Indirect Branch Tracking (IBT) is part of Intel's Control-Flow
Enforcement Technology (CET). IBT is hardware based, forward edge
Control-Flow-Integrity mechanism where any indirect CALL/JMP must target
an ENDBR instruction or suffer #CP.
This commit adds IBT support for JIT:
1. Add endbr32/64 instruction in Dynasm.
2. Insert endbr32/64 in indirect branch target for jitted code.
gcc support CET since v8.1 and set it to default since gcc 11. With this
commit, endbr is inserted in jitted code if PHP is compiled with "gcc
-fcf-protection=full/branch".
Signed-off-by: Chen, Hu <hu1.chen@intel.com>
The test as is can only work if com_dotnet is built dynamically, and
not already loaded via the php.ini file. While this is given on
AppVeyor, it may not be given in other environments.
Closes GH-8879.
Drop period in error messages
2 reasons:
- These error messages are not regular sentences.
- Having the offending value between parenthesis after the period looks weird.
Closes GH-8858.
Closes GH-8830
MAP_FIXED guarantees mmap will return that exact address or fail so the
address comparison is redundant.
The return value of this function is unused but I kept it because it
improves readability.
Fix GH-8756 : oci_new_descriptor() triggers dynamic property
deprecation.
This fix should be temporary. At some point we should either define
those properties or just hide them since they should probably not be
used.
Better fix is here : https://github.com/php/php-src/pull/8758 but
waiting feedback from Oracle team before going ahead.
We fix the `UNEXPECTED(EXPECTED(…))`, which does not make sense, and
replace the magic number with the respective macro. We also add a
test case to verify the expected behavior for an `array_fill()` edge
case.
Closes GH-8804.
We revert the commits which caused this regression from the PHP-8.0 and
PHP-8.1 branches for now. We keep it in "master" because of PR #8833
which may offer a proper fix without BC break.
Nothing new but to refactor usage b/w hash and password
extensions but using volatile pointers to be a bit safer,
allowing to expand its usage eventually.
The new Linux 5.17 feature PR_SET_VMA_ANON_NAME can give names to
anonymous private memory, see:
https://lwn.net/Articles/867818/
It can be useful while debugging, to identify which portion of the
process's memory belongs to which subsystem.
This is how /proc/PID/maps can look like:
555ccd400000-555ccdc00000 r-xp 00000000 00:00 0 [anon:huge_code_pages]
7f6ec6600000-7f6ec6800000 rw-p 00000000 00:00 0 [anon:zend_alloc]
The first mapping is the PHP executable copied to anonymous memory by
option "opcache.huge_code_pages". The second one is a memory area for
the "zend_alloc.h" memory allocator library.
Unfortunately, it is not possible to give names to shared memory
(MAP_SHARED), because Linux MAP_SHARED really maps /dev/zero (see
shmem_zero_setup()), which makes madvise_vma_anon_name() believe this
is a file mapping, failing the prctl() with EBADF.
Remi Collet