From e419e9f84ca9957d08d8e898c718b9200fea04f1 Mon Sep 17 00:00:00 2001
From: Filip Navara <filip.navara@gmail.com>
Date: Fri, 29 Mar 2024 09:21:05 +0100
Subject: [PATCH 1/6] Add SAFESEH support to assembly files and ObjectWriter

---
 src/coreclr/nativeaot/Runtime/CMakeLists.txt  |  3 ++
 .../Compiler/ObjectWriter/CoffObjectWriter.cs | 29 ++++++++++++++-----
 2 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/src/coreclr/nativeaot/Runtime/CMakeLists.txt b/src/coreclr/nativeaot/Runtime/CMakeLists.txt
index 2d163ea27d78b..278faddd4dd78 100644
--- a/src/coreclr/nativeaot/Runtime/CMakeLists.txt
+++ b/src/coreclr/nativeaot/Runtime/CMakeLists.txt
@@ -264,6 +264,9 @@ if(CLR_CMAKE_TARGET_WIN32)
   if (CLR_CMAKE_TARGET_ARCH_AMD64)
     add_definitions(-DFEATURE_SPECIAL_USER_MODE_APC)
   endif()
+  if (CLR_CMAKE_HOST_ARCH_I386)
+    set_source_files_properties(${RUNTIME_SOURCES_ARCH_ASM} PROPERTIES COMPILE_FLAGS "/safeseh")
+  endif (CLR_CMAKE_HOST_ARCH_I386)
 else()
   if(NOT CLR_CMAKE_TARGET_APPLE)
     add_definitions(-DFEATURE_READONLY_GS_COOKIE)
diff --git a/src/coreclr/tools/aot/ILCompiler.Compiler/Compiler/ObjectWriter/CoffObjectWriter.cs b/src/coreclr/tools/aot/ILCompiler.Compiler/Compiler/ObjectWriter/CoffObjectWriter.cs
index 2f3a0c6cefe01..826dcc27d5f01 100644
--- a/src/coreclr/tools/aot/ILCompiler.Compiler/Compiler/ObjectWriter/CoffObjectWriter.cs
+++ b/src/coreclr/tools/aot/ILCompiler.Compiler/Compiler/ObjectWriter/CoffObjectWriter.cs
@@ -213,6 +213,8 @@ private protected override void EmitSymbolTable(
             IDictionary<string, SymbolDefinition> definedSymbols,
             SortedSet<string> undefinedSymbols)
         {
+            Feat00Flags feat00Flags = Feat00Flags.SafeSEH;
+
             foreach (var (symbolName, symbolDefinition) in definedSymbols)
             {
                 if (_symbolNameToIndex.TryGetValue(symbolName, out uint symbolIndex))
@@ -253,15 +255,17 @@ private protected override void EmitSymbolTable(
                     gfidsSectionWriter.WriteLittleEndian<uint>(_symbolNameToIndex[symbolName]);
                 }
 
-                // Emit the feat.00 symbol that controls various linker behaviors
-                _symbols.Add(new CoffSymbol
-                {
-                    Name = "@feat.00",
-                    StorageClass = CoffSymbolClass.IMAGE_SYM_CLASS_STATIC,
-                    SectionIndex = uint.MaxValue, // IMAGE_SYM_ABSOLUTE
-                    Value = 0x800, // cfGuardCF flags this object as control flow guard aware
-                });
+                feat00Flags |= Feat00Flags.ControlFlowGuard;
             }
+
+            // Emit the feat.00 symbol that controls various linker behaviors
+            _symbols.Add(new CoffSymbol
+            {
+                Name = "@feat.00",
+                StorageClass = CoffSymbolClass.IMAGE_SYM_CLASS_STATIC,
+                SectionIndex = uint.MaxValue, // IMAGE_SYM_ABSOLUTE
+                Value = (uint)feat00Flags,
+            });
         }
 
         private protected override void EmitRelocations(int sectionIndex, List<SymbolicRelocation> relocationList)
@@ -1118,5 +1122,14 @@ public static uint CalculateChecksum(Stream stream)
                 return crc;
             }
         }
+
+        private enum Feat00Flags : uint
+        {
+            SafeSEH = 1,
+            StackGuard = 0x100,
+            SoftwareDevelopmentLifecycle = 0x200,
+            ControlFlowGuard = 0x800,
+            ExceptionContinuationMetadata = 0x4000,
+        }
     }
 }

From 1858665ea03cfbab410500ecba277ea123895a01 Mon Sep 17 00:00:00 2001
From: Filip Navara <filip.navara@gmail.com>
Date: Fri, 29 Mar 2024 09:34:08 +0100
Subject: [PATCH 2/6] Specify SafeSEH only on x86, emit feat.00 symbol only if
 non-zero

---
 .../Compiler/ObjectWriter/CoffObjectWriter.cs | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/src/coreclr/tools/aot/ILCompiler.Compiler/Compiler/ObjectWriter/CoffObjectWriter.cs b/src/coreclr/tools/aot/ILCompiler.Compiler/Compiler/ObjectWriter/CoffObjectWriter.cs
index 826dcc27d5f01..f319eebfe6ce1 100644
--- a/src/coreclr/tools/aot/ILCompiler.Compiler/Compiler/ObjectWriter/CoffObjectWriter.cs
+++ b/src/coreclr/tools/aot/ILCompiler.Compiler/Compiler/ObjectWriter/CoffObjectWriter.cs
@@ -213,7 +213,7 @@ private protected override void EmitSymbolTable(
             IDictionary<string, SymbolDefinition> definedSymbols,
             SortedSet<string> undefinedSymbols)
         {
-            Feat00Flags feat00Flags = Feat00Flags.SafeSEH;
+            Feat00Flags feat00Flags = _machine is Machine.I386 ? Feat00Flags.SafeSEH : 0;
 
             foreach (var (symbolName, symbolDefinition) in definedSymbols)
             {
@@ -258,14 +258,17 @@ private protected override void EmitSymbolTable(
                 feat00Flags |= Feat00Flags.ControlFlowGuard;
             }
 
-            // Emit the feat.00 symbol that controls various linker behaviors
-            _symbols.Add(new CoffSymbol
+            if (feat00Flags != 0)
             {
-                Name = "@feat.00",
-                StorageClass = CoffSymbolClass.IMAGE_SYM_CLASS_STATIC,
-                SectionIndex = uint.MaxValue, // IMAGE_SYM_ABSOLUTE
-                Value = (uint)feat00Flags,
-            });
+                // Emit the feat.00 symbol that controls various linker behaviors
+                _symbols.Add(new CoffSymbol
+                {
+                    Name = "@feat.00",
+                    StorageClass = CoffSymbolClass.IMAGE_SYM_CLASS_STATIC,
+                    SectionIndex = uint.MaxValue, // IMAGE_SYM_ABSOLUTE
+                    Value = (uint)feat00Flags,
+                });
+            }
         }
 
         private protected override void EmitRelocations(int sectionIndex, List<SymbolicRelocation> relocationList)

From 724d5811eead5978a43ea6bed40072400d01baff Mon Sep 17 00:00:00 2001
From: Filip Navara <filip.navara@gmail.com>
Date: Fri, 29 Mar 2024 09:34:34 +0100
Subject: [PATCH 3/6] Use /SAFESEH flag for NativeAOT/x86

---
 .../BuildIntegration/Microsoft.NETCore.Native.Windows.targets    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/coreclr/nativeaot/BuildIntegration/Microsoft.NETCore.Native.Windows.targets b/src/coreclr/nativeaot/BuildIntegration/Microsoft.NETCore.Native.Windows.targets
index 49a0d7cf9e165..f9fb32ed669e7 100644
--- a/src/coreclr/nativeaot/BuildIntegration/Microsoft.NETCore.Native.Windows.targets
+++ b/src/coreclr/nativeaot/BuildIntegration/Microsoft.NETCore.Native.Windows.targets
@@ -95,6 +95,7 @@ The .NET Foundation licenses this file to you under the MIT license.
       <LinkerArg Condition="'$(OutputType)' == 'WinExe' or '$(OutputType)' == 'Exe'" Include="/ENTRY:$(EntryPointSymbol) /NOEXP /NOIMPLIB" />
       <LinkerArg Include="/NATVIS:&quot;$(MSBuildThisFileDirectory)NativeAOT.natvis&quot;" />
       <LinkerArg Condition="'$(ControlFlowGuard)' == 'Guard'" Include="/guard:cf" />
+      <LinkerArg Condition="'$(_targetArchitecture)' == 'x86'" Include="/safeseh" />
       <LinkerArg Condition="'$(OutputType)' == 'WinExe' or '$(OutputType)' == 'Exe'" Include="/STACK:$(IlcDefaultStackSize)" />
       <!-- Do not warn if someone declares UnmanagedCallersOnly with an entrypoint of 'DllGetClassObject' and similar -->
       <LinkerArg Include="/IGNORE:4104" />

From 296619cdbe67f5e4e84518da57e53f5f7d1a8101 Mon Sep 17 00:00:00 2001
From: Filip Navara <filip.navara@gmail.com>
Date: Fri, 29 Mar 2024 09:35:25 +0100
Subject: [PATCH 4/6] Fix cut & paste

---
 src/coreclr/nativeaot/Runtime/CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/coreclr/nativeaot/Runtime/CMakeLists.txt b/src/coreclr/nativeaot/Runtime/CMakeLists.txt
index 278faddd4dd78..b4d3cdb5b02c0 100644
--- a/src/coreclr/nativeaot/Runtime/CMakeLists.txt
+++ b/src/coreclr/nativeaot/Runtime/CMakeLists.txt
@@ -264,9 +264,9 @@ if(CLR_CMAKE_TARGET_WIN32)
   if (CLR_CMAKE_TARGET_ARCH_AMD64)
     add_definitions(-DFEATURE_SPECIAL_USER_MODE_APC)
   endif()
-  if (CLR_CMAKE_HOST_ARCH_I386)
+  if (CLR_CMAKE_TARGET_ARCH_I386)
     set_source_files_properties(${RUNTIME_SOURCES_ARCH_ASM} PROPERTIES COMPILE_FLAGS "/safeseh")
-  endif (CLR_CMAKE_HOST_ARCH_I386)
+  endif (CLR_CMAKE_TARGET_ARCH_I386)
 else()
   if(NOT CLR_CMAKE_TARGET_APPLE)
     add_definitions(-DFEATURE_READONLY_GS_COOKIE)

From 9be6c2198c82563a9aa8ac47465d9ec543091b80 Mon Sep 17 00:00:00 2001
From: Filip Navara <filip.navara@gmail.com>
Date: Fri, 29 Mar 2024 09:56:48 +0100
Subject: [PATCH 5/6] Fix Cmake logic

---
 src/coreclr/nativeaot/Runtime/CMakeLists.txt | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/coreclr/nativeaot/Runtime/CMakeLists.txt b/src/coreclr/nativeaot/Runtime/CMakeLists.txt
index b4d3cdb5b02c0..683ae22df4fa0 100644
--- a/src/coreclr/nativeaot/Runtime/CMakeLists.txt
+++ b/src/coreclr/nativeaot/Runtime/CMakeLists.txt
@@ -264,9 +264,6 @@ if(CLR_CMAKE_TARGET_WIN32)
   if (CLR_CMAKE_TARGET_ARCH_AMD64)
     add_definitions(-DFEATURE_SPECIAL_USER_MODE_APC)
   endif()
-  if (CLR_CMAKE_TARGET_ARCH_I386)
-    set_source_files_properties(${RUNTIME_SOURCES_ARCH_ASM} PROPERTIES COMPILE_FLAGS "/safeseh")
-  endif (CLR_CMAKE_TARGET_ARCH_I386)
 else()
   if(NOT CLR_CMAKE_TARGET_APPLE)
     add_definitions(-DFEATURE_READONLY_GS_COOKIE)
@@ -301,6 +298,10 @@ convert_to_absolute_path(RUNTIME_SOURCES_ARCH_ASM ${RUNTIME_SOURCES_ARCH_ASM})
 convert_to_absolute_path(VXSORT_SOURCES ${VXSORT_SOURCES})
 convert_to_absolute_path(DUMMY_VXSORT_SOURCES ${DUMMY_VXSORT_SOURCES})
 
+if (CLR_CMAKE_TARGET_WIN32 AND CLR_CMAKE_TARGET_ARCH_I386)
+  add_compile_options($<$<COMPILE_LANGUAGE:ASM_MASM>:/safeseh>)
+endif()
+
 if(NOT CLR_CMAKE_TARGET_ARCH_WASM)
   add_subdirectory(Full)
 else()

From 8ffe0424e79b9885f0c18dfae87c00d0f47e2294 Mon Sep 17 00:00:00 2001
From: Filip Navara <filip.navara@gmail.com>
Date: Fri, 29 Mar 2024 10:04:42 +0100
Subject: [PATCH 6/6] Minor cleanup

---
 src/coreclr/nativeaot/Runtime/CMakeLists.txt | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/coreclr/nativeaot/Runtime/CMakeLists.txt b/src/coreclr/nativeaot/Runtime/CMakeLists.txt
index 683ae22df4fa0..3d0dc1541af04 100644
--- a/src/coreclr/nativeaot/Runtime/CMakeLists.txt
+++ b/src/coreclr/nativeaot/Runtime/CMakeLists.txt
@@ -264,6 +264,9 @@ if(CLR_CMAKE_TARGET_WIN32)
   if (CLR_CMAKE_TARGET_ARCH_AMD64)
     add_definitions(-DFEATURE_SPECIAL_USER_MODE_APC)
   endif()
+  if (CLR_CMAKE_TARGET_ARCH_I386)
+    add_compile_options($<$<COMPILE_LANGUAGE:ASM_MASM>:/safeseh>)
+  endif()
 else()
   if(NOT CLR_CMAKE_TARGET_APPLE)
     add_definitions(-DFEATURE_READONLY_GS_COOKIE)
@@ -298,10 +301,6 @@ convert_to_absolute_path(RUNTIME_SOURCES_ARCH_ASM ${RUNTIME_SOURCES_ARCH_ASM})
 convert_to_absolute_path(VXSORT_SOURCES ${VXSORT_SOURCES})
 convert_to_absolute_path(DUMMY_VXSORT_SOURCES ${DUMMY_VXSORT_SOURCES})
 
-if (CLR_CMAKE_TARGET_WIN32 AND CLR_CMAKE_TARGET_ARCH_I386)
-  add_compile_options($<$<COMPILE_LANGUAGE:ASM_MASM>:/safeseh>)
-endif()
-
 if(NOT CLR_CMAKE_TARGET_ARCH_WASM)
   add_subdirectory(Full)
 else()