From patchwork Tue Dec 19 16:07:31 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hjl.tools@gmail.com>
X-Patchwork-Id: 56532
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 78D843861807
	for <patchwork@sourceware.org>; Tue, 19 Dec 2023 16:08:28 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com
 [IPv6:2607:f8b0:4864:20::42b])
 by sourceware.org (Postfix) with ESMTPS id DD41F3857340
 for <libc-alpha@sourceware.org>; Tue, 19 Dec 2023 16:08:10 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org DD41F3857340
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org DD41F3857340
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=2607:f8b0:4864:20::42b
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703002092; cv=none;
 b=TzesVXxLOg3zt7HOmj551HSJSgV6TFmhwqMJWEixFrxXfwYn+jHTQyVOt31KLTUC/UMkKSB4klt6N+NlvseCQ7iBMEIs86KUywltyxdrZsfBzOSnmIc8N1M5fO7mXwJL7ZwKwiUSb9vuczd4/3/Dyk8SS+04w7pVRgv4SWiARNo=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1703002092; c=relaxed/simple;
 bh=pI/1U5Tli3jwoxOHnHljQt13HwteVm/lUJfhujx4qFU=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=e+GvrY3o9YDEbhntKi/NpBoNuKbUtgRyEIV6+AtwclTk265yLLpf5ukBDfmDhjjSmuqxCjs45ztbWhgpcyWsD5YQ5yc28d9FnNK6Tn2OEIXU183baGNTcmPrgmR9aVsMh69U/XdS3/uZIQbYPT+HPH5TwEau39jEe51C+cIVG3k=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by mail-pf1-x42b.google.com with SMTP id
 d2e1a72fcca58-6d9344f30caso611677b3a.1
 for <libc-alpha@sourceware.org>; Tue, 19 Dec 2023 08:08:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1703002090; x=1703606890; darn=sourceware.org;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=EOg/quDECIa40BVN3HP60iYLl1Le1G+G1293RrRI4GE=;
 b=Bkr6ANHkztbOdcQ+8DuTyPc/SbvR94ZtsXycxrsTnSqVCzRRYaG8xE1pjkh3C4kvD0
 SdQxX2Twaux1c42HarT0GM6eWK4Z7ZJL59hZtQUkWFkQMxlkTmCkFLj5lsyd6BWlcKLb
 iQOKujfcoyCVWigconf5oc7OFyM2HQF+z/yal5reHFIoL82InEyF2BiqunY/Isuy70vM
 fEVQg8ELii2mKC2zrByreAZlBtAdwHUoJZHxGjwgHFBAMr52kNF2PJtBHxe9LORtMU5Y
 zEsdSRnjzin6srv4xq/qgc84fCYGd5myqdyskY+9aULVqEuQQK/Srgip2+QDupOHZbHc
 KKiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1703002090; x=1703606890;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=EOg/quDECIa40BVN3HP60iYLl1Le1G+G1293RrRI4GE=;
 b=BpPD6YdmIzoOBHFWqkgDOPovOnuuL217cmnhXpofU39MDma6oyBaqbZzBv7pS6jpFb
 QxoQVVzbRN+QP5aYz7b3PweeyjEiHNoUHX1we6TkEzWnfdyPAJDSYM97V3+Tjg+VURAA
 l7AwRlg+6p+o0Big52Y3fALzNvNz1h0whFxBEX9quRxroHXwRUnpDKMInvFpxAAtAHaA
 O8au3iATY6X1wryhdP5u9YcATvdbzExQrNf5eUujTFu+AGZaNT8LycJyX9XBB8SMmLcH
 d5oFR+ZPaMYZbKlPdlMYmK9aZ9c1mwU4uw5aoUV46fzGBYg/aXiYrwah1UKTa7SkM0kg
 mG0w==
X-Gm-Message-State: AOJu0YwhLqId3639JN23Bocumvu7P9MZ1ljwNiaszYICmmBPiUyUQYQc
 eq8ARn4jHwOYHxAUAg4/uGDLy+mGuVU=
X-Google-Smtp-Source: 
 AGHT+IGGChQyJgf9Vn2Srqn6vnEvY6lRHMntLTvezueCYGWcfaE+VezG/zmwZEFXLL2ZP//6A8Q8kA==
X-Received: by 2002:a05:6a00:21cb:b0:6d4:70ec:73e with SMTP id
 t11-20020a056a0021cb00b006d470ec073emr1887859pfj.3.1703002089785;
 Tue, 19 Dec 2023 08:08:09 -0800 (PST)
Received: from gnu-cfl-3.localdomain ([172.59.129.147])
 by smtp.gmail.com with ESMTPSA id
 i18-20020a63e452000000b005cd7dd8708dsm5873053pgk.52.2023.12.19.08.07.47
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 19 Dec 2023 08:07:55 -0800 (PST)
Received: from gnu-cfl-3.. (localhost [IPv6:::1])
 by gnu-cfl-3.localdomain (Postfix) with ESMTP id 133237402D7;
 Tue, 19 Dec 2023 08:07:41 -0800 (PST)
From: "H.J. Lu" <hjl.tools@gmail.com>
To: libc-alpha@sourceware.org
Cc: goldstein.w.n@gmail.com,
	rick.p.edgecombe@intel.com
Subject: [PATCH v3 0/9] x86/cet: Update CET kernel interface
Date: Tue, 19 Dec 2023 08:07:31 -0800
Message-ID: <20231219160740.3079330-1-hjl.tools@gmail.com>
X-Mailer: git-send-email 2.43.0
MIME-Version: 1.0
X-Spam-Status: No, score=-3018.8 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org

Changes in v3:

1. Remove test 7 patches which have been checked into master branch.

Changes in v2:

1. Add add extra 20 stack frames in shadow stack for signal handlers
when allocating shadow stack for ucontexts.
2. Remove the "x86: Check PT_GNU_PROPERTY early" patch which has been
checked into master branch.


Linux kernel 6.6 added SHSTK support for x86-64.  This patch set updates
CET kernel interface to Linux kernel 6.6.  The main difference from the
current glibc assumption is that SHSTK is enabled by glibc, instead of
kernel.  Glibc enables SHSTK after verifying that the application and
all dependency libraries are CET enabled.  SHSTK can only be enabled in a
function which will never return.  Otherwise, shadow stack will underflow
at the function return.

Not all CET enabled applications and libraries have been properly tested
in CET enabled environments.  Some CET enabled applications or libraries
will crash or misbehave when CET is enabled.  Don't set CET active by
default so that all applications and libraries will run normally regardless
of whether CET is active or not.  Shadow stack can be enabled by

$ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK

at run-time if shadow stack can be enabled by kernel.

Since only x86-64 is supported, i386 shadow stack codes are unchanged
and CET shouldn't be enabled for i386.

NB: This change can be reverted if it is OK to enable CET by default for
all applications and libraries.

Tested on Intel Tiger Lake under Linux kernel 6.6.7.


*** BLURB HERE ***

H.J. Lu (9):
  x86/cet: Update tst-cet-vfork-1
  x86: Modularize sysdeps/x86/dl-cet.c
  x86/cet: Sync with Linux kernel 6.6 shadow stack interface
  elf: Always provide _dl_get_dl_main_map in libc.a
  x86/cet: Enable shadow stack during startup
  x86/cet: Check feature_1 in TCB for active IBT and SHSTK
  x86/cet: Don't disable CET if not single threaded
  x86/cet: Don't set CET active by default
  x86/cet: Run some CET tests with shadow stack

 elf/dl-support.c                              |   2 -
 sysdeps/generic/ldsodefs.h                    |   8 +-
 sysdeps/unix/sysv/linux/x86/Makefile          |   1 +
 .../sysv/linux/x86/allocate-shadow-stack.c    |  62 +++
 ...cpu-features.c => allocate-shadow-stack.h} |  33 +-
 sysdeps/unix/sysv/linux/x86/bits/mman.h       |   5 +
 sysdeps/unix/sysv/linux/x86/dl-cet.h          |  39 +-
 .../unix/sysv/linux/x86/include/asm/prctl.h   |  37 +-
 .../sysv/linux/x86/tst-cet-setcontext-1.c     |  17 +-
 sysdeps/unix/sysv/linux/x86/tst-cet-vfork-1.c |  43 +-
 .../unix/sysv/linux/x86_64/__start_context.S  |  38 +-
 sysdeps/unix/sysv/linux/x86_64/dl-cet.h       |  47 ++
 sysdeps/unix/sysv/linux/x86_64/getcontext.S   |  30 +-
 sysdeps/unix/sysv/linux/x86_64/makecontext.c  |  29 +-
 sysdeps/unix/sysv/linux/x86_64/swapcontext.S  |  22 +-
 sysdeps/x86/Makefile                          |  14 +
 sysdeps/x86/bits/platform/x86.h               |   8 +
 sysdeps/x86/cpu-features-offsets.sym          |   1 +
 sysdeps/x86/cpu-features.c                    |  48 +-
 sysdeps/x86/cpu-tunables.c                    |  17 +-
 sysdeps/x86/dl-cet.c                          | 462 +++++++++++-------
 sysdeps/x86/get-cpuid-feature-leaf.c          |  13 +-
 sysdeps/x86/include/cpu-features.h            |   3 +
 sysdeps/x86/libc-start.h                      |  54 +-
 sysdeps/x86/sys/platform/x86.h                |  17 +
 sysdeps/x86/tst-shstk-legacy-1e-static.sh     |   1 +
 sysdeps/x86/tst-shstk-legacy-1e.sh            |   1 +
 sysdeps/x86/tst-shstk-legacy-1g.sh            |   1 +
 sysdeps/x86_64/dl-machine.h                   |  12 +-
 sysdeps/x86_64/nptl/tls.h                     |   2 +-
 30 files changed, 658 insertions(+), 409 deletions(-)
 create mode 100644 sysdeps/unix/sysv/linux/x86/allocate-shadow-stack.c
 rename sysdeps/unix/sysv/linux/x86/{cpu-features.c => allocate-shadow-stack.h} (53%)
 create mode 100644 sysdeps/unix/sysv/linux/x86_64/dl-cet.h