From patchwork Fri Dec 29 16:43:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "H.J. Lu" X-Patchwork-Id: 1881105 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=KAnWOQFT; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=8.43.85.97; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4T1rnb24XLz23dD for ; Sat, 30 Dec 2023 03:44:35 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 311DD385828F for ; Fri, 29 Dec 2023 16:44:33 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pj1-x1035.google.com (mail-pj1-x1035.google.com [IPv6:2607:f8b0:4864:20::1035]) by sourceware.org (Postfix) with ESMTPS id 35FB53858CD1 for ; Fri, 29 Dec 2023 16:43:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 35FB53858CD1 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 35FB53858CD1 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::1035 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703868242; cv=none; b=H/UUk8nHlJX71t++F+UeL5tR09yTJHrtEu5RfPxb8gKgYggUSeCXv0bMiGVYBqu2eSlDolK0M98mtIsFYu4+axzWYtzG9PoLrKUhQlRsMByWL8tcrVkCGVmv+KqQDH77SeT1SXF9BlepCqTq7Ekv2ehhr1LrcfR1QPA1nxa332M= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703868242; c=relaxed/simple; bh=yZ0R7xFvDviPkPSDQ5Tkk3LGk8G5w2BiAUcuZzf/X8Y=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=Gqyktq1NwTKEkBIqf5boDFsmgyvlaN/XJbfkNEPzngeIojNLGAdFMzn03EcNB6XdUK8mp2bCcueAgMf/PcRlBz9eQr/rEOENcsBQjEnXDtv0rpOo79Zx0IVU5TYM/wLLoRMrzl77pXGpVGoBfKX5x88ia6sHNaqM4D3bufbYiaA= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pj1-x1035.google.com with SMTP id 98e67ed59e1d1-28ca8a37adeso997067a91.3 for ; Fri, 29 Dec 2023 08:43:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703868238; x=1704473038; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=Sua1F/HGHs4YxMoiLtRd4t+wBmv/hoJTA3EpEsoXN4s=; b=KAnWOQFTwNnn+/KI3zB0jRNBSiLBvAof/RZW/ehNDGQISadLv9NYza4KXox2v3T07q BJxbqZAzpet7kBe3141VOQzs7wlcVIjPBfL3IGUnYC3H0+yRYmTqetU+Qm+nbtFR3LaP pJmZ6ebKR0OVFBF5Vpm9xwDuI9C4yeGvnVfN0qDwDIdBrKIHOmf/bFR1vI/d8udP2m/H +Hb9BuP0NAn/MxNYGpWm2xyDfRpDZCdGjO3b0aOhI9Kd1UmEGjAf7VEvW4EoGeZY4zfA MXuzXGEi8QDNzPHY48ixb+1UqJIyWYuMfil7gtnlabk1c3IQmz+TXnqfUJsR8Tw1iq80 Amxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703868238; x=1704473038; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Sua1F/HGHs4YxMoiLtRd4t+wBmv/hoJTA3EpEsoXN4s=; b=tBB20Uo7IGRPFsatWFR2ZEdgL+2Bw3NLLG2SgxJWfQDSMtr87aEd7cOhDCmkK5/Znv EUja1897OUTtlORELwjUDbkacLSBdkxcXAOc3wJtzeu2kqrpujPwbJrItfwYVJJLkQOj 6D9VvsePzpuGx81BDFr0jIXJMFJFTXeRt0qKhTntFnprtyXqtDax2RctE2Gh4kkWgieD DKRBb5I6isPSdKRXalPQn5DjHyNRfrW3ex1UbqEDfwmY3/klEgsQQl5M8I3AiDArK/VV emVfYCNy9D2wj5rDB9RiMqMPpddXqf0VyQPvZp0UuvRCFe5NYWR5hbyMF/ujBEEsbKDt fHFw== X-Gm-Message-State: AOJu0YxAFRoT/5o3OtCFu6FA7yb+dOiTRKMAwETnQO9jPTHw0FN0bBFE TB6T5XN3jgSdWQwQt90fQso= X-Google-Smtp-Source: AGHT+IH7OpzEHzADLpB3sGgcp+axTf62RZZmmt6ScIujUf3QdaAqIqOMJdD/qvENu3OqnjdSh6CxgA== X-Received: by 2002:a17:90a:b294:b0:28c:30e1:41df with SMTP id c20-20020a17090ab29400b0028c30e141dfmr4861380pjr.22.1703868238237; Fri, 29 Dec 2023 08:43:58 -0800 (PST) Received: from gnu-cfl-3.localdomain ([172.56.169.119]) by smtp.gmail.com with ESMTPSA id sr5-20020a17090b4e8500b0028afd8b1e0bsm16063127pjb.57.2023.12.29.08.43.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Dec 2023 08:43:56 -0800 (PST) Received: from gnu-cfl-3.. (localhost [IPv6:::1]) by gnu-cfl-3.localdomain (Postfix) with ESMTP id 1059E740257; Fri, 29 Dec 2023 08:43:55 -0800 (PST) From: "H.J. Lu" To: libc-alpha@sourceware.org Cc: rick.p.edgecombe@intel.com, goldstein.w.n@gmail.com Subject: [PATCH v6 0/6] x86/cet: Update CET kernel interface Date: Fri, 29 Dec 2023 08:43:48 -0800 Message-ID: <20231229164354.182594-1-hjl.tools@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-Spam-Status: No, score=-3018.5 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org If there are no objections, I will check in this patch series next week. H.J. --- Changes in v6. 1. Rebase. 2. Formatting changes. 3. Misc changes. Changes in v5. 1. Rebase. 2. Move allocate-shadow-stack.[ch] to sysdeps/unix/sysv/linux/x86_64. Changes in v4. 1. Rebase. 2. Remove 3 patches which have been checked into master branch. Changes in v3: 1. Remove 7 test patches which have been checked into master branch. Changes in v2: 1. Add add extra 20 stack frames in shadow stack for signal handlers when allocating shadow stack for ucontexts. 2. Remove the "x86: Check PT_GNU_PROPERTY early" patch which has been checked into master branch. Linux kernel 6.6 added SHSTK support for x86-64. This patch set updates CET kernel interface to Linux kernel 6.6. The main difference from the current glibc assumption is that SHSTK is enabled by glibc, instead of kernel. Glibc enables SHSTK after verifying that the application and all dependency libraries are CET enabled. SHSTK can only be enabled in a function which will never return. Otherwise, shadow stack will underflow at the function return. Not all CET enabled applications and libraries have been properly tested in CET enabled environments. Some CET enabled applications or libraries will crash or misbehave when CET is enabled. Don't set CET active by default so that all applications and libraries will run normally regardless of whether CET is active or not. Shadow stack can be enabled by $ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK at run-time if shadow stack can be enabled by kernel. Since only x86-64 is supported, i386 shadow stack codes are unchanged and CET shouldn't be enabled for i386. NB: This change can be reverted if it is OK to enable CET by default for all applications and libraries. Tested on Intel Tiger Lake under Linux kernel 6.6.7. *** BLURB HERE *** H.J. Lu (6): x86/cet: Sync with Linux kernel 6.6 shadow stack interface elf: Always provide _dl_get_dl_main_map in libc.a x86/cet: Enable shadow stack during startup x86/cet: Check feature_1 in TCB for active IBT and SHSTK x86/cet: Don't set CET active by default x86/cet: Run some CET tests with shadow stack elf/dl-support.c | 2 - sysdeps/generic/ldsodefs.h | 7 +- sysdeps/unix/sysv/linux/x86/bits/mman.h | 5 ++ sysdeps/unix/sysv/linux/x86/dl-cet.h | 43 +++++++++-- .../unix/sysv/linux/x86/include/asm/prctl.h | 37 ++++----- .../sysv/linux/x86/tst-cet-setcontext-1.c | 17 ++--- sysdeps/unix/sysv/linux/x86_64/Makefile | 2 +- .../unix/sysv/linux/x86_64/__start_context.S | 38 ++-------- .../sysv/linux/x86_64/allocate-shadow-stack.c | 55 ++++++++++++++ .../allocate-shadow-stack.h} | 32 ++------ sysdeps/unix/sysv/linux/x86_64/dl-cet.h | 47 ++++++++++++ sysdeps/unix/sysv/linux/x86_64/getcontext.S | 30 ++------ sysdeps/unix/sysv/linux/x86_64/makecontext.c | 28 +++---- sysdeps/unix/sysv/linux/x86_64/swapcontext.S | 22 +----- sysdeps/x86/Makefile | 14 ++++ sysdeps/x86/bits/platform/x86.h | 8 ++ sysdeps/x86/cpu-features-offsets.sym | 1 + sysdeps/x86/cpu-features.c | 48 +----------- sysdeps/x86/cpu-tunables.c | 15 +++- sysdeps/x86/dl-cet.c | 76 +++++++++---------- sysdeps/x86/get-cpuid-feature-leaf.c | 13 +++- sysdeps/x86/include/cpu-features.h | 3 + sysdeps/x86/libc-start.h | 53 ++++++++++++- sysdeps/x86/sys/platform/x86.h | 17 +++++ sysdeps/x86/tst-shstk-legacy-1e-static.sh | 1 + sysdeps/x86/tst-shstk-legacy-1e.sh | 1 + sysdeps/x86/tst-shstk-legacy-1g.sh | 1 + sysdeps/x86_64/dl-machine.h | 12 ++- sysdeps/x86_64/nptl/tls.h | 2 +- 29 files changed, 380 insertions(+), 250 deletions(-) create mode 100644 sysdeps/unix/sysv/linux/x86_64/allocate-shadow-stack.c rename sysdeps/unix/sysv/linux/{x86/cpu-features.c => x86_64/allocate-shadow-stack.h} (53%) create mode 100644 sysdeps/unix/sysv/linux/x86_64/dl-cet.h