[NativeAOT/x86] Add SAFESEH support to assembly files and ObjectWriter (

#100433) * Add SAFESEH support to assembly files and ObjectWriter * Specify SafeSEH only on x86, emit feat.00 symbol only if non-zero * Use /SAFESEH flag for NativeAOT/x86 * Minor cleanup
dotnet · Mar 29, 2024 · 34d13b2 · 34d13b2
1 parent 7486be8
commit 34d13b2
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 1 deletion.
diff --git a/src/coreclr/nativeaot/BuildIntegration/Microsoft.NETCore.Native.Windows.targets b/src/coreclr/nativeaot/BuildIntegration/Microsoft.NETCore.Native.Windows.targets
@@ -95,6 +95,7 @@ The .NET Foundation licenses this file to you under the MIT license.
       <LinkerArg Condition="'$(OutputType)' == 'WinExe' or '$(OutputType)' == 'Exe'" Include="/ENTRY:$(EntryPointSymbol) /NOEXP /NOIMPLIB" />
       <LinkerArg Include="/NATVIS:&quot;$(MSBuildThisFileDirectory)NativeAOT.natvis&quot;" />
       <LinkerArg Condition="'$(ControlFlowGuard)' == 'Guard'" Include="/guard:cf" />
+      <LinkerArg Condition="'$(_targetArchitecture)' == 'x86'" Include="/safeseh" />
       <LinkerArg Condition="'$(OutputType)' == 'WinExe' or '$(OutputType)' == 'Exe'" Include="/STACK:$(IlcDefaultStackSize)" />
       <!-- Do not warn if someone declares UnmanagedCallersOnly with an entrypoint of 'DllGetClassObject' and similar -->
       <LinkerArg Include="/IGNORE:4104" />

diff --git a/src/coreclr/nativeaot/Runtime/CMakeLists.txt b/src/coreclr/nativeaot/Runtime/CMakeLists.txt
@@ -264,6 +264,9 @@ if(CLR_CMAKE_TARGET_WIN32)
   if (CLR_CMAKE_TARGET_ARCH_AMD64)
     add_definitions(-DFEATURE_SPECIAL_USER_MODE_APC)
   endif()
+  if (CLR_CMAKE_TARGET_ARCH_I386)
+    add_compile_options($<$<COMPILE_LANGUAGE:ASM_MASM>:/safeseh>)
+  endif()
 else()
   if(NOT CLR_CMAKE_TARGET_APPLE)
     add_definitions(-DFEATURE_READONLY_GS_COOKIE)

diff --git a/src/coreclr/tools/aot/ILCompiler.Compiler/Compiler/ObjectWriter/CoffObjectWriter.cs b/src/coreclr/tools/aot/ILCompiler.Compiler/Compiler/ObjectWriter/CoffObjectWriter.cs
@@ -213,6 +213,8 @@ private protected override void EmitSymbolTable(
             IDictionary<string, SymbolDefinition> definedSymbols,
             SortedSet<string> undefinedSymbols)
         {
+            Feat00Flags feat00Flags = _machine is Machine.I386 ? Feat00Flags.SafeSEH : 0;
+
             foreach (var (symbolName, symbolDefinition) in definedSymbols)
             {
                 if (_symbolNameToIndex.TryGetValue(symbolName, out uint symbolIndex))
@@ -253,13 +255,18 @@ private protected override void EmitSymbolTable(
                     gfidsSectionWriter.WriteLittleEndian<uint>(_symbolNameToIndex[symbolName]);
                 }
 
+                feat00Flags |= Feat00Flags.ControlFlowGuard;
+            }
+
+            if (feat00Flags != 0)
+            {
                 // Emit the feat.00 symbol that controls various linker behaviors
                 _symbols.Add(new CoffSymbol
                 {
                     Name = "@feat.00",
                     StorageClass = CoffSymbolClass.IMAGE_SYM_CLASS_STATIC,
                     SectionIndex = uint.MaxValue, // IMAGE_SYM_ABSOLUTE
-                    Value = 0x800, // cfGuardCF flags this object as control flow guard aware
+                    Value = (uint)feat00Flags,
                 });
             }
         }
@@ -1118,5 +1125,14 @@ public static uint CalculateChecksum(Stream stream)
                 return crc;
             }
         }
+
+        private enum Feat00Flags : uint
+        {
+            SafeSEH = 1,
+            StackGuard = 0x100,
+            SoftwareDevelopmentLifecycle = 0x200,
+            ControlFlowGuard = 0x800,
+            ExceptionContinuationMetadata = 0x4000,
+        }
     }
 }