Do not define SHSTK feature for amd64 Context.S

We do not implement CET shadow-stack switching in amd64 Context.S. If you compile Ruby with `-fcf-protection=full` and run it with `GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK` exported, it will crash with a control flow exception. Configure the appropriate notes at the end of Context.S [Bug #18061]
2024-07-06 15:00:42 +10:00 · 2024-07-06 15:00:42 +10:00 · 8ec67052e6
--- a/coroutine/amd64/Context.S
+++ b/coroutine/amd64/Context.S
@ -5,9 +5,9 @@
 ##  Copyright, 2018, by Samuel Williams.
 ##

-#if defined(__CET__)
-#include <cet.h>
-#endif
+/* Important - do _not_ include <cet.h> in this file; doing so will
+ * cause an incorrect .note.gnu.property section to be emitted. We have
+ * one at the bottom of this file */

 #define TOKEN_PASTE(x,y) x##y
 #define PREFIXED_SYMBOL(prefix,name) TOKEN_PASTE(prefix,name)
@ -17,8 +17,9 @@
 .globl PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer)
 PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer):

-#if defined(__CET__)
-	_CET_ENDBR
+#if defined(__CET__) && (__CET__ & 0x01) != 0
+        /* IBT landing pad */
+        endbr64
 #endif

 	# Make space on the stack for 6 registers:
@ -58,3 +59,28 @@ PREFIXED_SYMBOL(SYMBOL_PREFIX,coroutine_transfer):
 #if (defined(__linux__) || defined(__FreeBSD__)) && defined(__ELF__)
 .section .note.GNU-stack,"",%progbits
 #endif
+
+#if defined(__CET__) && (__CET__ & 0x01) != 0
+# define IBT_FLAG 0x01
+#else
+# define IBT_FLAG 0x00
+#endif
+
+/* We do _NOT_ support CET shadow-stack. Do _not_ add the property for
+ * this to the Context.o object. If you require CET shadow-stack support,
+ * for now, consider building with --with-coroutine=ucontext */
+#define SHSTK_FLAG 0x00
+
+.pushsection .note.gnu.property, "a"
+.p2align 3
+.long 0x4        /* Name size ("GNU\0") */
+.long 0x10       /* Descriptor size */
+.long 0x5        /* Type: NT_GNU_PROPERTY_TYPE_0 */
+.asciz "GNU"     /* Name */
+# Begin descriptor
+.long 0xc0000002 /* Property type: GNU_PROPERTY_X86_FEATURE_1_AND */
+.long 0x4        /* Property size */
+.long (IBT_FLAG | SHSTK_FLAG)
+.long 0x0        /* 8-byte alignment padding */
+/* End descriptor */
+.popsection