[PATCH] x86: Copy IBT and SHSTK usable only if CET is enabled
H.J. Lu
hjl.tools@gmail.com
Wed Jun 23 21:36:41 GMT 2021
On Wed, Jun 23, 2021 at 2:15 PM Adhemerval Zanella
<adhemerval.zanella@linaro.org> wrote:
>
>
>
> On 23/06/2021 17:41, H.J. Lu wrote:
> >> @@ -216,12 +233,15 @@ do_test (int argc, char **argv)
> >> fails += CHECK_PROC (sgx, SGX);
> >> fails += CHECK_PROC (sgx_lc, SGX_LC);
> >> fails += CHECK_PROC (sha_ni, SHA);
> >> - fails += CHECK_PROC (shstk, SHSTK);
> >> + fails += CHECK_PROC_OPTIN (shstk, SHSTK);
> >
> > Why do you need this? If kernel doesn't support SHSTK, it will be
> > turned off:
> >
> > /* Check CET status. */
> > unsigned int cet_status = get_cet_status ();
> >
> > if ((cet_status & GNU_PROPERTY_X86_FEATURE_1_IBT) == 0)
> > CPU_FEATURE_UNSET (cpu_features, IBT)
> > if ((cet_status & GNU_PROPERTY_X86_FEATURE_1_SHSTK) == 0)
> > CPU_FEATURE_UNSET (cpu_features, SHSTK)
>
> The problem is this is only enabled for CET_ENABLED, the configuration I am using
> does not define __CET__. So the CPU I am using does support SHSTK, but the bit
> ended up not being cleared by glibc.
IBT and SHSTK usable bits are copied from CPUID feature bits and later
cleared if kernel doesn't support CET. Copy IBT and SHSTK usable only
if CET is enabled so that they aren't set on CET capable processors
with non-CET enabled glibc.
Can you try this?
--
H.J.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-x86-Copy-IBT-and-SHSTK-usable-only-if-CET-is-enabled.patch
Type: text/x-patch
Size: 1958 bytes
Desc: not available
URL: <https://sourceware.org/pipermail/libc-alpha/attachments/20210623/0b709f63/attachment-0001.bin>
More information about the Libc-alpha
mailing list