[PATCH v2 00/16] x86/cet: Update CET kernel interface

Noah Goldstein goldstein.w.n@gmail.com
Mon Dec 18 17:50:42 GMT 2023 

On Sat, Dec 16, 2023 at 10:53 AM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> Changes in v2:
>
> 1. Add add extra 20 stack frames in shadow stack for signal handlers
> when allocating shadow stack for ucontexts.
> 2. Remove the "x86: Check PT_GNU_PROPERTY early" patch which has been
> checked into master branch.
>
>
> Linux kernel 6.6 added SHSTK support for x86-64.  This patch set updates
> CET kernel interface to Linux kernel 6.6.  The main difference from the
> current glibc assumption is that SHSTK is enabled by glibc, instead of
> kernel.  Glibc enables SHSTK after verifying that the application and
> all dependency libraries are CET enabled.  SHSTK can only be enabled in a
> function which will never return.  Otherwise, shadow stack will underflow
> at the function return.
>
> Not all CET enabled applications and libraries have been properly tested
> in CET enabled environments.  Some CET enabled applications or libraries
> will crash or misbehave when CET is enabled.  Don't set CET active by
> default so that all applications and libraries will run normally regardless
> of whether CET is active or not.  Shadow stack can be enabled by
>
> $ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK
>
> at run-time if shadow stack can be enabled by kernel.
>
> Since only x86-64 is supported, i386 shadow stack codes are unchanged
> and CET shouldn't be enabled for i386.
>
> NB: This change can be reverted if it is OK to enable CET by default for
> all applications and libraries.
>
> Tested on Intel Tiger Lake under Linux kernel 6.6.7.
>
> H.J. Lu (16):
>   x86/cet: Check user_shstk in /proc/cpuinfo
>   x86/cet: Update tst-cet-vfork-1
>   x86/cet: Don't assume that SHSTK implies IBT
>   x86/cet: Check legacy shadow stack applications
>   x86/cet: Check CPU_FEATURE_ACTIVE when CET is disabled
>   x86/cet: Add tests for GLIBC_TUNABLES=glibc.cpu.hwcaps=-SHSTK
>   x86/cet: Check legacy shadow stack code in .init_array section
>   x86/cet: Check CPU_FEATURE_ACTIVE in permissive mode
>   x86: Modularize sysdeps/x86/dl-cet.c
>   x86/cet: Sync with Linux kernel 6.6 shadow stack interface
>   elf: Always provide _dl_get_dl_main_map in libc.a
>   x86/cet: Enable shadow stack during startup
>   x86/cet: Check feature_1 in TCB for active IBT and SHSTK
>   x86/cet: Don't disable CET if not single threaded
>   x86/cet: Don't set CET active by default
>   x86/cet: Run some CET tests with shadow stack
>
>  elf/dl-support.c                              |   2 -
>  sysdeps/generic/ldsodefs.h                    |   8 +-
>  sysdeps/unix/sysv/linux/x86/Makefile          |   1 +
>  .../sysv/linux/x86/allocate-shadow-stack.c    |  62 +++
>  .../sysv/linux/x86/allocate-shadow-stack.h    |  27 +
>  sysdeps/unix/sysv/linux/x86/bits/mman.h       |   5 +
>  sysdeps/unix/sysv/linux/x86/dl-cet.h          |  39 +-
>  .../unix/sysv/linux/x86/include/asm/prctl.h   |  37 +-
>  .../sysv/linux/x86/tst-cet-setcontext-1.c     |  17 +-
>  sysdeps/unix/sysv/linux/x86/tst-cet-vfork-1.c |  43 +-
>  .../unix/sysv/linux/x86_64/__start_context.S  |  38 +-
>  sysdeps/unix/sysv/linux/x86_64/dl-cet.h       |  47 ++
>  sysdeps/unix/sysv/linux/x86_64/getcontext.S   |  30 +-
>  sysdeps/unix/sysv/linux/x86_64/makecontext.c  |  29 +-
>  sysdeps/unix/sysv/linux/x86_64/swapcontext.S  |  22 +-
>  sysdeps/x86/Makefile                          |  87 +++-
>  sysdeps/x86/bits/platform/x86.h               |   8 +
>  sysdeps/x86/cpu-features-offsets.sym          |   1 +
>  sysdeps/x86/cpu-features.c                    |  48 +-
>  sysdeps/x86/cpu-tunables.c                    |  17 +-
>  sysdeps/x86/dl-cet.c                          | 462 +++++++++++-------
>  sysdeps/x86/get-cpuid-feature-leaf.c          |  13 +-
>  sysdeps/x86/include/cpu-features.h            |   3 +
>  sysdeps/x86/libc-start.h                      |  54 +-
>  sysdeps/x86/sys/platform/x86.h                |  17 +
>  sysdeps/x86/tst-cet-legacy-10.c               |   6 +-
>  sysdeps/x86/tst-cet-legacy-10a-static.c       |   2 +
>  sysdeps/x86/tst-cet-legacy-10a.c              |   2 +
>  sysdeps/x86/tst-cet-legacy-4.c                |   5 +
>  sysdeps/x86/tst-cet-legacy-8.c                |  15 +-
>  sysdeps/x86/tst-cpu-features-cpuinfo.c        |   2 +-
>  sysdeps/x86/tst-shstk-legacy-1-extra.S        |  35 ++
>  sysdeps/x86/tst-shstk-legacy-1a-static.c      |   1 +
>  sysdeps/x86/tst-shstk-legacy-1a.c             |  32 ++
>  sysdeps/x86/tst-shstk-legacy-1b-static.c      |   1 +
>  sysdeps/x86/tst-shstk-legacy-1b.c             |  38 ++
>  sysdeps/x86/tst-shstk-legacy-1c-static.c      |   1 +
>  sysdeps/x86/tst-shstk-legacy-1c.c             |  20 +
>  sysdeps/x86/tst-shstk-legacy-1d-static.c      |   1 +
>  .../tst-shstk-legacy-1d.c}                    |  45 +-
>  sysdeps/x86/tst-shstk-legacy-1e-static.c      |   1 +
>  sysdeps/x86/tst-shstk-legacy-1e-static.sh     |  33 ++
>  sysdeps/x86/tst-shstk-legacy-1e.c             |  53 ++
>  sysdeps/x86/tst-shstk-legacy-1e.sh            |  35 ++
>  sysdeps/x86/tst-shstk-legacy-1f.c             |  29 ++
>  sysdeps/x86/tst-shstk-legacy-1g.c             |  35 ++
>  sysdeps/x86/tst-shstk-legacy-1g.sh            |  35 ++
>  sysdeps/x86/tst-shstk-legacy-mod-1.c          |  28 ++
>  sysdeps/x86_64/dl-machine.h                   |  12 +-
>  sysdeps/x86_64/nptl/tls.h                     |   2 +-
>  50 files changed, 1169 insertions(+), 417 deletions(-)
>  create mode 100644 sysdeps/unix/sysv/linux/x86/allocate-shadow-stack.c
>  create mode 100644 sysdeps/unix/sysv/linux/x86/allocate-shadow-stack.h
>  create mode 100644 sysdeps/unix/sysv/linux/x86_64/dl-cet.h
>  create mode 100644 sysdeps/x86/tst-cet-legacy-10a-static.c
>  create mode 100644 sysdeps/x86/tst-cet-legacy-10a.c
>  create mode 100644 sysdeps/x86/tst-shstk-legacy-1-extra.S
>  create mode 100644 sysdeps/x86/tst-shstk-legacy-1a-static.c
>  create mode 100644 sysdeps/x86/tst-shstk-legacy-1a.c
>  create mode 100644 sysdeps/x86/tst-shstk-legacy-1b-static.c
>  create mode 100644 sysdeps/x86/tst-shstk-legacy-1b.c
>  create mode 100644 sysdeps/x86/tst-shstk-legacy-1c-static.c
>  create mode 100644 sysdeps/x86/tst-shstk-legacy-1c.c
>  create mode 100644 sysdeps/x86/tst-shstk-legacy-1d-static.c
>  rename sysdeps/{unix/sysv/linux/x86/cpu-features.c => x86/tst-shstk-legacy-1d.c} (53%)
>  create mode 100644 sysdeps/x86/tst-shstk-legacy-1e-static.c
>  create mode 100755 sysdeps/x86/tst-shstk-legacy-1e-static.sh
>  create mode 100644 sysdeps/x86/tst-shstk-legacy-1e.c
>  create mode 100755 sysdeps/x86/tst-shstk-legacy-1e.sh
>  create mode 100644 sysdeps/x86/tst-shstk-legacy-1f.c
>  create mode 100644 sysdeps/x86/tst-shstk-legacy-1g.c
>  create mode 100755 sysdeps/x86/tst-shstk-legacy-1g.sh
>  create mode 100644 sysdeps/x86/tst-shstk-legacy-mod-1.c
>
> --
> 2.43.0
>

The series no longer cleanly applies since you committed
```
commit 442983319ba70de801fc856e8dd4748fba8f7f1b (HEAD -> master,
origin/master, origin/HEAD)
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Sat Dec 16 08:53:12 2023 -0800

    x86/cet: Don't assume that SHSTK implies IBT

```

needs a rebase.

More information about the Libc-alpha mailing list