From patchwork Fri Sep 28 20:25:43 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "H.J. Lu" X-Patchwork-Id: 29575 Received: (qmail 40482 invoked by alias); 28 Sep 2018 20:26:28 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 40473 invoked by uid 89); 28 Sep 2018 20:26:27 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-25.0 required=5.0 tests=AWL, BAYES_00, FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.2 spammy=6711, enablecet, enable-cet X-HELO: mail-ot1-f67.google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Zl8AYpsifAD4+riksA7ALrk4qKzVv/jqpeF2X24v16g=; b=efaNDRe5MA734ZtrS+RIjDgrfJ/svrWD7X7ey/qA9ooCOAHKSDsiCQzX2+wQJNfQGi Z3Y+D47RDePd5U5XohdOekdDKK9gK/03aDTWczuiO/WhDFSRkNx/6mnowE4QmPRJqiHF Oc93qKjQmnl8DULx7YUOIan7YoY+Cr4bJWlpu41wlxlXTPDfRMHdnf11OIIDbeBPLx1+ QOCYZoWtwcSjJLDGkjfCpGsWIzpCb3rgnZoiwDkwy3zzYefwlEDWUBRJqxAU5Wkm3jEA OLQGi1xiAF/JBqynM0SKoK45wC6KtnKEwh9eQHtkpN39RvbYzzaerXy5RiE07F2rkYr/ byGw== MIME-Version: 1.0 In-Reply-To: References: <20180926171711.29435-1-hjl.tools@gmail.com> <87a7o45g1d.fsf@oldenburg.str.redhat.com> From: "H.J. Lu" Date: Fri, 28 Sep 2018 13:25:43 -0700 Message-ID: Subject: Re: [PATCH] i386: Use _dl_runtime_[resolve|profile]_shstk for SHSTK [BZ #23716] To: Florian Weimer Cc: GNU C Library On Fri, Sep 28, 2018 at 7:33 AM, H.J. Lu wrote: > On Wed, Sep 26, 2018 at 10:30 AM, H.J. Lu wrote: >> On Wed, Sep 26, 2018 at 10:23 AM, Florian Weimer wrote: >>> * H. J. Lu: >>> >>>> diff --git a/sysdeps/i386/dl-trampoline.S b/sysdeps/i386/dl-trampoline.S >>>> index 6dc0319216..9734f9c981 100644 >>>> --- a/sysdeps/i386/dl-trampoline.S >>>> +++ b/sysdeps/i386/dl-trampoline.S >>>> @@ -33,6 +33,7 @@ >>>> _dl_runtime_resolve: >>>> cfi_adjust_cfa_offset (8) >>>> _CET_ENDBR >>>> + hlt >>>> pushl %eax # Preserve registers otherwise clobbered. >>>> cfi_adjust_cfa_offset (4) >>>> pushl %ecx >>> >>> That doesn't look right. 8-) >>> >> >> This is the change I used to test my fix to verify that the SHSTK resolver >> is used if SHSTK is enabled by kernel. It isn't the part of the fix. >> > > We verified that the fix worked on CET simulator. If there is no objection, > I will check it later today. > > Thanks. This is the patch I am checking in now. From 99226ceb67a8d2afbcf291b5da349ee7432f10db Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Wed, 26 Sep 2018 10:09:05 -0700 Subject: [PATCH] i386: Use _dl_runtime_[resolve|profile]_shstk for SHSTK [BZ #23716] When elf_machine_runtime_setup is called to set up resolver, it should use _dl_runtime_resolve_shstk or _dl_runtime_profile_shstk if SHSTK is enabled by kernel. Tested on i686 with and without --enable-cet as well as on CET emulator with --enable-cet. [BZ #23716] * sysdeps/i386/dl-cet.c: Removed. * sysdeps/i386/dl-machine.h (_dl_runtime_resolve_shstk): New prototype. (_dl_runtime_profile_shstk): Likewise. (elf_machine_runtime_setup): Use _dl_runtime_profile_shstk or _dl_runtime_resolve_shstk if SHSTK is enabled by kernel. Signed-off-by: H.J. Lu --- sysdeps/i386/dl-cet.c | 67 --------------------------------------- sysdeps/i386/dl-machine.h | 13 ++++++-- 2 files changed, 11 insertions(+), 69 deletions(-) delete mode 100644 sysdeps/i386/dl-cet.c diff --git a/sysdeps/i386/dl-cet.c b/sysdeps/i386/dl-cet.c deleted file mode 100644 index 5d9a4e8d51..0000000000 --- a/sysdeps/i386/dl-cet.c +++ /dev/null @@ -1,67 +0,0 @@ -/* Linux/i386 CET initializers function. - Copyright (C) 2018 Free Software Foundation, Inc. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, see - . */ - - -#define LINKAGE static inline -#define _dl_cet_check cet_check -#include -#undef _dl_cet_check - -#ifdef SHARED -void -_dl_cet_check (struct link_map *main_map, const char *program) -{ - cet_check (main_map, program); - - if ((GL(dl_x86_feature_1)[0] & GNU_PROPERTY_X86_FEATURE_1_SHSTK)) - { - /* Replace _dl_runtime_resolve and _dl_runtime_profile with - _dl_runtime_resolve_shstk and _dl_runtime_profile_shstk, - respectively if SHSTK is enabled. */ - extern void _dl_runtime_resolve (Elf32_Word) attribute_hidden; - extern void _dl_runtime_resolve_shstk (Elf32_Word) attribute_hidden; - extern void _dl_runtime_profile (Elf32_Word) attribute_hidden; - extern void _dl_runtime_profile_shstk (Elf32_Word) attribute_hidden; - unsigned int i; - struct link_map *l; - Elf32_Addr *got; - - if (main_map->l_info[DT_JMPREL]) - { - got = (Elf32_Addr *) D_PTR (main_map, l_info[DT_PLTGOT]); - if (got[2] == (Elf32_Addr) &_dl_runtime_resolve) - got[2] = (Elf32_Addr) &_dl_runtime_resolve_shstk; - else if (got[2] == (Elf32_Addr) &_dl_runtime_profile) - got[2] = (Elf32_Addr) &_dl_runtime_profile_shstk; - } - - i = main_map->l_searchlist.r_nlist; - while (i-- > 0) - { - l = main_map->l_initfini[i]; - if (l->l_info[DT_JMPREL]) - { - got = (Elf32_Addr *) D_PTR (l, l_info[DT_PLTGOT]); - if (got[2] == (Elf32_Addr) &_dl_runtime_resolve) - got[2] = (Elf32_Addr) &_dl_runtime_resolve_shstk; - else if (got[2] == (Elf32_Addr) &_dl_runtime_profile) - got[2] = (Elf32_Addr) &_dl_runtime_profile_shstk; - } - } - } -} -#endif diff --git a/sysdeps/i386/dl-machine.h b/sysdeps/i386/dl-machine.h index 1afdcbd9ea..f6cfb90e21 100644 --- a/sysdeps/i386/dl-machine.h +++ b/sysdeps/i386/dl-machine.h @@ -67,6 +67,11 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile) Elf32_Addr *got; extern void _dl_runtime_resolve (Elf32_Word) attribute_hidden; extern void _dl_runtime_profile (Elf32_Word) attribute_hidden; + extern void _dl_runtime_resolve_shstk (Elf32_Word) attribute_hidden; + extern void _dl_runtime_profile_shstk (Elf32_Word) attribute_hidden; + /* Check if SHSTK is enabled by kernel. */ + bool shstk_enabled + = (GL(dl_x86_feature_1)[0] & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != 0; if (l->l_info[DT_JMPREL] && lazy) { @@ -93,7 +98,9 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile) end in this function. */ if (__glibc_unlikely (profile)) { - got[2] = (Elf32_Addr) &_dl_runtime_profile; + got[2] = (shstk_enabled + ? (Elf32_Addr) &_dl_runtime_profile_shstk + : (Elf32_Addr) &_dl_runtime_profile); if (GLRO(dl_profile) != NULL && _dl_name_match_p (GLRO(dl_profile), l)) @@ -104,7 +111,9 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile) else /* This function will get called to fix up the GOT entry indicated by the offset on the stack, and then jump to the resolved address. */ - got[2] = (Elf32_Addr) &_dl_runtime_resolve; + got[2] = (shstk_enabled + ? (Elf32_Addr) &_dl_runtime_resolve_shstk + : (Elf32_Addr) &_dl_runtime_resolve); } return lazy; -- 2.17.1