| Message ID | 20231222165830.2100438-5-hjl.tools@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | x86/cet: Update CET kernel interface | expand |
On 22/12/23 13:58, H.J. Lu wrote: > Initially, IBT and SHSTK are marked as active when CPU supports them > and CET are enabled in glibc. They can be disabled early by tunables > before relocation. Since after relocation, GLRO(dl_x86_cpu_features) > becomes read-only, we can't update GLRO(dl_x86_cpu_features) to mark > IBT and SHSTK as inactive. Instead, check the feature_1 field in TCB > to decide if IBT and SHST are active. > --- > sysdeps/x86/bits/platform/x86.h | 8 ++++++++ > sysdeps/x86/get-cpuid-feature-leaf.c | 11 ++++++++++- > sysdeps/x86/sys/platform/x86.h | 17 +++++++++++++++++ > 3 files changed, 35 insertions(+), 1 deletion(-) > > diff --git a/sysdeps/x86/bits/platform/x86.h b/sysdeps/x86/bits/platform/x86.h > index 1e23d53ba2..1575ae53fb 100644 > --- a/sysdeps/x86/bits/platform/x86.h > +++ b/sysdeps/x86/bits/platform/x86.h > @@ -337,3 +337,11 @@ enum > x86_cpu_AVX10_YMM = x86_cpu_index_24_ecx_0_ebx + 17, > x86_cpu_AVX10_ZMM = x86_cpu_index_24_ecx_0_ebx + 18, > }; > + > +/* Bits in the feature_1 field in TCB. */ > + > +enum > +{ > + x86_feature_1_ibt = 1U << 0, > + x86_feature_1_shstk = 1U << 1 > +}; > diff --git a/sysdeps/x86/get-cpuid-feature-leaf.c b/sysdeps/x86/get-cpuid-feature-leaf.c > index 9317a6b494..f69936b31e 100644 > --- a/sysdeps/x86/get-cpuid-feature-leaf.c > +++ b/sysdeps/x86/get-cpuid-feature-leaf.c > @@ -15,9 +15,18 @@ > License along with the GNU C Library; if not, see > <https://www.gnu.org/licenses/>. */ > > - > +#include <assert.h> > +#include <tcb-offsets.h> > #include <ldsodefs.h> > > +#ifdef __x86_64__ > +# ifdef __LP64__ > +_Static_assert (FEATURE_1_OFFSET == 72, "FEATURE_1_OFFSET != 72"); > +# else > +_Static_assert (FEATURE_1_OFFSET == 40, "FEATURE_1_OFFSET != 40"); > +# endif > +#endif > + > const struct cpuid_feature * > __x86_get_cpuid_feature_leaf (unsigned int leaf) > { > diff --git a/sysdeps/x86/sys/platform/x86.h b/sysdeps/x86/sys/platform/x86.h > index 1ea2c5fc0b..89b1b16f22 100644 > --- a/sysdeps/x86/sys/platform/x86.h > +++ b/sysdeps/x86/sys/platform/x86.h > @@ -45,6 +45,23 @@ x86_cpu_present (unsigned int __index) > static __inline__ _Bool > x86_cpu_active (unsigned int __index) > { > + if (__index == x86_cpu_IBT || __index == x86_cpu_SHSTK) > + { > +#ifdef __x86_64__ > + unsigned int __feature_1; > +# ifdef __LP64__ > + __asm__ ("mov %%fs:72, %0" : "=r" (__feature_1)); > +# else > + __asm__ ("mov %%fs:40, %0" : "=r" (__feature_1)); > +# endif > + if (__index == x86_cpu_IBT) > + return __feature_1 & x86_feature_1_ibt; > + else > + return __feature_1 & x86_feature_1_shstk; So I take that shadow stack is fully supported on x32, right? > +#else > + return false; > +#endif > + } > const struct cpuid_feature *__ptr = __x86_get_cpuid_feature_leaf > (__index / (8 * sizeof (unsigned int) * 4)); > unsigned int __reg
On Fri, Dec 29, 2023 at 6:59 AM Adhemerval Zanella Netto <adhemerval.zanella@linaro.org> wrote: > > > > On 22/12/23 13:58, H.J. Lu wrote: > > Initially, IBT and SHSTK are marked as active when CPU supports them > > and CET are enabled in glibc. They can be disabled early by tunables > > before relocation. Since after relocation, GLRO(dl_x86_cpu_features) > > becomes read-only, we can't update GLRO(dl_x86_cpu_features) to mark > > IBT and SHSTK as inactive. Instead, check the feature_1 field in TCB > > to decide if IBT and SHST are active. > > --- > > sysdeps/x86/bits/platform/x86.h | 8 ++++++++ > > sysdeps/x86/get-cpuid-feature-leaf.c | 11 ++++++++++- > > sysdeps/x86/sys/platform/x86.h | 17 +++++++++++++++++ > > 3 files changed, 35 insertions(+), 1 deletion(-) > > > > diff --git a/sysdeps/x86/bits/platform/x86.h b/sysdeps/x86/bits/platform/x86.h > > index 1e23d53ba2..1575ae53fb 100644 > > --- a/sysdeps/x86/bits/platform/x86.h > > +++ b/sysdeps/x86/bits/platform/x86.h > > @@ -337,3 +337,11 @@ enum > > x86_cpu_AVX10_YMM = x86_cpu_index_24_ecx_0_ebx + 17, > > x86_cpu_AVX10_ZMM = x86_cpu_index_24_ecx_0_ebx + 18, > > }; > > + > > +/* Bits in the feature_1 field in TCB. */ > > + > > +enum > > +{ > > + x86_feature_1_ibt = 1U << 0, > > + x86_feature_1_shstk = 1U << 1 > > +}; > > diff --git a/sysdeps/x86/get-cpuid-feature-leaf.c b/sysdeps/x86/get-cpuid-feature-leaf.c > > index 9317a6b494..f69936b31e 100644 > > --- a/sysdeps/x86/get-cpuid-feature-leaf.c > > +++ b/sysdeps/x86/get-cpuid-feature-leaf.c > > @@ -15,9 +15,18 @@ > > License along with the GNU C Library; if not, see > > <https://www.gnu.org/licenses/>. */ > > > > - > > +#include <assert.h> > > +#include <tcb-offsets.h> > > #include <ldsodefs.h> > > > > +#ifdef __x86_64__ > > +# ifdef __LP64__ > > +_Static_assert (FEATURE_1_OFFSET == 72, "FEATURE_1_OFFSET != 72"); > > +# else > > +_Static_assert (FEATURE_1_OFFSET == 40, "FEATURE_1_OFFSET != 40"); > > +# endif > > +#endif > > + > > const struct cpuid_feature * > > __x86_get_cpuid_feature_leaf (unsigned int leaf) > > { > > diff --git a/sysdeps/x86/sys/platform/x86.h b/sysdeps/x86/sys/platform/x86.h > > index 1ea2c5fc0b..89b1b16f22 100644 > > --- a/sysdeps/x86/sys/platform/x86.h > > +++ b/sysdeps/x86/sys/platform/x86.h > > @@ -45,6 +45,23 @@ x86_cpu_present (unsigned int __index) > > static __inline__ _Bool > > x86_cpu_active (unsigned int __index) > > { > > + if (__index == x86_cpu_IBT || __index == x86_cpu_SHSTK) > > + { > > +#ifdef __x86_64__ > > + unsigned int __feature_1; > > +# ifdef __LP64__ > > + __asm__ ("mov %%fs:72, %0" : "=r" (__feature_1)); > > +# else > > + __asm__ ("mov %%fs:40, %0" : "=r" (__feature_1)); > > +# endif > > + if (__index == x86_cpu_IBT) > > + return __feature_1 & x86_feature_1_ibt; > > + else > > + return __feature_1 & x86_feature_1_shstk; > > So I take that shadow stack is fully supported on x32, right? Not yet. I have additional kernel and glibc patches to enable shadow stack on x32. I will submit them after shadow stack is enabled in glibc. > > +#else > > + return false; > > +#endif > > + } > > const struct cpuid_feature *__ptr = __x86_get_cpuid_feature_leaf > > (__index / (8 * sizeof (unsigned int) * 4)); > > unsigned int __reg Thanks.
diff --git a/sysdeps/x86/bits/platform/x86.h b/sysdeps/x86/bits/platform/x86.h index 1e23d53ba2..1575ae53fb 100644 --- a/sysdeps/x86/bits/platform/x86.h +++ b/sysdeps/x86/bits/platform/x86.h @@ -337,3 +337,11 @@ enum x86_cpu_AVX10_YMM = x86_cpu_index_24_ecx_0_ebx + 17, x86_cpu_AVX10_ZMM = x86_cpu_index_24_ecx_0_ebx + 18, }; + +/* Bits in the feature_1 field in TCB. */ + +enum +{ + x86_feature_1_ibt = 1U << 0, + x86_feature_1_shstk = 1U << 1 +}; diff --git a/sysdeps/x86/get-cpuid-feature-leaf.c b/sysdeps/x86/get-cpuid-feature-leaf.c index 9317a6b494..f69936b31e 100644 --- a/sysdeps/x86/get-cpuid-feature-leaf.c +++ b/sysdeps/x86/get-cpuid-feature-leaf.c @@ -15,9 +15,18 @@ License along with the GNU C Library; if not, see <https://www.gnu.org/licenses/>. */ - +#include <assert.h> +#include <tcb-offsets.h> #include <ldsodefs.h> +#ifdef __x86_64__ +# ifdef __LP64__ +_Static_assert (FEATURE_1_OFFSET == 72, "FEATURE_1_OFFSET != 72"); +# else +_Static_assert (FEATURE_1_OFFSET == 40, "FEATURE_1_OFFSET != 40"); +# endif +#endif + const struct cpuid_feature * __x86_get_cpuid_feature_leaf (unsigned int leaf) { diff --git a/sysdeps/x86/sys/platform/x86.h b/sysdeps/x86/sys/platform/x86.h index 1ea2c5fc0b..89b1b16f22 100644 --- a/sysdeps/x86/sys/platform/x86.h +++ b/sysdeps/x86/sys/platform/x86.h @@ -45,6 +45,23 @@ x86_cpu_present (unsigned int __index) static __inline__ _Bool x86_cpu_active (unsigned int __index) { + if (__index == x86_cpu_IBT || __index == x86_cpu_SHSTK) + { +#ifdef __x86_64__ + unsigned int __feature_1; +# ifdef __LP64__ + __asm__ ("mov %%fs:72, %0" : "=r" (__feature_1)); +# else + __asm__ ("mov %%fs:40, %0" : "=r" (__feature_1)); +# endif + if (__index == x86_cpu_IBT) + return __feature_1 & x86_feature_1_ibt; + else + return __feature_1 & x86_feature_1_shstk; +#else + return false; +#endif + } const struct cpuid_feature *__ptr = __x86_get_cpuid_feature_leaf (__index / (8 * sizeof (unsigned int) * 4)); unsigned int __reg