tunables: Add IFUNC selection and cache sizes
Commit Message
On Wed, Jun 21, 2017 at 7:35 AM, Siddhesh Poyarekar <siddhesh@gotplt.org> wrote:
> On Wednesday 21 June 2017 06:56 PM, H.J. Lu wrote:
>> I am testing this patch. OK for master if there are no regressions?
>>
>
> Looks OK to me with one comment change which I missed the last time:
>
>> Since all CPU/ARCH features are hardware optimizations without
>> security implication, except for Prefer_MAP_32BIT_EXEC, which can
>> - only be disabled, we check GLIBC_IFUNC for programs, including
>> + only be disabled, we check glibc.tune.hwcaps for programs, including
>> set*id ones.
>
> This block is no longer valid since the tunables are not read for setxid
> binaries. If you want to make a case for hwcaps to be read in setxid
> binaries, then it should be made along with hwcap_mask since they're
> essentially the same feature for different machines.
>
Here is the updated patch. OK for master?
Comments
On Wednesday 21 June 2017 08:21 PM, H.J. Lu wrote:
>> This block is no longer valid since the tunables are not read for setxid
>> binaries. If you want to make a case for hwcaps to be read in setxid
>> binaries, then it should be made along with hwcap_mask since they're
>> essentially the same feature for different machines.
>>
>
> Here is the updated patch. OK for master?
>
That looks like an outdated patch; attached by mistake?
Siddhesh
>
> 0001-Move-x86-specific-tunables-to-x86-dl-tunables.list.patch
>
>
> From 3d6a433311d99dced1378d44b9f37736594e631f Mon Sep 17 00:00:00 2001
> From: "H.J. Lu" <hjl.tools@gmail.com>
> Date: Tue, 20 Jun 2017 12:09:56 -0700
> Subject: [PATCH] Move x86 specific tunables to x86/dl-tunables.list
>
> * elf/dl-tunables.list: Move x86 specific tunables to ...
> * sysdeps/x86/dl-tunables.list: Here. New file.
> ---
> elf/dl-tunables.list | 12 ------------
> sysdeps/x86/dl-tunables.list | 34 ++++++++++++++++++++++++++++++++++
> 2 files changed, 34 insertions(+), 12 deletions(-)
> create mode 100644 sysdeps/x86/dl-tunables.list
>
> diff --git a/elf/dl-tunables.list b/elf/dl-tunables.list
> index 3247d49..b8b0ce5 100644
> --- a/elf/dl-tunables.list
> +++ b/elf/dl-tunables.list
> @@ -87,17 +87,5 @@ glibc {
> type: STRING
> security_level: SXID_IGNORE
> }
> - x86_non_temporal_threshold {
> - type: SIZE_T
> - security_level: SXID_IGNORE
> - }
> - x86_data_cache_size {
> - type: SIZE_T
> - security_level: SXID_IGNORE
> - }
> - x86_shared_cache_size {
> - type: SIZE_T
> - security_level: SXID_IGNORE
> - }
> }
> }
> diff --git a/sysdeps/x86/dl-tunables.list b/sysdeps/x86/dl-tunables.list
> new file mode 100644
> index 0000000..50c130a
> --- /dev/null
> +++ b/sysdeps/x86/dl-tunables.list
> @@ -0,0 +1,34 @@
> +# x86 specific tunables.
> +# Copyright (C) 2017 Free Software Foundation, Inc.
> +# This file is part of the GNU C Library.
> +
> +# The GNU C Library is free software; you can redistribute it and/or
> +# modify it under the terms of the GNU Lesser General Public
> +# License as published by the Free Software Foundation; either
> +# version 2.1 of the License, or (at your option) any later version.
> +
> +# The GNU C Library is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +# Lesser General Public License for more details.
> +
> +# You should have received a copy of the GNU Lesser General Public
> +# License along with the GNU C Library; if not, see
> +# <http://www.gnu.org/licenses/>.
> +
> +glibc {
> + tune {
> + x86_non_temporal_threshold {
> + type: SIZE_T
> + security_level: SXID_IGNORE
> + }
> + x86_data_cache_size {
> + type: SIZE_T
> + security_level: SXID_IGNORE
> + }
> + x86_shared_cache_size {
> + type: SIZE_T
> + security_level: SXID_IGNORE
> + }
> + }
> +}
>
From 3d6a433311d99dced1378d44b9f37736594e631f Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 20 Jun 2017 12:09:56 -0700
Subject: [PATCH] Move x86 specific tunables to x86/dl-tunables.list
* elf/dl-tunables.list: Move x86 specific tunables to ...
* sysdeps/x86/dl-tunables.list: Here. New file.
---
elf/dl-tunables.list | 12 ------------
sysdeps/x86/dl-tunables.list | 34 ++++++++++++++++++++++++++++++++++
2 files changed, 34 insertions(+), 12 deletions(-)
create mode 100644 sysdeps/x86/dl-tunables.list
@@ -87,17 +87,5 @@ glibc {
type: STRING
security_level: SXID_IGNORE
}
- x86_non_temporal_threshold {
- type: SIZE_T
- security_level: SXID_IGNORE
- }
- x86_data_cache_size {
- type: SIZE_T
- security_level: SXID_IGNORE
- }
- x86_shared_cache_size {
- type: SIZE_T
- security_level: SXID_IGNORE
- }
}
}
new file mode 100644
@@ -0,0 +1,34 @@
+# x86 specific tunables.
+# Copyright (C) 2017 Free Software Foundation, Inc.
+# This file is part of the GNU C Library.
+
+# The GNU C Library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# The GNU C Library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with the GNU C Library; if not, see
+# <http://www.gnu.org/licenses/>.
+
+glibc {
+ tune {
+ x86_non_temporal_threshold {
+ type: SIZE_T
+ security_level: SXID_IGNORE
+ }
+ x86_data_cache_size {
+ type: SIZE_T
+ security_level: SXID_IGNORE
+ }
+ x86_shared_cache_size {
+ type: SIZE_T
+ security_level: SXID_IGNORE
+ }
+ }
+}
--
2.9.4