[shadow stack] Put incsspq calls behind a gn flag

Introduce a build-time flag to disable all CET shadow-stack manipulation. This will allow us to develop the feature without breaking production code, and enable it all at once once the feature is ready. R=mlippautz@chromium.org Bug: v8:12522, v8:11246, chromium:1284445, chromium:1284599 Change-Id: Iedc1b9a0c0c74f484bb76d86c84809798c0931b9 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3368101 Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/main@{#78494}
2022-01-05 16:17:21 +01:00 · 2022-01-05 16:17:21 +01:00 · c0f6ee77a1
commit c0f6ee77a1
parent c7c5b49298
2 changed files with 14 additions and 4 deletions
--- a/BUILD.gn
+++ b/BUILD.gn
@ -359,6 +359,10 @@ declare_args() {
  # TODO(v8:11112): Remove once all architectures support the flag and it is
  # enabled unconditionally.
  v8_include_receiver_in_argc = true
  # Change code emission and runtime features to be CET shadow-stack compliant
  # (incomplete and experimental).
  v8_enable_cet_shadow_stack = false
 }
 # Derived defaults.
@ -926,6 +930,9 @@ config("features") {
  if (v8_control_flow_integrity) {
    defines += [ "V8_ENABLE_CONTROL_FLOW_INTEGRITY" ]
  }
  if (v8_enable_cet_shadow_stack) {
    defines += [ "V8_ENABLE_CET_SHADOW_STACK" ]
  }
  if (v8_enable_wasm_gdb_remote_debugging) {
    defines += [ "V8_ENABLE_WASM_GDB_REMOTE_DEBUGGING" ]
  }
@ -2214,6 +2221,7 @@ action("v8_dump_build_config") {
    "v8_dict_property_const_tracking=$v8_dict_property_const_tracking",
    "v8_control_flow_integrity=$v8_control_flow_integrity",
    "v8_target_cpu=\"$v8_target_cpu\"",
    "v8_enable_cet_shadow_stack=$v8_enable_cet_shadow_stack",
  ]
  if (v8_current_cpu == "mips" || v8_current_cpu == "mipsel" ||
--- a/src/builtins/x64/builtins-x64.cc
+++ b/src/builtins/x64/builtins-x64.cc
@ -3981,10 +3981,6 @@ void Builtins::Generate_CEntry(MacroAssembler* masm, int result_size,
      IsolateAddressId::kPendingHandlerFPAddress, masm->isolate());
  ExternalReference pending_handler_sp_address = ExternalReference::Create(
      IsolateAddressId::kPendingHandlerSPAddress, masm->isolate());
  ExternalReference num_frames_above_pending_handler_address =
      ExternalReference::Create(
          IsolateAddressId::kNumFramesAbovePendingHandlerAddress,
          masm->isolate());
  // Ask the runtime for help to determine the handler. This will set rax to
  // contain the current pending exception, don't clobber it.
@ -3999,10 +3995,16 @@ void Builtins::Generate_CEntry(MacroAssembler* masm, int result_size,
    __ CallCFunction(find_handler, 3);
  }
 #ifdef V8_ENABLE_CET_SHADOW_STACK
  // Drop frames from the shadow stack.
  ExternalReference num_frames_above_pending_handler_address =
      ExternalReference::Create(
          IsolateAddressId::kNumFramesAbovePendingHandlerAddress,
          masm->isolate());
  __ movq(rcx, masm->ExternalReferenceAsOperand(
                   num_frames_above_pending_handler_address));
  __ IncsspqIfSupported(rcx, kScratchRegister);
 #endif  // V8_ENABLE_CET_SHADOW_STACK
  // Retrieve the handler context, SP and FP.
  __ movq(rsi,