42:32
|
|
testsuite/libffi.closures: Fix PowerPC 64 (#709)
-mlong-double-128 is only supported on glibc.
This test still passes on glibc targets, and now passes on musl targets
as well (which uses 64-bit ldbl).
|
|
f3e61d49
|
2022-05-23T09:11:42
|
|
Remove debug code
|
|
a36880e7
|
2022-05-23T08:35:21
|
|
Remove stray export command
|
|
5f98afe8
|
2022-05-23T08:11:26
|
|
Debug cygwin builds
|
|
abaacbf8
|
2022-05-23T07:57:26
|
|
Debug cygwin tests
|
|
e770fb76
|
2022-05-22T20:43:41
|
|
Clean up types
|
|
2e825e21
|
2022-05-16T09:47:11
|
|
MIPS: fix some N32 test failure (#701)
Some go closure and pointer testcase fails.
These failures is not introduced by the complex support code.
|
|
1f1c3375
|
2022-05-16T09:45:27
|
|
MIPS: fix O32 softfloat support (#702)
|
|
3ac265d5
|
2022-05-15T18:43:56
|
|
x86-64: Always double jump table slot size for CET (#710) (#711)
When CET is enabled, double jump table slot size to add 4 bytes of ENDBR64
for CET. Since CET enabled clang doesn't have the LLVM assembler bug:
https://bugs.llvm.org/show_bug.cgi?id=21501
fixed by
commit 04d39260d64e08b8bfb3844109ad43d4055b2e8d
Author: Rafael Espindola <rafael.espindola@gmail.com>
Date: Wed Nov 4 23:50:29 2015 +0000
Simplify .org processing and make it a bit more powerful.
we can use .org to allocate jump table slot size to 16 bytes.
|
|
e67697c3
|
2022-03-31T20:44:49
|
|
MIPS: add Complex support (#698)
|
|
e3cf8b80
|
2022-03-31T14:42:03
|
|
Allow system to have overlapping mallopt defines (#700)
Which is the case on some OSes, such as QNX.
|
|
c086cacb
|
2022-03-31T14:40:59
|
|
Clean up the QNX ARM bits (#699)
- Add missing include.
- Use constants instead of magic values.
|
|
ab167710
|
2022-02-20T16:01:38
|
|
Xtensa cleanups and XEA3 support (#677)
* xtensa: clean up stack usage in ffi_trampoline call
Space for outgoing call arguments reserved in the stack frame of the
function ffi_trampoline overlaps register spill overflow area at the
top of the frame. In xtensa XEA2 exception architecture the layout of
overlapping areas is identical so that even if the ffi_trampoline
registers frame gets spilled the memory contents doesn't change.
This is not so with the xtensa XEA3 exception architecture, where
registers a0 - a7 of a different function are spilled in that location.
Reserve spill area for 8 registers to avoid overlapping of the spill
area with the outgoing call arguments area in the ffi_trampoline.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
* xtensa: support xtensa XEA3 exception architecture
XEA3 requires that 32 bytes of register spill area is reserved in all
functions. Fix ffi_cacheflush entry instruction to satisfy this
requirement.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
* xtensa: maintain stack alignment
xtensa ABI requires stack alignment on 16 byte boundary and passing
up to 6 arguments in registers. To simplify stack alignment maintenance
fixed amount of stack space is reserved for arguments passed in
registers and variable but correctly aligned amount is reserved for the
remaining arguments. After copying arguments to the stack and loading
registers the fixed part of the stack reservation is freed.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
* xtensa: fix err_bad_abi tests
Check ffi_cif::abi value in the ffi_prep_closure_loc and return
FFI_BAD_ABI error if it's not one of the supported values.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
|
|
aa3fce08
|
2022-02-13T21:04:33
|
|
riscv: extend return types smaller than ffi_arg (#680)
Co-authored-by: Andreas Schwab <schwab@suse.de>
|
|
464b4b66
|
2022-01-31T14:08:09
|
|
powerpc64: fix handling of homogeneous float128 structs (#689)
If there is a homogeneous struct with float128 members, they should be
copied to vector register save area. The current code incorrectly copies
only the value of the first member, not increasing the pointer with each
iteration. Fix this.
|
|
b60d4fc7
|
2021-12-23T14:32:46
|
|
src/x86/win64.S: Use #define instead of .macro (#665) (#669)
The Solaris/x86 assembler doesn't support .macro/.endm, so use #define since
win64.S is passed through cpp anyway.
|
|
4fa6239f
|
2021-12-23T14:27:32
|
|
testsuite/libffi.call: fix mismatching return types (#679)
Co-authored-by: Andreas Schwab <schwab@suse.de>
|
|
0f2dd369
|
2021-09-22T21:39:56
|
|
Makefile: Add missing kvx/asm.h to dist headers (#660)
The header kvx/asm.h is required to build libffi and is missing from
the dist tarball.
Signed-off-by: Jules Maselbas <jmaselbas@kalray.eu>
|
|
ee1263f7
|
2021-07-29T17:46:17
|
|
Fix 'type'-o
|
|
86d5ecc5
|
2021-07-29T16:58:32
|
|
Fix struct arg passing
|
|
03596285
|
2021-07-29T10:16:42
|
|
No more xfail for alpha
|
|
4ac18f26
|
2021-07-29T10:01:40
|
|
Add alpha CPU
|
|
7643c6ee
|
2021-07-29T08:51:35
|
|
Try to fix ARM QEMU tests
|
|
a04f57bc
|
2021-07-29T08:47:53
|
|
Fix m32r testing
|
|
339acf3d
|
2021-07-29T08:38:18
|
|
Debug cross-in-containers builds
|
|
43e4ad4d
|
2021-07-29T07:55:59
|
|
Test passing structs by value
|
|
68485e33
|
2021-07-29T07:13:35
|
|
Mention x32 static tramponline fix
|
|
07f826fd
|
2021-07-25T02:39:37
|
|
Fix trampoline_code_table for x32. (#657)
x32's struct tramp_parm has 32-bit pointers. This change adjusts the
loads and offsets accordingly.
|
|
be0b3b6e
|
2021-07-16T21:51:03
|
|
Fix CHECK
|
|
7db17442
|
2021-07-16T11:30:01
|
|
Don't check the whole buffer, just what we printed.
|
|
8bcf5947
|
2021-07-16T11:26:02
|
|
Fix test case
|
|
c96b0577
|
2021-07-16T11:16:39
|
|
Fix test check
|
|
4ed23be8
|
2021-07-16T11:08:01
|
|
Fix test check
|
|
eb244724
|
2021-07-16T14:33:04
|
|
Use CHECK to assert more things in test suite (#654)
* Use CHECK to assert more things in test suite
* Use snprintf instead of sprintf
* Fix va_struct1 and va_struct3
|
|
a541fc60
|
2021-07-16T08:56:30
|
|
Update README for next release.
|
|
b4cf80ab
|
2021-07-16T08:55:02
|
|
Trigger actions on master branch
|
|
d1eef904
|
2021-07-16T08:29:08
|
|
Migrate from travis-ci to github actions.
|
|
f9ea4168
|
2021-06-28T21:10:49
|
|
Update version to 3.4.2
|
|
2bdc8e52
|
2021-06-28T19:50:29
|
|
Version 3.4.1
|
|
c1d09bf0
|
2021-06-28T18:50:31
|
|
Update version to 3.4.0
|
|
1ed0aa73
|
2021-06-28T18:45:11
|
|
Fix warnings
|
|
0a2cc2ec
|
2021-06-28T14:59:07
|
|
Add missing test cases to distribution
|
|
ee3ef737
|
2021-06-28T11:51:35
|
|
Add tests for single entry structs (#653)
|
|
f08c5ace
|
2021-06-28T07:24:19
|
|
Fix the assertions in cls-24byte (#652)
* Fix the assertions in cls-24byte
* Update print statement too
|
|
4557f232
|
2021-06-28T09:53:01
|
|
3.4.0 release candidate 2
|
|
cd442891
|
2021-06-28T04:56:30
|
|
Add missing FFI_HIDDEN to ffi_tramp_is_present declaration (#651)
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
|
9fa94c60
|
2021-06-27T11:02:33
|
|
Print more information when an assertion fails in test suite (#649)
|
|
91eaadfb
|
2021-06-27T09:49:31
|
|
Fix signature of function pointer in cls_dbls_struct (#648)
|
|
132699b9
|
2021-06-27T16:50:20
|
|
configure.ac: add --disable-exec-static-tramp flag (#647)
Some projects like GHC (Glasgow Haskell Compiler) and
gobject-introspection use `ffi_closure_alloc()` as a way
to allocate executable memory. exec static tramp
interferes with it (unclear how exactly yet).
GHC symptom: ffi closure freeing cimplains about unexpected
trampoline (GHC manually fills one):
```
$ ghci
GHCi, version 8.10.5: https://www.haskell.org/ghc/ :? for help
ghc: freeHaskellFunctionPtr: not for me, guv! 0x7f0417a1efe8
ghc: freeHaskellFunctionPtr: not for me, guv! 0x7f0417a1efc8
```
gobject-introspection symptom:
```
$ meld
Segmentation fault (core dumped)
$ gdb --args /usr/bin/python3.9 /usr/bin/meld
(gdb) run
...
Thread 1 "python3.9" received signal SIGSEGV, Segmentation fault.
0x00007fffe9ac1ae8 in g_callable_info_free_closure (
callable_info=0x555555d45990, closure=0x7fffe9e70c20)
at ../gobject-introspection-1.68.0/girepository/girffi.c:428
428 g_free (wrapper->ffi_closure.cif->arg_types);
(gdb) bt
callable_info=0x555555d45990, closure=0x7fffe9e70c20)
at ../gobject-introspection-1.68.0/girepository/girffi.c:428
data=0x555555d252d0)
at ../pygobject-3.40.1/gi/pygi-closure.c:635
...
```
To ease downstreams narrowing down the actual problem let's
provide a knob to disable exec static trampolines.
The change for not affect current default.
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
|
|
4e07374c
|
2021-06-27T11:25:06
|
|
Remove caveat about varargs support
|
|
11f97138
|
2021-06-27T07:46:12
|
|
Update contact info
|
|
f792adb6
|
2021-06-26T22:26:52
|
|
configure.ac: allow user to specify READELF (#646)
Before the change with x86_64-pc-linux-gnu cross-compiler
installed the configure was not able to find cross-readelf:
```
$ ./configure --host=x86_64-pc-linux-gnu
...
checking whether .eh_frame section should be read-only... .././configure: line 19540: readelf: command not found
yes
...
```
The change uses AC_CHECK_TOOL to automatically seatch for ${host}-readelf,
readelf. And as a bonus it also allows user to override readelf with
something like READELF=llvm-readelf.
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
|
|
9cf15b3a
|
2021-06-26T12:12:06
|
|
Make 3.4 release candidate 1
|
|
1e5dc8de
|
2021-06-26T12:08:35
|
|
Add missing file from make dist. Add missing license info.
|
|
c0b210c7
|
2021-06-26T10:55:57
|
|
Remove test case
|
|
87429ce7
|
2021-06-26T08:49:45
|
|
This test includes a closure and must live in the closures test directory. (#645)
Co-authored-by: Matthew Green <squidhacks@users.noreply.github.com>
|
|
8d83c7c1
|
2021-06-25T19:50:33
|
|
Make test methods static (#644)
|
|
becae739
|
2021-06-22T13:01:06
|
|
Switch from travis-ci.org to travis-ci.com.
|
|
fa1ef887
|
2021-06-22T08:48:24
|
|
Avoid undefined behaviour
|
|
84bb5691
|
2021-06-22T07:33:46
|
|
Remove libtool-ldflags file from .gitignore (#600)
This is correct. Thank you!
|
|
5651bea2
|
2021-06-15T15:19:26
|
|
2021-06-15 Jakub Jelinek <jakub@redhat.com>
* src/x86/ffi64.c (classify_argument): For FFI_TYPE_STRUCT set words
to number of words needed for type->size + byte_offset bytes rather
than just type->size bytes. Compute pos before the loop and check
total size of the structure.
* testsuite/libffi.call/nested_struct12.c: New test.
|
|
f56eb852
|
2021-06-15T08:50:20
|
|
Don't stop test on copy failure (#636)
* Don't stop test on copy failure
Static-library tests were failing only because there were
no DLLs to copy. This change makes a copy failure not stop
the build; if a failed copy would otherwise be relevent, the
later tests would fail anyway.
While there are more clever ways to solve this, a brute force
fix is sufficient.
* [TEST] Try cygwin64; install more packages explicitly
* use correct cygwin64 directory name
appveyor has cygwin64 pre-installed in /cygwin64, and 32-bit cygwin
in /cygwin
* More testing - revert VS change, bump travis timeout
* Add -g to update the rest of perl
* Skip execution tests on non-native platforms
Special site.exp that skips the unix_load() command for arm platforms.
Unset TERM to avoid cruft in stdout
Try harder to find the libffi libraries
|
|
ff059dd9
|
2021-06-10T18:41:02
|
|
Fix build on OpenBSD/mips64 (#638)
The build fails on OpenBSD/mips64 because clang 11's integrated
assembler expects read-only .eh_frame:
../src/mips/n32.S:585:9: error: changed section flags for .eh_frame, expected: 0x2
.section .eh_frame,"aw",@progbits
^
Use EH_FRAME_FLAGS to get matching flags for the section.
|
|
e6eb59cd
|
2021-06-09T16:00:10
|
|
Add struct test to verify a nested float struct (#640)
The test aims to check a nested float struct
[float, [float,float]] to see whether it works good
with libffi.
Signed-off-by: Cheng Jin <jincheng@ca.ibm.com>
|
|
6eb38863
|
2021-06-09T15:45:31
|
|
Remove reference to old test case
|
|
ca2235ec
|
2021-06-04T18:20:24
|
|
Revert appveyor changes
|
|
243004cc
|
2021-06-01T23:00:29
|
|
Update vs version
|
|
04c157f4
|
2021-06-01T22:57:47
|
|
Upgrade to vs2019
|
|
03a78e88
|
2021-06-01T22:53:44
|
|
Try updating automake
|
|
1f1829bd
|
2021-06-01T22:34:37
|
|
Bring in the latest version of perl
|
|
dd5bd030
|
2021-04-07T05:42:10
|
|
Fix building for arm windows with mingw toolchains (#631)
* arm: Check _WIN32 instead of _M_ARM or _MSC_VER for detecting windows
This matches what was done for ARM64 in
c06468fa6674d3783a0edb1d0fae9afc8bc28513.
* arm: Only use armasm source when building with MSVC
When building for windows/arm with clang, the normal gas style .S
source works fine (if fixed up to support thumb and other windows
specifics).
This matches what was done for ARM64 in
c06468fa6674d3783a0edb1d0fae9afc8bc28513.
* arm: Fix sysv.S to work in thumb mode
Align cases in jump tables (adding nop padding to make sure each
case starts where expected).
Rewrite instructions that add directly to the pc register.
For ffi_closure_ret, factor out a call_epilogue subroutine that
restores both sp and pc from the stack; the thumb version of ldm
can't load into the sp register. To avoid excessive ifdeffing, keep
using call_epilogue in arm mode, but keep the shorter "ldm sp, {sp, pc}"
epilogue in that case.
* arm: Add win32 version of trampoline to sysv.S
This matches the version of it in sysv_msvc_arm32.S. The calling
C code expects a specific form of the trampoline on windows; make
sure these work the same on windows regardless of the form of
assembly used.
* arm: Avoid optimizing out clearing the thumb bit of ffi_arm_trampoline
We clear the thumb bit of ffi_arm_trampoline with a bitmask before
memcpying its instructions into closure->tramp.
If the bit isn't cleared, the memcpy of the trampoline function
copies the wrong instructions.
If the ffi_arm_trampoline symbol is declared as an array of int,
the compiler can assume that it is aligned to a 4 byte boundary
and the bitmask operation is a no-op, and optimize it out.
See https://godbolt.org/z/dE3jE1WTz; both Clang and GCC optimize
out the bitmask as it is, while MSVC doesn't. By declaring the
trampoline as an array of unsigned char, the bitmask works as
intended.
|
|
95ef857d
|
2021-03-25T10:43:05
|
|
Verbose brew update.
|
|
78c97c9f
|
2021-03-25T09:15:37
|
|
Move container images to quay.io.
|
|
58dfdf6a
|
2021-03-24T23:19:54
|
|
testsuite: fix compiler vendor detection on dash as /bin/sh (#594)
In https://bugs.gentoo.org/753299 Paolo Pedroni reported
a single test failure out of all libffi. Here is the minimal
reproducer:
```
$ ./autogen
$ CONFIG_SHELL=/bin/dash ./configure --host=x86_64-pc-linux-gnu
$ make check RUNTESTFLAGS='complex.exp'
...
FAIL: libffi.complex/cls_align_complex_float.c (test for excess errors)
```
This happens because under 'dash' shell autoconf generates slightly
different style of string quotation in `config.log`:
- on bash: `ax_cv_c_compiler_vendor=gnu`
- on dash: `ax_cv_c_compiler_vendor='gnu'`
To avoid shell quotation parsing the change just embeds
`compiler_vendor` into `local.exp` at configure time.
Reported-by: Paolo Pedroni
Bug: https://bugs.gentoo.org/753299
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
|
|
eafab235
|
2021-03-24T11:38:36
|
|
arm64e: Pull in pointer authentication code from Apple's arm64e libffi port (#565)
NOTES: This changes the ptrauth support from #548 to match what Apple is
shipping in its libffi-27 tag.
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
|
01b56f4b
|
2021-03-24T12:20:27
|
|
fix windows tests (#595)
* Update .appveyor.yml
* add (debug+release)*(shared+static) CI
* fix libversion
|
|
1aeb2671
|
2021-03-24T12:16:12
|
|
x86: Fix thiscall and fastcall stack cleanup behavior (#611)
These are meant to use callee clean-up.
|
|
e92c81a5
|
2021-03-24T07:07:53
|
|
Mention MSVC runtime stack checking improvement
|
|
f88add14
|
2021-03-24T12:04:51
|
|
x86: Fix MSVC runtime checks interop (#612)
MSVC can add runtime code that checks if a stack frame is mismanaged,
however our custom assembly deliberately accesses and modifies the parent
stack frame. Fortunately we can disable that specific check for the
function call so do that.
Co-authored-by: Matthew Waters <matthew@centricular.com>
|
|
aa4dafb1
|
2021-03-23T19:06:08
|
|
Mention LIBFFI_TMPDIR
|
|
70ea259c
|
2021-03-23T19:03:45
|
|
Search $LIBFFI_TMPDIR also (#605)
Most temp file directories need to be hardened against execution, but
libffi needs execute privileges. Add a libffi-specific temp directory
that can be set up by sysadmins as needed with suitable permissions.
This both ensures that libffi will have a valid temp directory to use
as well as preventing attempts to access other directories.
|
|
f58e5ee6
|
2021-03-23T23:54:00
|
|
aarch64: Fix closures for win64 (#606)
|
|
5865450d
|
2021-03-23T19:50:09
|
|
Update ax_cc_maxopt m4 macro (#617)
Keeps libffi's specific changes
(https://github.com/libffi/libffi/commit/cec3a3a201f17a7f018f25e1a0917bd5206e5a5a#diff-2396a1256ac4b1c6849c931ddb8018bdd984bb2383be21bb819a33b95d8d603f)
and updates to the latest ax_cc_maxopt.m4
(http://git.savannah.gnu.org/gitweb/?p=autoconf-archive.git;a=commit;h=73ee1b396c21062ee8eeb8721ba5323322110fb5):
ax_cc_maxopt.m4: retain setting of CFLAGS by configure
AX_CC_MAXOPT checks whether CFLAGS was set by the user; if so, the user’s
setting is respected. This behavior is retained, of course.
However, AX_CC_MAXOPT was then setting CFLAGS="". This overrode the default
setting by configure, which usually includes -g. Hence, if CFLAGS was not
set by the user, retain the default setting, to preserve the ability to
debug.
A typical default setting from configure is "-g -O2". This means that
AX_CC_MAXOPT might typically set CFLAGS to "-g -O2 -O3". This is fine,
because the later -O3 will override the earlier -O2. (The only assumption is
that all compilers that AX_CC_MAXOPT knows behave in this sane way.)
|
|
8f44384d
|
2021-03-23T14:24:54
|
|
Fix formatting
|
|
9d491b5e
|
2021-03-23T12:26:37
|
|
Mention KVX
|
|
205cf01b
|
2021-03-23T11:31:08
|
|
Bug #680. Don't accept floats or small ints as var args. (#628)
* Bug #680. Don't accept floats or small ints as var args.
* Bug #680. Don't accept floats or small ints as var args.
* Bug #680. Don't accept floats or small ints as var args.
|
|
d271dbe0
|
2021-03-20T06:06:28
|
|
Add some missing #if conditionals from Apple's code drop (#620)
* arm/aarch64: Add FFI_CLOSURES conditionals where appropriate
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
* aarch64: Don't emit the do_closure label when building without FFI_GO_CLOSURES
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
|
|
bae695da
|
2021-03-06T00:09:17
|
|
Add configuration generator for tvOS and watchOS. (#625)
|
|
9ba55921
|
2021-03-05T10:07:30
|
|
Static tramp v5 (#624)
* Static Trampolines
Closure Trampoline Security Issue
=================================
Currently, the trampoline code used in libffi is not statically defined in
a source file (except for MACH). The trampoline is either pre-defined
machine code in a data buffer. Or, it is generated at runtime. In order to
execute a trampoline, it needs to be placed in a page with executable
permissions.
Executable data pages are attack surfaces for attackers who may try to
inject their own code into the page and contrive to have it executed. The
security settings in a system may prevent various tricks used in user land
to write code into a page and to have it executed somehow. On such systems,
libffi trampolines would not be able to run.
Static Trampoline
=================
To solve this problem, the trampoline code needs to be defined statically
in a source file, compiled and placed in the text segment so it can be
mapped and executed naturally without any tricks. However, the trampoline
needs to be able to access the closure pointer at runtime.
PC-relative data referencing
============================
The solution implemented in this patch set uses PC-relative data references.
The trampoline is mapped in a code page. Adjacent to the code page, a data
page is mapped that contains the parameters of the trampoline:
- the closure pointer
- pointer to the ABI handler to jump to
The trampoline code uses an offset relative to its current PC to access its
data.
Some architectures support PC-relative data references in the ISA itself.
E.g., X64 supports RIP-relative references. For others, the PC has to
somehow be loaded into a general purpose register to do PC-relative data
referencing. To do this, we need to define a get_pc() kind of function and
call it to load the PC in a desired register.
There are two cases:
1. The call instruction pushes the return address on the stack.
In this case, get_pc() will extract the return address from the stack
and load it in the desired register and return.
2. The call instruction stores the return address in a designated register.
In this case, get_pc() will copy the return address to the desired
register and return.
Either way, the PC next to the call instruction is obtained.
Scratch register
================
In order to do its job, the trampoline code would need to use a scratch
register. Depending on the ABI, there may not be a register available for
scratch. This problem needs to be solved so that all ABIs will work.
The trampoline will save two values on the stack:
- the closure pointer
- the original value of the scratch register
This is what the stack will look like:
sp before trampoline ------> --------------------
| closure pointer |
--------------------
| scratch register |
sp after trampoline -------> --------------------
The ABI handler can do the following as needed by the ABI:
- the closure pointer can be loaded in a desired register
- the scratch register can be restored to its original value
- the stack pointer can be restored to its original value
(the value when the trampoline was invoked)
To do this, I have defined prolog code for each ABI handler. The legacy
trampoline jumps to the ABI handler directly. But the static trampoline
defined in this patch jumps tp the prolog code which performs the above
actions before jumping to the ABI handler.
Trampoline Table
================
In order to reduce the trampoline memory footprint, the trampoline code
would be defined as a code array in the text segment. This array would be
mapped into the address space of the caller. The mapping would, therefore,
contain a trampoline table.
Adjacent to the trampoline table mapping, there will be a data mapping that
contains a parameter table, one parameter block for each trampoline. The
parameter block will contain:
- a pointer to the closure
- a pointer to the ABI handler
The static trampoline code would finally look like this:
- Make space on the stack for the closure and the scratch register
by moving the stack pointer down
- Store the original value of the scratch register on the stack
- Using PC-relative reference, get the closure pointer
- Store the closure pointer on the stack
- Using PC-relative reference, get the ABI handler pointer
- Jump to the ABI handler
Mapping size
============
The size of the code mapping that contains the trampoline table needs to be
determined on a per architecture basis. If a particular architecture
supports multiple base page sizes, then the largest supported base page size
needs to be chosen. E.g., we choose 16K for ARM64.
Trampoline allocation and free
==============================
Static trampolines are allocated in ffi_closure_alloc() and freed in
ffi_closure_free().
Normally, applications use these functions. But there are some cases out
there where the user of libffi allocates and manages its own closure
memory. In such cases, static trampolines cannot be used. These will
fall back to using legacy trampolines. The user has to make sure that
the memory is executable.
ffi_closure structure
=====================
I did not want to make any changes to the size of the closure structure for
this feature to guarantee compatibility. But the opaque static trampoline
handle needs to be stored in the closure. I have defined it as follows:
- char tramp[FFI_TRAMPOLINE_SIZE];
+ union {
+ char tramp[FFI_TRAMPOLINE_SIZE];
+ void *ftramp;
+ };
If static trampolines are used, then tramp[] is not needed to store a
dynamic trampoline. That space can be reused to store the handle. Hence,
the union.
Architecture Support
====================
Support has been added for x64, i386, aarch64 and arm. Support for other
architectures can be added very easily in the future.
OS Support
==========
Support has been added for Linux. Support for other OSes can be added very
easily.
Signed-off-by: Madhavan T. Venkataraman <madvenka@linux.microsoft.com>
* x86: Support for Static Trampolines
- Define the arch-specific initialization function ffi_tramp_arch ()
that returns trampoline size information to common code.
- Define the trampoline code mapping and data mapping sizes.
- Define the trampoline code table statically. Define two tables,
actually, one with CET and one without.
- Introduce a tiny prolog for each ABI handling function. The ABI
handlers addressed are:
- ffi_closure_unix64
- ffi_closure_unix64_sse
- ffi_closure_win64
The prolog functions are called:
- ffi_closure_unix64_alt
- ffi_closure_unix64_sse_alt
- ffi_closure_win64_alt
The legacy trampoline jumps to the ABI handler. The static
trampoline jumps to the prolog function. The prolog function uses
the information provided by the static trampoline, sets things up
for the ABI handler and then jumps to the ABI handler.
- Call ffi_tramp_set_parms () in ffi_prep_closure_loc () to
initialize static trampoline parameters.
Signed-off-by: Madhavan T. Venkataraman <madvenka@linux.microsoft.com>
* i386: Support for Static Trampolines
- Define the arch-specific initialization function ffi_tramp_arch ()
that returns trampoline size information to common code.
- Define the trampoline code table statically. Define two tables,
actually, one with CET and one without.
- Define the trampoline code table statically.
- Introduce a tiny prolog for each ABI handling function. The ABI
handlers addressed are:
- ffi_closure_i386
- ffi_closure_STDCALL
- ffi_closure_REGISTER
The prolog functions are called:
- ffi_closure_i386_alt
- ffi_closure_STDCALL_alt
- ffi_closure_REGISTER_alt
The legacy trampoline jumps to the ABI handler. The static
trampoline jumps to the prolog function. The prolog function uses
the information provided by the static trampoline, sets things up
for the ABI handler and then jumps to the ABI handler.
- Call ffi_tramp_set_parms () in ffi_prep_closure_loc () to
initialize static trampoline parameters.
Signed-off-by: Madhavan T. Venkataraman <madvenka@linux.microsoft.com>
* arm64: Support for Static Trampolines
- Define the arch-specific initialization function ffi_tramp_arch ()
that returns trampoline size information to common code.
- Define the trampoline code mapping and data mapping sizes.
- Define the trampoline code table statically.
- Introduce a tiny prolog for each ABI handling function. The ABI
handlers addressed are:
- ffi_closure_SYSV
- ffi_closure_SYSV_V
The prolog functions are called:
- ffi_closure_SYSV_alt
- ffi_closure_SYSV_V_alt
The legacy trampoline jumps to the ABI handler. The static
trampoline jumps to the prolog function. The prolog function uses
the information provided by the static trampoline, sets things up
for the ABI handler and then jumps to the ABI handler.
- Call ffi_tramp_set_parms () in ffi_prep_closure_loc () to
initialize static trampoline parameters.
Signed-off-by: Madhavan T. Venkataraman <madvenka@linux.microsoft.com>
* arm: Support for Static Trampolines
- Define the arch-specific initialization function ffi_tramp_arch ()
that returns trampoline size information to common code.
- Define the trampoline code mapping and data mapping sizes.
- Define the trampoline code table statically.
- Introduce a tiny prolog for each ABI handling function. The ABI
handlers addressed are:
- ffi_closure_SYSV
- ffi_closure_VFP
The prolog functions are called:
- ffi_closure_SYSV_alt
- ffi_closure_VFP_alt
The legacy trampoline jumps to the ABI handler. The static
trampoline jumps to the prolog function. The prolog function uses
the information provided by the static trampoline, sets things up
for the ABI handler and then jumps to the ABI handler.
- Call ffi_tramp_set_parms () in ffi_prep_closure_loc () to
initialize static trampoline parameters.
Signed-off-by: Madhavan T. Venkataraman <madvenka@linux.microsoft.com>
|
|
5c63b463
|
2020-12-02T16:14:27
|
|
Use memfd_create() (#604)
memfd_create creates a file in a memory-only filesystem that may
bypass strict security protocols in filesystem-based temporary
files.
|
|
cb847436
|
2020-12-02T12:52:12
|
|
libffi/x86: Always check __x86_64__ for x32 hosts (#601) (#602)
Since for x86_64-*x32 and x86_64-x32-* hosts, -m32 generates ia32 codes.
We should always check __x86_64__ for x32 hosts.
|