From patchwork Sat Dec 16 16:53:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "H.J. Lu" X-Patchwork-Id: 82305 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B43F8384CBBD for ; Sat, 16 Dec 2023 16:55:35 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-ot1-x32b.google.com (mail-ot1-x32b.google.com [IPv6:2607:f8b0:4864:20::32b]) by sourceware.org (Postfix) with ESMTPS id A1F54384DEEF for ; Sat, 16 Dec 2023 16:53:34 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A1F54384DEEF Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org A1F54384DEEF Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::32b ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1702745616; cv=none; b=MMKTv++hlAhYQ1WKVuL1AgojIw8fZwYeTf30OEpga9hzoEpuLnfOqdjl2MqDrFoldP+qElkaZRTnPaYtzIXwMXPG7SVQD/uql/fQoq2xxM8/L/6fLuKHWjp33/AVMsOD3XXk6onhsiej7dpSNbeCulaVlvyR55x5qeJF/ADaILs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1702745616; c=relaxed/simple; bh=TbbKXol4dplac/fN2Lhtbgcm6bquwYuTPcEpG6ZOLDk=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=b01+z5tTDYgx4NuQZ4hafrcBo+sirifJ5dleFNjk+t8Q9U7b1vmmXcK+RfM6KzBCiqfV5Bmoa3zkeBChOcX/ZUh6rNkYI1KUOU98WSZxYCuiArDzBLZC6dun9f2iSp7petdqX0X1ApzgV/akIjX5OEMdvmgZ35K4A+syvTRNloM= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-ot1-x32b.google.com with SMTP id 46e09a7af769-6da3659535fso1534338a34.3 for ; Sat, 16 Dec 2023 08:53:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702745614; x=1703350414; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ANRVNjPijP3Z9eM3L0G9RkyDQHQgPqv1CKkr0Ocdpjs=; b=TgVKSlzI9h9j45OmLRN6+vTeh9kJxNtPRAKD3ibhT93scBBzgE7VXBreaEJyAjYio/ mOlFK03o8Nm7HKc652uuOV9awCKXn5GZApd3a9PFQqg0WHZqjB2y1lyY8dMBdrigsgZf 6Xj5P9dzNj1Vlm2nkPlSWtxSuSH0uB+oDaG3mw5NHrxh6sNORsv3n4vXBMvjtCnDDo13 PoT2hPcx17XzeSYpQkgEDUOP6FEBroQjkFJHgLBKyLERDXZYdn4W9NGAa5xnAjDo6ki/ F3VsEQ8+JSw7vSx16r8O87APZhPYGXFXeDt/UtGXGh2bSKjdQMzbWu4bW66I+1iCP56N 1+EA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702745614; x=1703350414; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ANRVNjPijP3Z9eM3L0G9RkyDQHQgPqv1CKkr0Ocdpjs=; b=UTGO6m30S7qzNZh1B9jUhbeJzF+au/sLX5c36kc8JTcrfJqAP/jrSV/uGuN+oI+XvQ 1xO9GoCrdCjWNxPicMzYUsOX0KRa/wB53zm5bF70mFJW2AfRtbCDlnd+W20MhqDUQA/g hg3e5D50wFKNNNurOZQY1EHK1gV7chxjyjoc1Gu31a1AAgbGbZe3GGaaOVq61Wux2oEB 1kIjQ4fo7dlvp4SDmlWkKgwU6b4l10AHEl6wPGplhQ32iw9h7FOQa0qd7W3j+aPS8wDt AEopm2AWUydCa9LqVmuosp5kiwoSHhFPzF3q/duIPiQUnWzG123+uFcsYlmQKDvXQP+r AFLQ== X-Gm-Message-State: AOJu0YzwgX1dUxH4w8KTSDBKlZ75VB08QQjbs/C3bq9zZhVgKxZFdc3I mdBt2YnyH+4kbyftupsdwpz3qPFqmG0= X-Google-Smtp-Source: AGHT+IFPGP0ziAtQNvr5rjWFX8T2enGPBWRH1exXkwCVvJwoLK9na1kKVMjVICtiB+ez7h618pUVlg== X-Received: by 2002:a9d:6e0e:0:b0:6da:4246:c9c1 with SMTP id e14-20020a9d6e0e000000b006da4246c9c1mr4608812otr.54.1702745613925; Sat, 16 Dec 2023 08:53:33 -0800 (PST) Received: from gnu-cfl-3.localdomain ([172.59.129.147]) by smtp.gmail.com with ESMTPSA id k63-20020a632442000000b00578b8fab907sm621648pgk.73.2023.12.16.08.53.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 16 Dec 2023 08:53:32 -0800 (PST) Received: from gnu-cfl-3.. (localhost [IPv6:::1]) by gnu-cfl-3.localdomain (Postfix) with ESMTP id EFD4774063D; Sat, 16 Dec 2023 08:53:25 -0800 (PST) From: "H.J. Lu" To: libc-alpha@sourceware.org Cc: rick.p.edgecombe@intel.com Subject: [PATCH v2 13/16] x86/cet: Check feature_1 in TCB for active IBT and SHSTK Date: Sat, 16 Dec 2023 08:53:22 -0800 Message-ID: <20231216165325.2584919-14-hjl.tools@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231216165325.2584919-1-hjl.tools@gmail.com> References: <20231216165325.2584919-1-hjl.tools@gmail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-3024.8 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Initially, IBT and SHSTK are marked as active when CPU supports them and CET are enabled in glibc. They can be disabled early by tunables before relocation. Since after relocation, GLRO(dl_x86_cpu_features) becomes read-only, we can't update GLRO(dl_x86_cpu_features) to mark IBT and SHSTK as inactive. Instead, check the feature_1 field in TCB to decide if IBT and SHST are active. --- sysdeps/x86/bits/platform/x86.h | 8 ++++++++ sysdeps/x86/get-cpuid-feature-leaf.c | 11 ++++++++++- sysdeps/x86/sys/platform/x86.h | 17 +++++++++++++++++ 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/sysdeps/x86/bits/platform/x86.h b/sysdeps/x86/bits/platform/x86.h index 1e23d53ba2..1575ae53fb 100644 --- a/sysdeps/x86/bits/platform/x86.h +++ b/sysdeps/x86/bits/platform/x86.h @@ -337,3 +337,11 @@ enum x86_cpu_AVX10_YMM = x86_cpu_index_24_ecx_0_ebx + 17, x86_cpu_AVX10_ZMM = x86_cpu_index_24_ecx_0_ebx + 18, }; + +/* Bits in the feature_1 field in TCB. */ + +enum +{ + x86_feature_1_ibt = 1U << 0, + x86_feature_1_shstk = 1U << 1 +}; diff --git a/sysdeps/x86/get-cpuid-feature-leaf.c b/sysdeps/x86/get-cpuid-feature-leaf.c index 9317a6b494..f69936b31e 100644 --- a/sysdeps/x86/get-cpuid-feature-leaf.c +++ b/sysdeps/x86/get-cpuid-feature-leaf.c @@ -15,9 +15,18 @@ License along with the GNU C Library; if not, see . */ - +#include +#include #include +#ifdef __x86_64__ +# ifdef __LP64__ +_Static_assert (FEATURE_1_OFFSET == 72, "FEATURE_1_OFFSET != 72"); +# else +_Static_assert (FEATURE_1_OFFSET == 40, "FEATURE_1_OFFSET != 40"); +# endif +#endif + const struct cpuid_feature * __x86_get_cpuid_feature_leaf (unsigned int leaf) { diff --git a/sysdeps/x86/sys/platform/x86.h b/sysdeps/x86/sys/platform/x86.h index 1ea2c5fc0b..89b1b16f22 100644 --- a/sysdeps/x86/sys/platform/x86.h +++ b/sysdeps/x86/sys/platform/x86.h @@ -45,6 +45,23 @@ x86_cpu_present (unsigned int __index) static __inline__ _Bool x86_cpu_active (unsigned int __index) { + if (__index == x86_cpu_IBT || __index == x86_cpu_SHSTK) + { +#ifdef __x86_64__ + unsigned int __feature_1; +# ifdef __LP64__ + __asm__ ("mov %%fs:72, %0" : "=r" (__feature_1)); +# else + __asm__ ("mov %%fs:40, %0" : "=r" (__feature_1)); +# endif + if (__index == x86_cpu_IBT) + return __feature_1 & x86_feature_1_ibt; + else + return __feature_1 & x86_feature_1_shstk; +#else + return false; +#endif + } const struct cpuid_feature *__ptr = __x86_get_cpuid_feature_leaf (__index / (8 * sizeof (unsigned int) * 4)); unsigned int __reg