[PATCH v4 4/6] x86/cet: Check feature_1 in TCB for active IBT and SHSTK

Wed Dec 20 21:08:14 GMT 2023

On Wed, Dec 20, 2023 at 1:01 PM Noah Goldstein <goldstein.w.n@gmail.com> wrote:
>
> On Wed, Dec 20, 2023 at 6:57 AM H.J. Lu <hjl.tools@gmail.com> wrote:
> >
> > Initially, IBT and SHSTK are marked as active when CPU supports them
> > and CET are enabled in glibc.  They can be disabled early by tunables
> > before relocation.  Since after relocation, GLRO(dl_x86_cpu_features)
> > becomes read-only, we can't update GLRO(dl_x86_cpu_features) to mark
> > IBT and SHSTK as inactive.  Instead, check the feature_1 field in TCB
> > to decide if IBT and SHST are active.
> > ---
> >  sysdeps/x86/bits/platform/x86.h      |  8 ++++++++
> >  sysdeps/x86/get-cpuid-feature-leaf.c | 11 ++++++++++-
> >  sysdeps/x86/sys/platform/x86.h       | 17 +++++++++++++++++
> >  3 files changed, 35 insertions(+), 1 deletion(-)
> >
> > diff --git a/sysdeps/x86/bits/platform/x86.h b/sysdeps/x86/bits/platform/x86.h
> > index 1e23d53ba2..1575ae53fb 100644
> > --- a/sysdeps/x86/bits/platform/x86.h
> > +++ b/sysdeps/x86/bits/platform/x86.h
> > @@ -337,3 +337,11 @@ enum
> >    x86_cpu_AVX10_YMM = x86_cpu_index_24_ecx_0_ebx + 17,
> >    x86_cpu_AVX10_ZMM = x86_cpu_index_24_ecx_0_ebx + 18,
> >  };
> > +
> > +/* Bits in the feature_1 field in TCB.  */
> > +
> > +enum
> > +{
> > +  x86_feature_1_ibt            = 1U << 0,
> > +  x86_feature_1_shstk          = 1U << 1
> > +};
> > diff --git a/sysdeps/x86/get-cpuid-feature-leaf.c b/sysdeps/x86/get-cpuid-feature-leaf.c
> > index 9317a6b494..f69936b31e 100644
> > --- a/sysdeps/x86/get-cpuid-feature-leaf.c
> > +++ b/sysdeps/x86/get-cpuid-feature-leaf.c
> > @@ -15,9 +15,18 @@
> >     License along with the GNU C Library; if not, see
> >     <https://www.gnu.org/licenses/>.  */
> >
> > -
> > +#include <assert.h>
> > +#include <tcb-offsets.h>
> >  #include <ldsodefs.h>
> >
> > +#ifdef __x86_64__
> > +# ifdef __LP64__
> > +_Static_assert (FEATURE_1_OFFSET == 72, "FEATURE_1_OFFSET != 72");
> > +# else
> > +_Static_assert (FEATURE_1_OFFSET == 40, "FEATURE_1_OFFSET != 40");
> > +# endif
> > +#endif
> > +
> >  const struct cpuid_feature *
> >  __x86_get_cpuid_feature_leaf (unsigned int leaf)
> >  {
> > diff --git a/sysdeps/x86/sys/platform/x86.h b/sysdeps/x86/sys/platform/x86.h
> > index 1ea2c5fc0b..89b1b16f22 100644
> > --- a/sysdeps/x86/sys/platform/x86.h
> > +++ b/sysdeps/x86/sys/platform/x86.h
> > @@ -45,6 +45,23 @@ x86_cpu_present (unsigned int __index)
> >  static __inline__ _Bool
> >  x86_cpu_active (unsigned int __index)
> >  {
> > +  if (__index == x86_cpu_IBT || __index == x86_cpu_SHSTK)
> > +    {
> > +#ifdef __x86_64__
> > +      unsigned int __feature_1;
> > +# ifdef __LP64__
> > +      __asm__ ("mov %%fs:72, %0" : "=r" (__feature_1));
> > +# else
> > +      __asm__ ("mov %%fs:40, %0" : "=r" (__feature_1));
> > +# endif
> maybe cleaner to just paste `FEATURE_1_OFFSET`.

Since this is an installed header file, but FEATURE_1_OFFSET
is an internal glibc constant, we can't use FEATURE_1_OFFSET
here.

> > +      if (__index == x86_cpu_IBT)
> > +       return __feature_1 & x86_feature_1_ibt;
> > +      else
> > +       return __feature_1 & x86_feature_1_shstk;
> > +#else
> > +      return false;
> > +#endif
> > +    }
> >    const struct cpuid_feature *__ptr = __x86_get_cpuid_feature_leaf
> >      (__index / (8 * sizeof (unsigned int) * 4));
> >    unsigned int __reg
> > --
> > 2.43.0
> >

-- 
H.J.