| Message ID | 20231216165325.2584919-1-hjl.tools@gmail.com |
|---|---|
| Headers |
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 5B807384CBBD for <patchwork@sourceware.org>; Sat, 16 Dec 2023 16:53:48 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-oo1-xc34.google.com (mail-oo1-xc34.google.com [IPv6:2607:f8b0:4864:20::c34]) by sourceware.org (Postfix) with ESMTPS id 184F9385B525 for <libc-alpha@sourceware.org>; Sat, 16 Dec 2023 16:53:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 184F9385B525 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 184F9385B525 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::c34 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1702745611; cv=none; b=CsxYIeYShV7PLdTgszoV2JY3wFYfXuc+1etGFT8PRbNojXPL8cgVV3JvTQlsL5uHsE+QJprdTpxrLapKlIoJV84/p0ZueZuqVYwIawOHQNZoH8yR+DXSAAtyU6MkUdqCp/J5Oo3JDpRlmCn7KZ+NRlSBW+IFg7vVbupeSWJ1ld4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1702745611; c=relaxed/simple; bh=qZDCiKqg8pQ728QE/I6urCigS/eF+NFha0mQKHUcb+s=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=G8YWQaiwDlnmyhrOUTBOO4AXyZQ4j7RVNeoj9yEB6bvOG0WqIuY9dUJUzS19ot0VLuJNI7UgrLGSIyjkYlc4w7c933FSUSv6tIM4Ds3Ds2EW7fEEwLqdrOznuoHemMItYWMKUqf0M5DwMIul2Wq1PAz7M1BICOED+r1vtMVuWTI= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-oo1-xc34.google.com with SMTP id 006d021491bc7-590b3337d2bso1272724eaf.2 for <libc-alpha@sourceware.org>; Sat, 16 Dec 2023 08:53:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702745608; x=1703350408; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=C9rZxfEfnJf/6n7iiDRP7RVPFtLI79nPNW+XmsE2OJw=; b=C9qCnaFWcy5iI9ZqenCCc1AtwxHOBJF3V91OXNPSR0qGP0LDOA9DSbe+z6fLmnD44H MZURBr9uKNTq5jbdTIMo6jq/kUr7AEdkD+mJQ6IiCNSIVADU4upagdHc5Xy+SGT55/h6 rIwATImvC6ONoC5RxqtC8/vS+qAQH4nuiI2CzcqSpQrFL/NqRi+lIN73HFavn9jfeCGH ZmJRMl5lsHwpLICXCu+EVTe/dV1SF0FTJ3lA2tVC72A/o9WdgPdvqFPIef72XA4ACV2V i3t0IDfoWwtegRejqKFGRo3IWMbT7g3sgV4Mve/R/3htrCFpQH9U5caVp3UGBw3jHMfN VuKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702745608; x=1703350408; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=C9rZxfEfnJf/6n7iiDRP7RVPFtLI79nPNW+XmsE2OJw=; b=sojTuOKWPXLEvL5gU6fQ2PP0tb8EwuuJM+OYC9ieafUMf3UGZ7DAYPckv/HUYMoZY2 D4CoUiEiok+CL74yb/43mITxf5aR6Q/m4rqYk0EE5VeWWBZq8kXd5uel0BgaDtwyRUhl 8VYMQS+C5mzuCpBwn7iN9062Xyeiw2mKk4QiknkYZ0qrzVULgeINA0zvUdpw4d14D8Ua AJkM01gORIZQ0zoCPaKV8/Jyif5hvlG7UHczPOuVcsvo4YBadyUKniT7bAXMJwSFCZfW PS9Zt+gmaNIBA1yjREneTh2Q1KkqBCTdZYX4pEElLzZ335FHPFmtMbiPs8pq5Zy+pvQ7 w2zQ== X-Gm-Message-State: AOJu0Yzeh6m25Gvs8uns2j7gBGAkAG/svP0X+QPRXJHv7LAeF4e5/pJv kz+pF0TFM4nliu7bQppAm13Ur2Y8vPc= X-Google-Smtp-Source: AGHT+IHwfcFwT6438OYI3NbkQxwB860VuFaWI6jSMF+6s6hpDebHKFD+nCNKzPWnFt+1NQ5ogSbtoA== X-Received: by 2002:a05:6358:91aa:b0:170:ec2e:4373 with SMTP id j42-20020a05635891aa00b00170ec2e4373mr8581870rwa.6.1702745608147; Sat, 16 Dec 2023 08:53:28 -0800 (PST) Received: from gnu-cfl-3.localdomain ([172.59.129.147]) by smtp.gmail.com with ESMTPSA id z17-20020a17090ab11100b0028a69db1f51sm12819530pjq.30.2023.12.16.08.53.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 16 Dec 2023 08:53:27 -0800 (PST) Received: from gnu-cfl-3.. (localhost [IPv6:::1]) by gnu-cfl-3.localdomain (Postfix) with ESMTP id 4CFC4740337; Sat, 16 Dec 2023 08:53:25 -0800 (PST) From: "H.J. Lu" <hjl.tools@gmail.com> To: libc-alpha@sourceware.org Cc: rick.p.edgecombe@intel.com Subject: [PATCH v2 00/16] x86/cet: Update CET kernel interface Date: Sat, 16 Dec 2023 08:53:09 -0800 Message-ID: <20231216165325.2584919-1-hjl.tools@gmail.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3018.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org |
| Series |
x86/cet: Update CET kernel interface
|
|
Message
H.J. Lu
Dec. 16, 2023, 4:53 p.m. UTC
Changes in v2:
1. Add add extra 20 stack frames in shadow stack for signal handlers
when allocating shadow stack for ucontexts.
2. Remove the "x86: Check PT_GNU_PROPERTY early" patch which has been
checked into master branch.
Linux kernel 6.6 added SHSTK support for x86-64. This patch set updates
CET kernel interface to Linux kernel 6.6. The main difference from the
current glibc assumption is that SHSTK is enabled by glibc, instead of
kernel. Glibc enables SHSTK after verifying that the application and
all dependency libraries are CET enabled. SHSTK can only be enabled in a
function which will never return. Otherwise, shadow stack will underflow
at the function return.
Not all CET enabled applications and libraries have been properly tested
in CET enabled environments. Some CET enabled applications or libraries
will crash or misbehave when CET is enabled. Don't set CET active by
default so that all applications and libraries will run normally regardless
of whether CET is active or not. Shadow stack can be enabled by
$ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK
at run-time if shadow stack can be enabled by kernel.
Since only x86-64 is supported, i386 shadow stack codes are unchanged
and CET shouldn't be enabled for i386.
NB: This change can be reverted if it is OK to enable CET by default for
all applications and libraries.
Tested on Intel Tiger Lake under Linux kernel 6.6.7.
H.J. Lu (16):
x86/cet: Check user_shstk in /proc/cpuinfo
x86/cet: Update tst-cet-vfork-1
x86/cet: Don't assume that SHSTK implies IBT
x86/cet: Check legacy shadow stack applications
x86/cet: Check CPU_FEATURE_ACTIVE when CET is disabled
x86/cet: Add tests for GLIBC_TUNABLES=glibc.cpu.hwcaps=-SHSTK
x86/cet: Check legacy shadow stack code in .init_array section
x86/cet: Check CPU_FEATURE_ACTIVE in permissive mode
x86: Modularize sysdeps/x86/dl-cet.c
x86/cet: Sync with Linux kernel 6.6 shadow stack interface
elf: Always provide _dl_get_dl_main_map in libc.a
x86/cet: Enable shadow stack during startup
x86/cet: Check feature_1 in TCB for active IBT and SHSTK
x86/cet: Don't disable CET if not single threaded
x86/cet: Don't set CET active by default
x86/cet: Run some CET tests with shadow stack
elf/dl-support.c | 2 -
sysdeps/generic/ldsodefs.h | 8 +-
sysdeps/unix/sysv/linux/x86/Makefile | 1 +
.../sysv/linux/x86/allocate-shadow-stack.c | 62 +++
.../sysv/linux/x86/allocate-shadow-stack.h | 27 +
sysdeps/unix/sysv/linux/x86/bits/mman.h | 5 +
sysdeps/unix/sysv/linux/x86/dl-cet.h | 39 +-
.../unix/sysv/linux/x86/include/asm/prctl.h | 37 +-
.../sysv/linux/x86/tst-cet-setcontext-1.c | 17 +-
sysdeps/unix/sysv/linux/x86/tst-cet-vfork-1.c | 43 +-
.../unix/sysv/linux/x86_64/__start_context.S | 38 +-
sysdeps/unix/sysv/linux/x86_64/dl-cet.h | 47 ++
sysdeps/unix/sysv/linux/x86_64/getcontext.S | 30 +-
sysdeps/unix/sysv/linux/x86_64/makecontext.c | 29 +-
sysdeps/unix/sysv/linux/x86_64/swapcontext.S | 22 +-
sysdeps/x86/Makefile | 87 +++-
sysdeps/x86/bits/platform/x86.h | 8 +
sysdeps/x86/cpu-features-offsets.sym | 1 +
sysdeps/x86/cpu-features.c | 48 +-
sysdeps/x86/cpu-tunables.c | 17 +-
sysdeps/x86/dl-cet.c | 462 +++++++++++-------
sysdeps/x86/get-cpuid-feature-leaf.c | 13 +-
sysdeps/x86/include/cpu-features.h | 3 +
sysdeps/x86/libc-start.h | 54 +-
sysdeps/x86/sys/platform/x86.h | 17 +
sysdeps/x86/tst-cet-legacy-10.c | 6 +-
sysdeps/x86/tst-cet-legacy-10a-static.c | 2 +
sysdeps/x86/tst-cet-legacy-10a.c | 2 +
sysdeps/x86/tst-cet-legacy-4.c | 5 +
sysdeps/x86/tst-cet-legacy-8.c | 15 +-
sysdeps/x86/tst-cpu-features-cpuinfo.c | 2 +-
sysdeps/x86/tst-shstk-legacy-1-extra.S | 35 ++
sysdeps/x86/tst-shstk-legacy-1a-static.c | 1 +
sysdeps/x86/tst-shstk-legacy-1a.c | 32 ++
sysdeps/x86/tst-shstk-legacy-1b-static.c | 1 +
sysdeps/x86/tst-shstk-legacy-1b.c | 38 ++
sysdeps/x86/tst-shstk-legacy-1c-static.c | 1 +
sysdeps/x86/tst-shstk-legacy-1c.c | 20 +
sysdeps/x86/tst-shstk-legacy-1d-static.c | 1 +
.../tst-shstk-legacy-1d.c} | 45 +-
sysdeps/x86/tst-shstk-legacy-1e-static.c | 1 +
sysdeps/x86/tst-shstk-legacy-1e-static.sh | 33 ++
sysdeps/x86/tst-shstk-legacy-1e.c | 53 ++
sysdeps/x86/tst-shstk-legacy-1e.sh | 35 ++
sysdeps/x86/tst-shstk-legacy-1f.c | 29 ++
sysdeps/x86/tst-shstk-legacy-1g.c | 35 ++
sysdeps/x86/tst-shstk-legacy-1g.sh | 35 ++
sysdeps/x86/tst-shstk-legacy-mod-1.c | 28 ++
sysdeps/x86_64/dl-machine.h | 12 +-
sysdeps/x86_64/nptl/tls.h | 2 +-
50 files changed, 1169 insertions(+), 417 deletions(-)
create mode 100644 sysdeps/unix/sysv/linux/x86/allocate-shadow-stack.c
create mode 100644 sysdeps/unix/sysv/linux/x86/allocate-shadow-stack.h
create mode 100644 sysdeps/unix/sysv/linux/x86_64/dl-cet.h
create mode 100644 sysdeps/x86/tst-cet-legacy-10a-static.c
create mode 100644 sysdeps/x86/tst-cet-legacy-10a.c
create mode 100644 sysdeps/x86/tst-shstk-legacy-1-extra.S
create mode 100644 sysdeps/x86/tst-shstk-legacy-1a-static.c
create mode 100644 sysdeps/x86/tst-shstk-legacy-1a.c
create mode 100644 sysdeps/x86/tst-shstk-legacy-1b-static.c
create mode 100644 sysdeps/x86/tst-shstk-legacy-1b.c
create mode 100644 sysdeps/x86/tst-shstk-legacy-1c-static.c
create mode 100644 sysdeps/x86/tst-shstk-legacy-1c.c
create mode 100644 sysdeps/x86/tst-shstk-legacy-1d-static.c
rename sysdeps/{unix/sysv/linux/x86/cpu-features.c => x86/tst-shstk-legacy-1d.c} (53%)
create mode 100644 sysdeps/x86/tst-shstk-legacy-1e-static.c
create mode 100755 sysdeps/x86/tst-shstk-legacy-1e-static.sh
create mode 100644 sysdeps/x86/tst-shstk-legacy-1e.c
create mode 100755 sysdeps/x86/tst-shstk-legacy-1e.sh
create mode 100644 sysdeps/x86/tst-shstk-legacy-1f.c
create mode 100644 sysdeps/x86/tst-shstk-legacy-1g.c
create mode 100755 sysdeps/x86/tst-shstk-legacy-1g.sh
create mode 100644 sysdeps/x86/tst-shstk-legacy-mod-1.c
Comments
On Sat, Dec 16, 2023 at 10:53 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > Changes in v2: > > 1. Add add extra 20 stack frames in shadow stack for signal handlers > when allocating shadow stack for ucontexts. > 2. Remove the "x86: Check PT_GNU_PROPERTY early" patch which has been > checked into master branch. > > > Linux kernel 6.6 added SHSTK support for x86-64. This patch set updates > CET kernel interface to Linux kernel 6.6. The main difference from the > current glibc assumption is that SHSTK is enabled by glibc, instead of > kernel. Glibc enables SHSTK after verifying that the application and > all dependency libraries are CET enabled. SHSTK can only be enabled in a > function which will never return. Otherwise, shadow stack will underflow > at the function return. > > Not all CET enabled applications and libraries have been properly tested > in CET enabled environments. Some CET enabled applications or libraries > will crash or misbehave when CET is enabled. Don't set CET active by > default so that all applications and libraries will run normally regardless > of whether CET is active or not. Shadow stack can be enabled by > > $ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK > > at run-time if shadow stack can be enabled by kernel. > > Since only x86-64 is supported, i386 shadow stack codes are unchanged > and CET shouldn't be enabled for i386. > > NB: This change can be reverted if it is OK to enable CET by default for > all applications and libraries. > > Tested on Intel Tiger Lake under Linux kernel 6.6.7. > > H.J. Lu (16): > x86/cet: Check user_shstk in /proc/cpuinfo > x86/cet: Update tst-cet-vfork-1 > x86/cet: Don't assume that SHSTK implies IBT > x86/cet: Check legacy shadow stack applications > x86/cet: Check CPU_FEATURE_ACTIVE when CET is disabled > x86/cet: Add tests for GLIBC_TUNABLES=glibc.cpu.hwcaps=-SHSTK > x86/cet: Check legacy shadow stack code in .init_array section > x86/cet: Check CPU_FEATURE_ACTIVE in permissive mode > x86: Modularize sysdeps/x86/dl-cet.c > x86/cet: Sync with Linux kernel 6.6 shadow stack interface > elf: Always provide _dl_get_dl_main_map in libc.a > x86/cet: Enable shadow stack during startup > x86/cet: Check feature_1 in TCB for active IBT and SHSTK > x86/cet: Don't disable CET if not single threaded > x86/cet: Don't set CET active by default > x86/cet: Run some CET tests with shadow stack > > elf/dl-support.c | 2 - > sysdeps/generic/ldsodefs.h | 8 +- > sysdeps/unix/sysv/linux/x86/Makefile | 1 + > .../sysv/linux/x86/allocate-shadow-stack.c | 62 +++ > .../sysv/linux/x86/allocate-shadow-stack.h | 27 + > sysdeps/unix/sysv/linux/x86/bits/mman.h | 5 + > sysdeps/unix/sysv/linux/x86/dl-cet.h | 39 +- > .../unix/sysv/linux/x86/include/asm/prctl.h | 37 +- > .../sysv/linux/x86/tst-cet-setcontext-1.c | 17 +- > sysdeps/unix/sysv/linux/x86/tst-cet-vfork-1.c | 43 +- > .../unix/sysv/linux/x86_64/__start_context.S | 38 +- > sysdeps/unix/sysv/linux/x86_64/dl-cet.h | 47 ++ > sysdeps/unix/sysv/linux/x86_64/getcontext.S | 30 +- > sysdeps/unix/sysv/linux/x86_64/makecontext.c | 29 +- > sysdeps/unix/sysv/linux/x86_64/swapcontext.S | 22 +- > sysdeps/x86/Makefile | 87 +++- > sysdeps/x86/bits/platform/x86.h | 8 + > sysdeps/x86/cpu-features-offsets.sym | 1 + > sysdeps/x86/cpu-features.c | 48 +- > sysdeps/x86/cpu-tunables.c | 17 +- > sysdeps/x86/dl-cet.c | 462 +++++++++++------- > sysdeps/x86/get-cpuid-feature-leaf.c | 13 +- > sysdeps/x86/include/cpu-features.h | 3 + > sysdeps/x86/libc-start.h | 54 +- > sysdeps/x86/sys/platform/x86.h | 17 + > sysdeps/x86/tst-cet-legacy-10.c | 6 +- > sysdeps/x86/tst-cet-legacy-10a-static.c | 2 + > sysdeps/x86/tst-cet-legacy-10a.c | 2 + > sysdeps/x86/tst-cet-legacy-4.c | 5 + > sysdeps/x86/tst-cet-legacy-8.c | 15 +- > sysdeps/x86/tst-cpu-features-cpuinfo.c | 2 +- > sysdeps/x86/tst-shstk-legacy-1-extra.S | 35 ++ > sysdeps/x86/tst-shstk-legacy-1a-static.c | 1 + > sysdeps/x86/tst-shstk-legacy-1a.c | 32 ++ > sysdeps/x86/tst-shstk-legacy-1b-static.c | 1 + > sysdeps/x86/tst-shstk-legacy-1b.c | 38 ++ > sysdeps/x86/tst-shstk-legacy-1c-static.c | 1 + > sysdeps/x86/tst-shstk-legacy-1c.c | 20 + > sysdeps/x86/tst-shstk-legacy-1d-static.c | 1 + > .../tst-shstk-legacy-1d.c} | 45 +- > sysdeps/x86/tst-shstk-legacy-1e-static.c | 1 + > sysdeps/x86/tst-shstk-legacy-1e-static.sh | 33 ++ > sysdeps/x86/tst-shstk-legacy-1e.c | 53 ++ > sysdeps/x86/tst-shstk-legacy-1e.sh | 35 ++ > sysdeps/x86/tst-shstk-legacy-1f.c | 29 ++ > sysdeps/x86/tst-shstk-legacy-1g.c | 35 ++ > sysdeps/x86/tst-shstk-legacy-1g.sh | 35 ++ > sysdeps/x86/tst-shstk-legacy-mod-1.c | 28 ++ > sysdeps/x86_64/dl-machine.h | 12 +- > sysdeps/x86_64/nptl/tls.h | 2 +- > 50 files changed, 1169 insertions(+), 417 deletions(-) > create mode 100644 sysdeps/unix/sysv/linux/x86/allocate-shadow-stack.c > create mode 100644 sysdeps/unix/sysv/linux/x86/allocate-shadow-stack.h > create mode 100644 sysdeps/unix/sysv/linux/x86_64/dl-cet.h > create mode 100644 sysdeps/x86/tst-cet-legacy-10a-static.c > create mode 100644 sysdeps/x86/tst-cet-legacy-10a.c > create mode 100644 sysdeps/x86/tst-shstk-legacy-1-extra.S > create mode 100644 sysdeps/x86/tst-shstk-legacy-1a-static.c > create mode 100644 sysdeps/x86/tst-shstk-legacy-1a.c > create mode 100644 sysdeps/x86/tst-shstk-legacy-1b-static.c > create mode 100644 sysdeps/x86/tst-shstk-legacy-1b.c > create mode 100644 sysdeps/x86/tst-shstk-legacy-1c-static.c > create mode 100644 sysdeps/x86/tst-shstk-legacy-1c.c > create mode 100644 sysdeps/x86/tst-shstk-legacy-1d-static.c > rename sysdeps/{unix/sysv/linux/x86/cpu-features.c => x86/tst-shstk-legacy-1d.c} (53%) > create mode 100644 sysdeps/x86/tst-shstk-legacy-1e-static.c > create mode 100755 sysdeps/x86/tst-shstk-legacy-1e-static.sh > create mode 100644 sysdeps/x86/tst-shstk-legacy-1e.c > create mode 100755 sysdeps/x86/tst-shstk-legacy-1e.sh > create mode 100644 sysdeps/x86/tst-shstk-legacy-1f.c > create mode 100644 sysdeps/x86/tst-shstk-legacy-1g.c > create mode 100755 sysdeps/x86/tst-shstk-legacy-1g.sh > create mode 100644 sysdeps/x86/tst-shstk-legacy-mod-1.c > > -- > 2.43.0 > The series no longer cleanly applies since you committed ``` commit 442983319ba70de801fc856e8dd4748fba8f7f1b (HEAD -> master, origin/master, origin/HEAD) Author: H.J. Lu <hjl.tools@gmail.com> Date: Sat Dec 16 08:53:12 2023 -0800 x86/cet: Don't assume that SHSTK implies IBT ``` needs a rebase.
On Mon, Dec 18, 2023 at 9:50 AM Noah Goldstein <goldstein.w.n@gmail.com> wrote: > > On Sat, Dec 16, 2023 at 10:53 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > Changes in v2: > > > > 1. Add add extra 20 stack frames in shadow stack for signal handlers > > when allocating shadow stack for ucontexts. > > 2. Remove the "x86: Check PT_GNU_PROPERTY early" patch which has been > > checked into master branch. > > > > > > Linux kernel 6.6 added SHSTK support for x86-64. This patch set updates > > CET kernel interface to Linux kernel 6.6. The main difference from the > > current glibc assumption is that SHSTK is enabled by glibc, instead of > > kernel. Glibc enables SHSTK after verifying that the application and > > all dependency libraries are CET enabled. SHSTK can only be enabled in a > > function which will never return. Otherwise, shadow stack will underflow > > at the function return. > > > > Not all CET enabled applications and libraries have been properly tested > > in CET enabled environments. Some CET enabled applications or libraries > > will crash or misbehave when CET is enabled. Don't set CET active by > > default so that all applications and libraries will run normally regardless > > of whether CET is active or not. Shadow stack can be enabled by > > > > $ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK > > > > at run-time if shadow stack can be enabled by kernel. > > > > Since only x86-64 is supported, i386 shadow stack codes are unchanged > > and CET shouldn't be enabled for i386. > > > > NB: This change can be reverted if it is OK to enable CET by default for > > all applications and libraries. > > > > Tested on Intel Tiger Lake under Linux kernel 6.6.7. > > > > H.J. Lu (16): > > x86/cet: Check user_shstk in /proc/cpuinfo > > x86/cet: Update tst-cet-vfork-1 > > x86/cet: Don't assume that SHSTK implies IBT > > x86/cet: Check legacy shadow stack applications > > x86/cet: Check CPU_FEATURE_ACTIVE when CET is disabled > > x86/cet: Add tests for GLIBC_TUNABLES=glibc.cpu.hwcaps=-SHSTK > > x86/cet: Check legacy shadow stack code in .init_array section > > x86/cet: Check CPU_FEATURE_ACTIVE in permissive mode > > x86: Modularize sysdeps/x86/dl-cet.c > > x86/cet: Sync with Linux kernel 6.6 shadow stack interface > > elf: Always provide _dl_get_dl_main_map in libc.a > > x86/cet: Enable shadow stack during startup > > x86/cet: Check feature_1 in TCB for active IBT and SHSTK > > x86/cet: Don't disable CET if not single threaded > > x86/cet: Don't set CET active by default > > x86/cet: Run some CET tests with shadow stack > > > > elf/dl-support.c | 2 - > > sysdeps/generic/ldsodefs.h | 8 +- > > sysdeps/unix/sysv/linux/x86/Makefile | 1 + > > .../sysv/linux/x86/allocate-shadow-stack.c | 62 +++ > > .../sysv/linux/x86/allocate-shadow-stack.h | 27 + > > sysdeps/unix/sysv/linux/x86/bits/mman.h | 5 + > > sysdeps/unix/sysv/linux/x86/dl-cet.h | 39 +- > > .../unix/sysv/linux/x86/include/asm/prctl.h | 37 +- > > .../sysv/linux/x86/tst-cet-setcontext-1.c | 17 +- > > sysdeps/unix/sysv/linux/x86/tst-cet-vfork-1.c | 43 +- > > .../unix/sysv/linux/x86_64/__start_context.S | 38 +- > > sysdeps/unix/sysv/linux/x86_64/dl-cet.h | 47 ++ > > sysdeps/unix/sysv/linux/x86_64/getcontext.S | 30 +- > > sysdeps/unix/sysv/linux/x86_64/makecontext.c | 29 +- > > sysdeps/unix/sysv/linux/x86_64/swapcontext.S | 22 +- > > sysdeps/x86/Makefile | 87 +++- > > sysdeps/x86/bits/platform/x86.h | 8 + > > sysdeps/x86/cpu-features-offsets.sym | 1 + > > sysdeps/x86/cpu-features.c | 48 +- > > sysdeps/x86/cpu-tunables.c | 17 +- > > sysdeps/x86/dl-cet.c | 462 +++++++++++------- > > sysdeps/x86/get-cpuid-feature-leaf.c | 13 +- > > sysdeps/x86/include/cpu-features.h | 3 + > > sysdeps/x86/libc-start.h | 54 +- > > sysdeps/x86/sys/platform/x86.h | 17 + > > sysdeps/x86/tst-cet-legacy-10.c | 6 +- > > sysdeps/x86/tst-cet-legacy-10a-static.c | 2 + > > sysdeps/x86/tst-cet-legacy-10a.c | 2 + > > sysdeps/x86/tst-cet-legacy-4.c | 5 + > > sysdeps/x86/tst-cet-legacy-8.c | 15 +- > > sysdeps/x86/tst-cpu-features-cpuinfo.c | 2 +- > > sysdeps/x86/tst-shstk-legacy-1-extra.S | 35 ++ > > sysdeps/x86/tst-shstk-legacy-1a-static.c | 1 + > > sysdeps/x86/tst-shstk-legacy-1a.c | 32 ++ > > sysdeps/x86/tst-shstk-legacy-1b-static.c | 1 + > > sysdeps/x86/tst-shstk-legacy-1b.c | 38 ++ > > sysdeps/x86/tst-shstk-legacy-1c-static.c | 1 + > > sysdeps/x86/tst-shstk-legacy-1c.c | 20 + > > sysdeps/x86/tst-shstk-legacy-1d-static.c | 1 + > > .../tst-shstk-legacy-1d.c} | 45 +- > > sysdeps/x86/tst-shstk-legacy-1e-static.c | 1 + > > sysdeps/x86/tst-shstk-legacy-1e-static.sh | 33 ++ > > sysdeps/x86/tst-shstk-legacy-1e.c | 53 ++ > > sysdeps/x86/tst-shstk-legacy-1e.sh | 35 ++ > > sysdeps/x86/tst-shstk-legacy-1f.c | 29 ++ > > sysdeps/x86/tst-shstk-legacy-1g.c | 35 ++ > > sysdeps/x86/tst-shstk-legacy-1g.sh | 35 ++ > > sysdeps/x86/tst-shstk-legacy-mod-1.c | 28 ++ > > sysdeps/x86_64/dl-machine.h | 12 +- > > sysdeps/x86_64/nptl/tls.h | 2 +- > > 50 files changed, 1169 insertions(+), 417 deletions(-) > > create mode 100644 sysdeps/unix/sysv/linux/x86/allocate-shadow-stack.c > > create mode 100644 sysdeps/unix/sysv/linux/x86/allocate-shadow-stack.h > > create mode 100644 sysdeps/unix/sysv/linux/x86_64/dl-cet.h > > create mode 100644 sysdeps/x86/tst-cet-legacy-10a-static.c > > create mode 100644 sysdeps/x86/tst-cet-legacy-10a.c > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1-extra.S > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1a-static.c > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1a.c > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1b-static.c > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1b.c > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1c-static.c > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1c.c > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1d-static.c > > rename sysdeps/{unix/sysv/linux/x86/cpu-features.c => x86/tst-shstk-legacy-1d.c} (53%) > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1e-static.c > > create mode 100755 sysdeps/x86/tst-shstk-legacy-1e-static.sh > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1e.c > > create mode 100755 sysdeps/x86/tst-shstk-legacy-1e.sh > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1f.c > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1g.c > > create mode 100755 sysdeps/x86/tst-shstk-legacy-1g.sh > > create mode 100644 sysdeps/x86/tst-shstk-legacy-mod-1.c > > > > -- > > 2.43.0 > > > > The series no longer cleanly applies since you committed > ``` > commit 442983319ba70de801fc856e8dd4748fba8f7f1b (HEAD -> master, > origin/master, origin/HEAD) > Author: H.J. Lu <hjl.tools@gmail.com> > Date: Sat Dec 16 08:53:12 2023 -0800 > > x86/cet: Don't assume that SHSTK implies IBT > > ``` > > needs a rebase. Here is the rebased patch set: https://gitlab.com/x86-glibc/glibc/-/commits/users/hjl/cet/v11b/master?ref_type=heads There are no code changes. Any comments on the rest of the patches? Thanks.
On Mon, Dec 18, 2023 at 1:10 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > On Mon, Dec 18, 2023 at 9:50 AM Noah Goldstein <goldstein.w.n@gmail.com> wrote: > > > > On Sat, Dec 16, 2023 at 10:53 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > > > > > Changes in v2: > > > > > > 1. Add add extra 20 stack frames in shadow stack for signal handlers > > > when allocating shadow stack for ucontexts. > > > 2. Remove the "x86: Check PT_GNU_PROPERTY early" patch which has been > > > checked into master branch. > > > > > > > > > Linux kernel 6.6 added SHSTK support for x86-64. This patch set updates > > > CET kernel interface to Linux kernel 6.6. The main difference from the > > > current glibc assumption is that SHSTK is enabled by glibc, instead of > > > kernel. Glibc enables SHSTK after verifying that the application and > > > all dependency libraries are CET enabled. SHSTK can only be enabled in a > > > function which will never return. Otherwise, shadow stack will underflow > > > at the function return. > > > > > > Not all CET enabled applications and libraries have been properly tested > > > in CET enabled environments. Some CET enabled applications or libraries > > > will crash or misbehave when CET is enabled. Don't set CET active by > > > default so that all applications and libraries will run normally regardless > > > of whether CET is active or not. Shadow stack can be enabled by > > > > > > $ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK > > > > > > at run-time if shadow stack can be enabled by kernel. > > > > > > Since only x86-64 is supported, i386 shadow stack codes are unchanged > > > and CET shouldn't be enabled for i386. > > > > > > NB: This change can be reverted if it is OK to enable CET by default for > > > all applications and libraries. > > > > > > Tested on Intel Tiger Lake under Linux kernel 6.6.7. > > > > > > H.J. Lu (16): > > > x86/cet: Check user_shstk in /proc/cpuinfo > > > x86/cet: Update tst-cet-vfork-1 > > > x86/cet: Don't assume that SHSTK implies IBT > > > x86/cet: Check legacy shadow stack applications > > > x86/cet: Check CPU_FEATURE_ACTIVE when CET is disabled > > > x86/cet: Add tests for GLIBC_TUNABLES=glibc.cpu.hwcaps=-SHSTK > > > x86/cet: Check legacy shadow stack code in .init_array section > > > x86/cet: Check CPU_FEATURE_ACTIVE in permissive mode > > > x86: Modularize sysdeps/x86/dl-cet.c > > > x86/cet: Sync with Linux kernel 6.6 shadow stack interface > > > elf: Always provide _dl_get_dl_main_map in libc.a > > > x86/cet: Enable shadow stack during startup > > > x86/cet: Check feature_1 in TCB for active IBT and SHSTK > > > x86/cet: Don't disable CET if not single threaded > > > x86/cet: Don't set CET active by default > > > x86/cet: Run some CET tests with shadow stack > > > > > > elf/dl-support.c | 2 - > > > sysdeps/generic/ldsodefs.h | 8 +- > > > sysdeps/unix/sysv/linux/x86/Makefile | 1 + > > > .../sysv/linux/x86/allocate-shadow-stack.c | 62 +++ > > > .../sysv/linux/x86/allocate-shadow-stack.h | 27 + > > > sysdeps/unix/sysv/linux/x86/bits/mman.h | 5 + > > > sysdeps/unix/sysv/linux/x86/dl-cet.h | 39 +- > > > .../unix/sysv/linux/x86/include/asm/prctl.h | 37 +- > > > .../sysv/linux/x86/tst-cet-setcontext-1.c | 17 +- > > > sysdeps/unix/sysv/linux/x86/tst-cet-vfork-1.c | 43 +- > > > .../unix/sysv/linux/x86_64/__start_context.S | 38 +- > > > sysdeps/unix/sysv/linux/x86_64/dl-cet.h | 47 ++ > > > sysdeps/unix/sysv/linux/x86_64/getcontext.S | 30 +- > > > sysdeps/unix/sysv/linux/x86_64/makecontext.c | 29 +- > > > sysdeps/unix/sysv/linux/x86_64/swapcontext.S | 22 +- > > > sysdeps/x86/Makefile | 87 +++- > > > sysdeps/x86/bits/platform/x86.h | 8 + > > > sysdeps/x86/cpu-features-offsets.sym | 1 + > > > sysdeps/x86/cpu-features.c | 48 +- > > > sysdeps/x86/cpu-tunables.c | 17 +- > > > sysdeps/x86/dl-cet.c | 462 +++++++++++------- > > > sysdeps/x86/get-cpuid-feature-leaf.c | 13 +- > > > sysdeps/x86/include/cpu-features.h | 3 + > > > sysdeps/x86/libc-start.h | 54 +- > > > sysdeps/x86/sys/platform/x86.h | 17 + > > > sysdeps/x86/tst-cet-legacy-10.c | 6 +- > > > sysdeps/x86/tst-cet-legacy-10a-static.c | 2 + > > > sysdeps/x86/tst-cet-legacy-10a.c | 2 + > > > sysdeps/x86/tst-cet-legacy-4.c | 5 + > > > sysdeps/x86/tst-cet-legacy-8.c | 15 +- > > > sysdeps/x86/tst-cpu-features-cpuinfo.c | 2 +- > > > sysdeps/x86/tst-shstk-legacy-1-extra.S | 35 ++ > > > sysdeps/x86/tst-shstk-legacy-1a-static.c | 1 + > > > sysdeps/x86/tst-shstk-legacy-1a.c | 32 ++ > > > sysdeps/x86/tst-shstk-legacy-1b-static.c | 1 + > > > sysdeps/x86/tst-shstk-legacy-1b.c | 38 ++ > > > sysdeps/x86/tst-shstk-legacy-1c-static.c | 1 + > > > sysdeps/x86/tst-shstk-legacy-1c.c | 20 + > > > sysdeps/x86/tst-shstk-legacy-1d-static.c | 1 + > > > .../tst-shstk-legacy-1d.c} | 45 +- > > > sysdeps/x86/tst-shstk-legacy-1e-static.c | 1 + > > > sysdeps/x86/tst-shstk-legacy-1e-static.sh | 33 ++ > > > sysdeps/x86/tst-shstk-legacy-1e.c | 53 ++ > > > sysdeps/x86/tst-shstk-legacy-1e.sh | 35 ++ > > > sysdeps/x86/tst-shstk-legacy-1f.c | 29 ++ > > > sysdeps/x86/tst-shstk-legacy-1g.c | 35 ++ > > > sysdeps/x86/tst-shstk-legacy-1g.sh | 35 ++ > > > sysdeps/x86/tst-shstk-legacy-mod-1.c | 28 ++ > > > sysdeps/x86_64/dl-machine.h | 12 +- > > > sysdeps/x86_64/nptl/tls.h | 2 +- > > > 50 files changed, 1169 insertions(+), 417 deletions(-) > > > create mode 100644 sysdeps/unix/sysv/linux/x86/allocate-shadow-stack.c > > > create mode 100644 sysdeps/unix/sysv/linux/x86/allocate-shadow-stack.h > > > create mode 100644 sysdeps/unix/sysv/linux/x86_64/dl-cet.h > > > create mode 100644 sysdeps/x86/tst-cet-legacy-10a-static.c > > > create mode 100644 sysdeps/x86/tst-cet-legacy-10a.c > > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1-extra.S > > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1a-static.c > > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1a.c > > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1b-static.c > > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1b.c > > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1c-static.c > > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1c.c > > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1d-static.c > > > rename sysdeps/{unix/sysv/linux/x86/cpu-features.c => x86/tst-shstk-legacy-1d.c} (53%) > > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1e-static.c > > > create mode 100755 sysdeps/x86/tst-shstk-legacy-1e-static.sh > > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1e.c > > > create mode 100755 sysdeps/x86/tst-shstk-legacy-1e.sh > > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1f.c > > > create mode 100644 sysdeps/x86/tst-shstk-legacy-1g.c > > > create mode 100755 sysdeps/x86/tst-shstk-legacy-1g.sh > > > create mode 100644 sysdeps/x86/tst-shstk-legacy-mod-1.c > > > > > > -- > > > 2.43.0 > > > > > > > The series no longer cleanly applies since you committed > > ``` > > commit 442983319ba70de801fc856e8dd4748fba8f7f1b (HEAD -> master, > > origin/master, origin/HEAD) > > Author: H.J. Lu <hjl.tools@gmail.com> > > Date: Sat Dec 16 08:53:12 2023 -0800 > > > > x86/cet: Don't assume that SHSTK implies IBT > > > > ``` > > > > needs a rebase. > > Here is the rebased patch set: > > https://gitlab.com/x86-glibc/glibc/-/commits/users/hjl/cet/v11b/master?ref_type=heads > > There are no code changes. Any comments on the rest of the patches? > > Thanks. > > -- > H.J. When I try to apply: ``` Applying: x86/cet: Check user_shstk in /proc/cpuinfo error: patch failed: sysdeps/x86/tst-cpu-features-cpuinfo.c:246 error: sysdeps/x86/tst-cpu-features-cpuinfo.c: patch does not apply Patch failed at 0001 x86/cet: Check user_shstk in /proc/cpuinfo hint: Use 'git am --show-current-patch=diff' to see the failed patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". ```