This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH 00/12] x86/CET: The last 12 patches to enable Intel CET


On 07/21/2018 10:20 AM, H.J. Lu wrote:
> These are the last 12 patches to enable Intel CET.  Tested by
> 
> 1. build-many-glibcs.py.
> 2. With --enable-cet and without --enable-cet for i686, x86-64 and x32
> on non-CET x86-64 processors.
> 3. With --enable-cet for x86-64 and x32 on CET SDV using the CET kernel
> from cet branch at:
> 
> https://github.com/yyu168/linux_cet/tree/cet
> 
> When the shadow stack (SHSTK) is enabled, makecontext needs to allocate
> a new shadow stack to go with the new stack allocated by the caller.
> setcontext and swapcontext must properly handle the corresponding shadow
> stack when the stack is switched.  Add more tests for user context
> functions to provide more coverage for the shadow stack support.

Thanks for putting this together for review.

Again, I think this should be ready for inclusion in 2.28.

We have spent a lot of time discussing CET and how it should be
handled. While I wanted to avoid a flag change, I know we can't
if we want to support *context() and that's OK.

At a high level we could still backport CET into various distributions,
but enabling it would disable *context() (because of the ABI change),
and that might be an OK position to take.

Cheers,
Carlos.
 
> H.J. Lu (12):
>   x86: Update vfork to pop shadow stack
>   x86-64: Add endbr64 to tst-quadmod[12].S
>   Add <bits/indirect-return.h>
>   x86/CET: Extend arch_prctl syscall for CET control
>   x86: Rename __glibc_reserved2 to ssp_base in tcbhead_t
>   x86-64/CET: Extend ucontext_t to save shadow stack
>   x86/CET: Add tests with legacy non-CET shared objects
>   Add a test for swapcontext with a wrapper
>   Add a test for multiple makecontext calls
>   Add another test for setcontext
>   Add a test for multiple setcontext calls
>   Add tests for setcontext on the context from makecontext
> 
>  bits/indirect-return.h                        |  25 ++
>  misc/sys/cdefs.h                              |   6 +
>  stdlib/Makefile                               |   7 +-
>  stdlib/tst-setcontext4.c                      | 217 ++++++++++++++++++
>  stdlib/tst-setcontext5.c                      |  88 +++++++
>  stdlib/tst-setcontext6.c                      |  76 ++++++
>  stdlib/tst-setcontext7.c                      |  96 ++++++++
>  stdlib/tst-setcontext8.c                      |  81 +++++++
>  stdlib/tst-setcontext9.c                      | 100 ++++++++
>  stdlib/tst-swapcontext1.c                     |  92 ++++++++
>  stdlib/tst-swapcontext2.c                     | 108 +++++++++
>  stdlib/ucontext.h                             |   6 +-
>  string/tst-xbzero-opt.c                       |  10 +-
>  sysdeps/i386/nptl/tcb-offsets.sym             |   1 +
>  sysdeps/i386/nptl/tls.h                       |   3 +-
>  sysdeps/unix/sysv/linux/Makefile              |   3 +-
>  sysdeps/unix/sysv/linux/bits/prctl.h          |  21 ++
>  sysdeps/unix/sysv/linux/i386/vfork.S          |  54 +++++
>  sysdeps/unix/sysv/linux/sys/prctl.h           |   1 +
>  sysdeps/unix/sysv/linux/x86/bits/prctl.h      |  48 ++++
>  sysdeps/unix/sysv/linux/x86/cpu-features.c    |   7 +
>  sysdeps/unix/sysv/linux/x86/dl-cet.h          |  29 ++-
>  sysdeps/unix/sysv/linux/x86/sys/ucontext.h    |   2 +
>  .../unix/sysv/linux/x86_64/__start_context.S  |  75 ++++++
>  sysdeps/unix/sysv/linux/x86_64/getcontext.S   |  17 ++
>  sysdeps/unix/sysv/linux/x86_64/makecontext.c  |  56 ++++-
>  sysdeps/unix/sysv/linux/x86_64/setcontext.S   | 139 +++++++++++
>  sysdeps/unix/sysv/linux/x86_64/swapcontext.S  | 150 ++++++++++++
>  sysdeps/unix/sysv/linux/x86_64/sysdep.h       |   5 +
>  sysdeps/unix/sysv/linux/x86_64/ucontext_i.sym |   1 +
>  sysdeps/unix/sysv/linux/x86_64/vfork.S        |  35 +++
>  sysdeps/x86/Makefile                          |  38 +++
>  sysdeps/x86/bits/indirect-return.h            |  35 +++
>  sysdeps/x86/libc-start.c                      |   3 +
>  sysdeps/x86/tst-cet-legacy-1.c                |  44 ++++
>  sysdeps/x86/tst-cet-legacy-2.c                |  64 ++++++
>  sysdeps/x86/tst-cet-legacy-2a.c               |   1 +
>  sysdeps/x86/tst-cet-legacy-3.c                |  88 +++++++
>  sysdeps/x86/tst-cet-legacy-4.c                |  56 +++++
>  sysdeps/x86/tst-cet-legacy-4a.c               |   1 +
>  sysdeps/x86/tst-cet-legacy-4b.c               |   1 +
>  sysdeps/x86/tst-cet-legacy-4c.c               |   1 +
>  sysdeps/x86/tst-cet-legacy-mod-1.c            |  24 ++
>  sysdeps/x86/tst-cet-legacy-mod-2.c            |  24 ++
>  sysdeps/x86/tst-cet-legacy-mod-4.c            |   2 +
>  sysdeps/x86_64/nptl/tcb-offsets.sym           |   1 +
>  sysdeps/x86_64/nptl/tls.h                     |  10 +-
>  sysdeps/x86_64/tst-quadmod1.S                 |   6 +
>  sysdeps/x86_64/tst-quadmod2.S                 |   6 +
>  49 files changed, 1950 insertions(+), 14 deletions(-)
>  create mode 100644 bits/indirect-return.h
>  create mode 100644 stdlib/tst-setcontext4.c
>  create mode 100644 stdlib/tst-setcontext5.c
>  create mode 100644 stdlib/tst-setcontext6.c
>  create mode 100644 stdlib/tst-setcontext7.c
>  create mode 100644 stdlib/tst-setcontext8.c
>  create mode 100644 stdlib/tst-setcontext9.c
>  create mode 100644 stdlib/tst-swapcontext1.c
>  create mode 100644 stdlib/tst-swapcontext2.c
>  create mode 100644 sysdeps/unix/sysv/linux/bits/prctl.h
>  create mode 100644 sysdeps/unix/sysv/linux/x86/bits/prctl.h
>  create mode 100644 sysdeps/x86/bits/indirect-return.h
>  create mode 100644 sysdeps/x86/tst-cet-legacy-1.c
>  create mode 100644 sysdeps/x86/tst-cet-legacy-2.c
>  create mode 100644 sysdeps/x86/tst-cet-legacy-2a.c
>  create mode 100644 sysdeps/x86/tst-cet-legacy-3.c
>  create mode 100644 sysdeps/x86/tst-cet-legacy-4.c
>  create mode 100644 sysdeps/x86/tst-cet-legacy-4a.c
>  create mode 100644 sysdeps/x86/tst-cet-legacy-4b.c
>  create mode 100644 sysdeps/x86/tst-cet-legacy-4c.c
>  create mode 100644 sysdeps/x86/tst-cet-legacy-mod-1.c
>  create mode 100644 sysdeps/x86/tst-cet-legacy-mod-2.c
>  create mode 100644 sysdeps/x86/tst-cet-legacy-mod-4.c
> 


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]