sgx_unwind/build.rs

// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements.  See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership.  The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License.  You may obtain a copy of the License at
//
//   http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied.  See the License for the
// specific language governing permissions and limitations
// under the License..

extern crate sgx_build_helper as build_helper;

use build_helper::{native_lib_boilerplate, run};
use std::env;
use std::process::Command;
use std::thread;

fn main() {
    println!("cargo:rerun-if-changed=build.rs");
    let target = env::var("TARGET").expect("TARGET was not set");
    let host = env::var("HOST").expect("HOST was not set");

    let _ = build_libunwind(&host, &target);
}

fn build_libunwind(host: &str, target: &str) -> Result<(), ()> {
    let filter = vec![
        "m4",
        "config",
        "autom4te.cache",
        "Makefile.in",
        "config.h.in",
        "config.h.in~",
        "configure",
        "aclocal.m4",
        "INSTALL",
    ];
    let native = native_lib_boilerplate(
        "sgx_unwind/libunwind",
        "libunwind",
        "unwind",
        "src/.libs",
        &filter,
    )?;

    let mut cflags = String::new();
    cflags += " -fstack-protector -ffreestanding -nostdinc -fvisibility=hidden -fpie -fno-strict-overflow -fno-delete-null-pointer-checks";
    cflags += " -O2";

    let mitigation_cflags = " -mindirect-branch-register -mfunction-return=thunk-extern";
    let mitigation_asflags = " -fno-plt";
    let mitigation_loadflags =
        " -Wa,-mlfence-after-load=yes -Wa,-mlfence-before-indirect-branch=memory";
    let mitigation_cfflags = " -Wa,-mlfence-before-indirect-branch=all";
    let mitigation_retflags = " -Wa,-mlfence-before-ret=shl";
    let mitigation = env::var("MITIGATION_CVE_2020_0551").unwrap_or_default();
    match mitigation.as_ref() {
        "LOAD" => {
            cflags += mitigation_cflags;
            cflags += mitigation_asflags;
            cflags += mitigation_loadflags;
            cflags += mitigation_retflags;
        }
        "CF" => {
            cflags += mitigation_cflags;
            cflags += mitigation_asflags;
            cflags += mitigation_cfflags;
            cflags += mitigation_retflags;
        }
        _ => {}
    }

    run(Command::new("sh")
        .current_dir(&native.out_dir)
        .arg(native.src_dir.join("autogen.sh").to_str().unwrap())
        .arg(format!("--host={}", build_helper::gnu_target(target)))
        .arg(format!("--build={}", build_helper::gnu_target(host)))
        .env("CFLAGS", cflags));

    run(Command::new(build_helper::make(host))
        .current_dir(&native.out_dir)
        .arg(format!("INCDIR={}", native.src_dir.display()))
        .arg(format!(
            "-j{}",
            thread::available_parallelism()
                .map(|n| n.get())
                .unwrap_or(5)
        )));
    Ok(())
}