From patchwork Wed Dec 6 17:20:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "H.J. Lu" X-Patchwork-Id: 81547 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 89C5E3858C60 for ; Wed, 6 Dec 2023 17:22:22 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pf1-x434.google.com (mail-pf1-x434.google.com [IPv6:2607:f8b0:4864:20::434]) by sourceware.org (Postfix) with ESMTPS id 40202385AC11 for ; Wed, 6 Dec 2023 17:20:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 40202385AC11 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 40202385AC11 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::434 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1701883230; cv=none; b=DVeuD6r/g0wK+VuduEGqogpWxzL46FoyqEQrtkKiEP0b/EaxQrNLspi8E5h4dRXXuolLrceF/ouAJrN1Wob8rNH6S+hYFdVQelVEjnYtd/0xVmIWd5r4fuNghdR2I2gZrmPKeGCw8ARQV4kShKlM9IBNhiKrEDqcrwqTkDhKLlc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1701883230; c=relaxed/simple; bh=TbbKXol4dplac/fN2Lhtbgcm6bquwYuTPcEpG6ZOLDk=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=MTKoJiNOe3qA9c0iNUDTMKwQ2By6rfu55sVJV3C7Y8auqWm/zrOvNfWMKgsAwfFXmHfCuG8IJv6iuBYn3Bq59lUosKBE0uKQHcjghSlPB8x2Cqc3fxoOB87GleJGs8+vDU57cjWvT1aj8nBnJjk1mL4nHnaqhg4avBD3MGa80mg= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x434.google.com with SMTP id d2e1a72fcca58-6cbd24d9557so39692b3a.1 for ; Wed, 06 Dec 2023 09:20:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1701883219; x=1702488019; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ANRVNjPijP3Z9eM3L0G9RkyDQHQgPqv1CKkr0Ocdpjs=; b=hPSQMcQNuqI1glhKil4yPryNyTRw3vPCSipVW+eBaAnGQgeJdRWTvXQSYsvSlnxG/O cGQA/f7qevE8vOPFDzbiMvOlRGNr9/vKTbYrkjWlmZdjArF+FHosl96s5nmfUNl/vyt7 uQgU6lgD2vrqu6mS47EyzBOn9y0IpQNLMR6rAc+TDePFgtfIfShAbfSZ8GHesg6Z6IxD j9ewE4L9mMnEvFjfou3YENiKNw/dAMTsJpmuHdRMm/qRzEPMtTIXJQNbH/jvzhO0PyEl 3t7ZkmdmYemCKtmuvY2hcHrWEoWO9OkWrOeoYG1MzqHo1A5pFasMVPcFe3eZENme5UoQ iGuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701883219; x=1702488019; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ANRVNjPijP3Z9eM3L0G9RkyDQHQgPqv1CKkr0Ocdpjs=; b=jFYnwbEZEQSjA0ZhFFVGC28pPuKAZqB8qhUrVtAuIhl8LnY5onjQb2R2K38/b6N8DX 1yTPAaIhF+tSd+zfdSh3R9ckFaIg1a6/evhxFLWV8/2IdoiawfGtKUlGyut2RHHp0/aC z6lIwVM/Krva7foaOhGPBtwZaJndWwO2jpTMhKeErZeH79EafN/6CeziNa0WbvzfunOi i9VAyjAB2wLRunnrHwz5Qb7Fl6CGOCcnIYpVJrhsIMKa9gdvswmJ60xifbfqZUDB4neF 3PQy77apqy5N4E3HKv2H6QtvUWLF6c5Yrk/oIXxmTs6ohXOOB1ZQBo25mXmHTdjs1x9S ilqQ== X-Gm-Message-State: AOJu0YxWAssqRED9V0O1oauggCgQNmYd08OvxTh0olZP3+T07j0+r+io zVSR/mbOWBVNI75SJh6WgwtJu90M6bU= X-Google-Smtp-Source: AGHT+IGfhPhOyo6q+XUlNo/qMPDPZ3lnpVOlHe34QpYssZJVxK6YPD1kOxzFMTct+ojlKHpc6CmFTA== X-Received: by 2002:aa7:888a:0:b0:6c3:4bf2:7486 with SMTP id z10-20020aa7888a000000b006c34bf27486mr1844938pfe.7.1701883219079; Wed, 06 Dec 2023 09:20:19 -0800 (PST) Received: from gnu-cfl-3.localdomain ([172.59.161.253]) by smtp.gmail.com with ESMTPSA id q14-20020a62ae0e000000b006ce77ffcc75sm219510pff.165.2023.12.06.09.20.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Dec 2023 09:20:16 -0800 (PST) Received: from gnu-cfl-3.. (localhost [IPv6:::1]) by gnu-cfl-3.localdomain (Postfix) with ESMTP id 0456D740637; Wed, 6 Dec 2023 09:20:11 -0800 (PST) From: "H.J. Lu" To: libc-alpha@sourceware.org Cc: rick.p.edgecombe@intel.com Subject: [PATCH 14/17] x86/cet: Check feature_1 in TCB for active IBT and SHSTK Date: Wed, 6 Dec 2023 09:20:07 -0800 Message-ID: <20231206172010.1023415-15-hjl.tools@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231206172010.1023415-1-hjl.tools@gmail.com> References: <20231206172010.1023415-1-hjl.tools@gmail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-3025.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Initially, IBT and SHSTK are marked as active when CPU supports them and CET are enabled in glibc. They can be disabled early by tunables before relocation. Since after relocation, GLRO(dl_x86_cpu_features) becomes read-only, we can't update GLRO(dl_x86_cpu_features) to mark IBT and SHSTK as inactive. Instead, check the feature_1 field in TCB to decide if IBT and SHST are active. --- sysdeps/x86/bits/platform/x86.h | 8 ++++++++ sysdeps/x86/get-cpuid-feature-leaf.c | 11 ++++++++++- sysdeps/x86/sys/platform/x86.h | 17 +++++++++++++++++ 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/sysdeps/x86/bits/platform/x86.h b/sysdeps/x86/bits/platform/x86.h index 1e23d53ba2..1575ae53fb 100644 --- a/sysdeps/x86/bits/platform/x86.h +++ b/sysdeps/x86/bits/platform/x86.h @@ -337,3 +337,11 @@ enum x86_cpu_AVX10_YMM = x86_cpu_index_24_ecx_0_ebx + 17, x86_cpu_AVX10_ZMM = x86_cpu_index_24_ecx_0_ebx + 18, }; + +/* Bits in the feature_1 field in TCB. */ + +enum +{ + x86_feature_1_ibt = 1U << 0, + x86_feature_1_shstk = 1U << 1 +}; diff --git a/sysdeps/x86/get-cpuid-feature-leaf.c b/sysdeps/x86/get-cpuid-feature-leaf.c index 9317a6b494..f69936b31e 100644 --- a/sysdeps/x86/get-cpuid-feature-leaf.c +++ b/sysdeps/x86/get-cpuid-feature-leaf.c @@ -15,9 +15,18 @@ License along with the GNU C Library; if not, see . */ - +#include +#include #include +#ifdef __x86_64__ +# ifdef __LP64__ +_Static_assert (FEATURE_1_OFFSET == 72, "FEATURE_1_OFFSET != 72"); +# else +_Static_assert (FEATURE_1_OFFSET == 40, "FEATURE_1_OFFSET != 40"); +# endif +#endif + const struct cpuid_feature * __x86_get_cpuid_feature_leaf (unsigned int leaf) { diff --git a/sysdeps/x86/sys/platform/x86.h b/sysdeps/x86/sys/platform/x86.h index 1ea2c5fc0b..89b1b16f22 100644 --- a/sysdeps/x86/sys/platform/x86.h +++ b/sysdeps/x86/sys/platform/x86.h @@ -45,6 +45,23 @@ x86_cpu_present (unsigned int __index) static __inline__ _Bool x86_cpu_active (unsigned int __index) { + if (__index == x86_cpu_IBT || __index == x86_cpu_SHSTK) + { +#ifdef __x86_64__ + unsigned int __feature_1; +# ifdef __LP64__ + __asm__ ("mov %%fs:72, %0" : "=r" (__feature_1)); +# else + __asm__ ("mov %%fs:40, %0" : "=r" (__feature_1)); +# endif + if (__index == x86_cpu_IBT) + return __feature_1 & x86_feature_1_ibt; + else + return __feature_1 & x86_feature_1_shstk; +#else + return false; +#endif + } const struct cpuid_feature *__ptr = __x86_get_cpuid_feature_leaf (__index / (8 * sizeof (unsigned int) * 4)); unsigned int __reg