From patchwork Wed Dec  6 17:20:09 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hjl.tools@gmail.com>
X-Patchwork-Id: 1872909
Return-Path: <libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20230601 header.b=QB/LWqFG;
	dkim-atps=neutral
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org
 (client-ip=8.43.85.97; helo=server2.sourceware.org;
 envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org;
 receiver=patchwork.ozlabs.org)
Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4Slkjj6PpLz23nD
	for <incoming@patchwork.ozlabs.org>; Thu,  7 Dec 2023 04:22:17 +1100 (AEDT)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id C76A8384DEC0
	for <incoming@patchwork.ozlabs.org>; Wed,  6 Dec 2023 17:22:01 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from mail-pj1-x1029.google.com (mail-pj1-x1029.google.com
 [IPv6:2607:f8b0:4864:20::1029])
 by sourceware.org (Postfix) with ESMTPS id 1B65F3857B86
 for <libc-alpha@sourceware.org>; Wed,  6 Dec 2023 17:20:21 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 1B65F3857B86
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 1B65F3857B86
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::1029
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1701883231; cv=none;
 b=pZLr0SGfCL1C495ncOnlISw7wgToZLj1wRuQ+lICHGadwNV4SP7Eu5X9I+rUJzqeiXJ6rmD0K5p/c33Wc1n2RbTRcJxqehphEbRmwPmGvbyCeP8kcmauC+0V+XwcUJQOeMPUSi4KqPvyihWq/oYkmiqHb+unqfRgVwqwOIZSwiY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1701883231; c=relaxed/simple;
 bh=gR6QyUCQ5OMmT+W9sFsE9mMHpSS82h6yuYpb3Zra2wg=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=TEHWj2lTcok1qAbGQeqBs3BVYG97vMJN/4fPswIuBOUFxdvFcvYLq6ltG2on+fTuotKRGL7yA+IGbSeZskZm2P1i4GWrcTUaP4Wjz+a+r0Mo0KYG9QCKhADxxsO47U3s2cnunnSdY59oH4p+zYyuEjIwAjVQ09P7Js3gLIMNpXU=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by mail-pj1-x1029.google.com with SMTP id
 98e67ed59e1d1-2865742e256so55179a91.0
 for <libc-alpha@sourceware.org>; Wed, 06 Dec 2023 09:20:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1701883220; x=1702488020; darn=sourceware.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:from:to:cc:subject:date
 :message-id:reply-to;
 bh=02wFt/hupQSOa0L6pMUGdQzAi2lHuhmlk5WjJ8O6HvU=;
 b=QB/LWqFGHFp6OnXal188yPCR1fAA6UJXUD4+op1fecj/AavC9fY12b5hDFNAWXjITx
 Y0S12u/TLv+Cvfw1BJZys3aARTKmENos541L3r3szAtibwT+/KyrJv/NQGVhBeTs8m+a
 B+mhhRgw3pQOF489J+goyP8cpSPPyuNxLgoJcEQuSg2chHccUZpWq2JNv9MOVPaX1sso
 dp2VNsYLyh5lelTkgYi4hIAqKMJuQEGKpSuW7/I3T6ugy78Xi2fk28p2iEB5iL9ayTln
 mAvMI9UoX4MiO/OEP1w4OZzoQZz0NhzwwQa1DIti2qi4MoM1Sr7qAlJaB4PcUAZgwpfi
 IFQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1701883220; x=1702488020;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=02wFt/hupQSOa0L6pMUGdQzAi2lHuhmlk5WjJ8O6HvU=;
 b=jOvO21qPJYPKnyCLN9nVAH5KhNf8EcbS7YjOBc184Mgm2IhW2PeDVYOhgQYskoMLmr
 dTb+dxm62cr6+LeuWYNvbMcG70Jl7lvpD8AgoA98TxCgiKpYV87BVLw9WPq8oAYDvk75
 FpQB2BFbhOSkBBOYxixiYK4IzBd2lNQE3Tb4qg4GUwpbqhdwPLfXQbRla9AfH3OdwPMO
 +/s0wh3HSJ2yXzY127o34SC+1ELpg2SLC6zuZgvm5vkOVct0t3669mB/KCHPBUTyWBsx
 Pt+JFXSe4XwfXJtoFFLgyPuQpGNix53YmtX9EChnpagDUJu2L0dRL06scSifxv2wJ890
 bunw==
X-Gm-Message-State: AOJu0YzQU+CWjH6GMEJ8sibTzjSw53VZ9wKc5YyXs7Y6/VBI8vi7c+Tb
 BWayru9NyKng8kqQ1r610Igr//VJut0=
X-Google-Smtp-Source: 
 AGHT+IHv7o/sb5wsLAJpfL6g5Kl1luFouIz41qUYzfZqRDI6s6qaTFH7kg6tHLeBTbSr1xHk5UHI+Q==
X-Received: by 2002:a17:90a:d44f:b0:286:9ff9:ab9a with SMTP id
 cz15-20020a17090ad44f00b002869ff9ab9amr898995pjb.66.1701883220070;
 Wed, 06 Dec 2023 09:20:20 -0800 (PST)
Received: from gnu-cfl-3.localdomain ([172.59.161.253])
 by smtp.gmail.com with ESMTPSA id
 g14-20020a17090a300e00b002802a080d1dsm82842pjb.16.2023.12.06.09.20.16
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 06 Dec 2023 09:20:19 -0800 (PST)
Received: from gnu-cfl-3.. (localhost [IPv6:::1])
 by gnu-cfl-3.localdomain (Postfix) with ESMTP id 1D574740639;
 Wed,  6 Dec 2023 09:20:11 -0800 (PST)
From: "H.J. Lu" <hjl.tools@gmail.com>
To: libc-alpha@sourceware.org
Cc: rick.p.edgecombe@intel.com
Subject: [PATCH 16/17] x86/cet: Don't set CET active by default
Date: Wed,  6 Dec 2023 09:20:09 -0800
Message-ID: <20231206172010.1023415-17-hjl.tools@gmail.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20231206172010.1023415-1-hjl.tools@gmail.com>
References: <20231206172010.1023415-1-hjl.tools@gmail.com>
MIME-Version: 1.0
X-Spam-Status: No, score=-3025.1 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org

Not all CET enabled applications and libraries have been properly tested
in CET enabled environments.  Some CET enabled applications or libraries
will crash or misbehave when CET is enabled.  Don't set CET active by
default so that all applications and libraries will run normally regardless
of whether CET is active or not.  Shadow stack can be enabled by

$ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK

at run-time if shadow stack can be enabled by kernel.

NB: This commit can be reverted if it is OK to enable CET by default for
all applications and libraries.
---
 sysdeps/x86/cpu-features.c |  2 +-
 sysdeps/x86/cpu-tunables.c | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
index 097868c1d9..80a07ac589 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
@@ -110,7 +110,7 @@ update_active (struct cpu_features *cpu_features)
   if (!CPU_FEATURES_CPU_P (cpu_features, RTM_ALWAYS_ABORT))
     CPU_FEATURE_SET_ACTIVE (cpu_features, RTM);
 
-#if CET_ENABLED
+#if CET_ENABLED && 0
   CPU_FEATURE_SET_ACTIVE (cpu_features, IBT);
   CPU_FEATURE_SET_ACTIVE (cpu_features, SHSTK);
 #endif
diff --git a/sysdeps/x86/cpu-tunables.c b/sysdeps/x86/cpu-tunables.c
index 5697885226..8f4f25efb0 100644
--- a/sysdeps/x86/cpu-tunables.c
+++ b/sysdeps/x86/cpu-tunables.c
@@ -34,6 +34,18 @@
       break;								\
     }
 
+#define CHECK_GLIBC_IFUNC_CPU_BOTH(f, cpu_features, name,		\
+				   disable, len)			\
+  _Static_assert (sizeof (#name) - 1 == len, #name " != " #len);	\
+  if (memcmp (f, #name, len) == 0)					\
+    {									\
+      if (disable)							\
+	CPU_FEATURE_UNSET (cpu_features, name)				\
+      else								\
+	CPU_FEATURE_SET_ACTIVE (cpu_features, name)			\
+      break;								\
+    }
+
 /* Disable a preferred feature NAME.  We don't enable a preferred feature
    which isn't available.  */
 #define CHECK_GLIBC_IFUNC_PREFERRED_OFF(f, cpu_features, name, len)	\
@@ -149,11 +161,14 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp)
 	    }
 	  break;
 	case 5:
+	  {
+	    CHECK_GLIBC_IFUNC_CPU_BOTH (n, cpu_features, SHSTK, disable,
+					5);
+	  }
 	  if (disable)
 	    {
 	      CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, LZCNT, 5);
 	      CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, MOVBE, 5);
-	      CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SHSTK, 5);
 	      CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SSSE3, 5);
 	      CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, XSAVE, 5);
 	    }