From patchwork Fri Dec 22 16:58:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "H.J. Lu" X-Patchwork-Id: 1879729 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=B5ZH9Oim; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SxYT80l5sz1ydZ for ; Sat, 23 Dec 2023 04:00:28 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 04655385828D for ; Fri, 22 Dec 2023 17:00:26 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) by sourceware.org (Postfix) with ESMTPS id EE5D53858285 for ; Fri, 22 Dec 2023 16:58:34 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org EE5D53858285 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org EE5D53858285 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::633 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703264317; cv=none; b=mGCQiYllFeNwJl5dR8VhCT3FGrk6y8dYrDbzsIPGn2KFillBDzU00bSNhgMUF/yAsEUAe/PQAPpXwNtouHcc3MS1zLJyZemPd9VcJKgL+IN9Mge7MJ5YOQn7oC/hGoMMKdwnOSh2jiR6rACyBOdFJ2pZh6uuwgL2T5ZKBE0/7pk= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703264317; c=relaxed/simple; bh=DooYOSIHQIq5qCdKnYcbhU/Vs0fUQCQPQPdS2ejcN5w=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=VIcgReiaIFZH4hLnUstt4DgS9HmYPT7PreSkVibDpQDaywmHb7SxKERkKkhrKqRmDixgy/aT/ifKObBXND10iReSWSYuuPwPQPD9JiKmSdfJ9JLLSC0cz72Q6LZwi5m3MY+9DzoL3FGbajXuKksB/YtDKvt1HbMLrm9Hj+z+XJc= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-1d3eb299e2eso14149555ad.2 for ; Fri, 22 Dec 2023 08:58:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703264314; x=1703869114; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2DOb3hXebla748WqHZiQogYYTWbTadvfW08sp54PyYE=; b=B5ZH9Oima5yKje56djjJBk5np74aDJIJ1AGmdc5gHVvnhYW3H08ckHBufRhKcerTo4 VduBXvr6rE38ql5ZMJ+yOwV/FubDjMbC0usaNXgh3Pui3kjU739KRPOWdUiZt2bdEYdO OSJ8hxGxJ/dCUH3MvghQUNnUX1HXP6APtIXrjPUu5VoYqd7taI0efJAFcM57b8VHAF08 WF+y8E39QVG9m8BZ8JMS6TwQlRo2MjJFVr3CJB7If8Lrbe4cHBhr8+ked/EImlMYC0l+ 1ShJj0iIvr/D/u2HGKVbk1utyv2clceBESEN++CwzAyN1PRSJIab7E9Hnzhq3Gm5p0qF Up4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703264314; x=1703869114; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2DOb3hXebla748WqHZiQogYYTWbTadvfW08sp54PyYE=; b=oCeeNllXRnELYqfYE23+V4aNqp1w7ZnUoWgfgrJQ5ISGRaPqC3qJfo18bfc/S63D6w 6E8e7SEGh1cUMUAvLnd9B32xGGI9JZUKQ1w368kdSatv4DKuC1ShdDPHAfuYKvDBP8TG fiEzYmcYGojXWnVm4XZVNfif+QPTAJaK3xq7nMqBff0SY8EQXIqezEKJ153WTl1GWHP9 LwG/KmGb/DUeyt48hy3lGbNzntuLy+coVbJKxU7gSxwPPXxmu0pdTBluegY+Mi13mhh5 sifplN295iVuA/f4g8j2jkT4H6eAD/OAK7xurEEwiWyxQy9SuScJBtFPpdheoT7oxn4Q GpWg== X-Gm-Message-State: AOJu0YwrAxj0aLvlkzbb0+5oJJt86qdn6eEmkqldr2i+IswMui93EWN8 B2VRqs8YwqW2yEcrpw9c5phSfHhx4zc= X-Google-Smtp-Source: AGHT+IFn8g2OuCkWg5DzonW7RJT6pMKWaZ7i+0LIjibtJt1DE0XX5ArelJCJx9LvUn+K680vRu03BQ== X-Received: by 2002:a17:902:c408:b0:1d0:bba7:4f95 with SMTP id k8-20020a170902c40800b001d0bba74f95mr1726888plk.51.1703264313935; Fri, 22 Dec 2023 08:58:33 -0800 (PST) Received: from gnu-cfl-3.localdomain ([172.56.169.119]) by smtp.gmail.com with ESMTPSA id v7-20020a170902b7c700b001bc6e6069a6sm3668592plz.122.2023.12.22.08.58.33 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 22 Dec 2023 08:58:33 -0800 (PST) Received: from gnu-cfl-3.. (localhost [IPv6:::1]) by gnu-cfl-3.localdomain (Postfix) with ESMTP id BD431740658; Fri, 22 Dec 2023 08:58:30 -0800 (PST) From: "H.J. Lu" To: libc-alpha@sourceware.org Cc: rick.p.edgecombe@intel.com, goldstein.w.n@gmail.com Subject: [PATCH v5 5/6] x86/cet: Don't set CET active by default Date: Fri, 22 Dec 2023 08:58:29 -0800 Message-ID: <20231222165830.2100438-6-hjl.tools@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231222165830.2100438-1-hjl.tools@gmail.com> References: <20231222165830.2100438-1-hjl.tools@gmail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-3024.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Not all CET enabled applications and libraries have been properly tested in CET enabled environments. Some CET enabled applications or libraries will crash or misbehave when CET is enabled. Don't set CET active by default so that all applications and libraries will run normally regardless of whether CET is active or not. Shadow stack can be enabled by $ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK at run-time if shadow stack can be enabled by kernel. NB: This commit can be reverted if it is OK to enable CET by default for all applications and libraries. --- sysdeps/x86/cpu-features.c | 2 +- sysdeps/x86/cpu-tunables.c | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c index 097868c1d9..80a07ac589 100644 --- a/sysdeps/x86/cpu-features.c +++ b/sysdeps/x86/cpu-features.c @@ -110,7 +110,7 @@ update_active (struct cpu_features *cpu_features) if (!CPU_FEATURES_CPU_P (cpu_features, RTM_ALWAYS_ABORT)) CPU_FEATURE_SET_ACTIVE (cpu_features, RTM); -#if CET_ENABLED +#if CET_ENABLED && 0 CPU_FEATURE_SET_ACTIVE (cpu_features, IBT); CPU_FEATURE_SET_ACTIVE (cpu_features, SHSTK); #endif diff --git a/sysdeps/x86/cpu-tunables.c b/sysdeps/x86/cpu-tunables.c index 142c6b9240..1742400525 100644 --- a/sysdeps/x86/cpu-tunables.c +++ b/sysdeps/x86/cpu-tunables.c @@ -35,6 +35,17 @@ break; \ } +#define CHECK_GLIBC_IFUNC_CPU_BOTH(f, cpu_features, name, len) \ + _Static_assert (sizeof (#name) - 1 == len, #name " != " #len); \ + if (tunable_str_comma_strcmp_cte (&f, #name)) \ + { \ + if (f.disable) \ + CPU_FEATURE_UNSET (cpu_features, name) \ + else \ + CPU_FEATURE_SET_ACTIVE (cpu_features, name) \ + break; \ + } + /* Disable a preferred feature NAME. We don't enable a preferred feature which isn't available. */ #define CHECK_GLIBC_IFUNC_PREFERRED_OFF(f, cpu_features, name, len) \ @@ -131,11 +142,13 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp) } break; case 5: + { + CHECK_GLIBC_IFUNC_CPU_BOTH (n, cpu_features, SHSTK, 5); + } if (n.disable) { CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, LZCNT, 5); CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, MOVBE, 5); - CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SHSTK, 5); CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SSSE3, 5); CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, XSAVE, 5); }