[0/4] i386: Finish CET support

Message ID	20191210204710.4832-1-hjl.tools@gmail.com
Headers	show Return-Path: <libc-alpha-return-107927-incoming=patchwork.ozlabs.org@sourceware.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:mime-version :content-transfer-encoding; q=dns; s=default; b=tsbA82nmM2VnpdVL GMjoPGoZJ6em60rLhn3RSVZ7uZScrXZQM07SY/Fbr5HYzF2wrmaz18wHkR3hHju3 aqfP5tEKoqWEyJ1u4K5wVoKvP95QK+6gmpHXC6ECbOu7/4H6QYyBn3qp09lBXzDR 5tFGBmccLsR5eOYnit1ZOvh87Ms= Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk Sender: libc-alpha-owner@sourceware.org From: "H.J. Lu" <hjl.tools@gmail.com> To: libc-alpha@sourceware.org Subject: [PATCH 0/4] i386: Finish CET support Date: Tue, 10 Dec 2019 12:47:06 -0800 Message-Id: <20191210204710.4832-1-hjl.tools@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	i386: Finish CET support \| expand [0/4] i386: Finish CET support [1/4] i386: Don't unnecessarily save and restore EAX, ECX and EDX [BZ# 25262] [2/4] i386/sub_n.S: Add a missing _CET_ENDBR to indirect jump target [3/4] i386: Add _CET_ENDBR to assembly files without ENTRY [4/4] i386: Enable CET support in ucontext functions

Message ID

20191210204710.4832-1-hjl.tools@gmail.com

Headers

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id:mime-version
	:content-transfer-encoding; q=dns; s=default; b=tsbA82nmM2VnpdVL
	GMjoPGoZJ6em60rLhn3RSVZ7uZScrXZQM07SY/Fbr5HYzF2wrmaz18wHkR3hHju3
	aqfP5tEKoqWEyJ1u4K5wVoKvP95QK+6gmpHXC6ECbOu7/4H6QYyBn3qp09lBXzDR
	5tFGBmccLsR5eOYnit1ZOvh87Ms=
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
Sender: libc-alpha-owner@sourceware.org
From: "H.J. Lu" <hjl.tools@gmail.com>
To: libc-alpha@sourceware.org
Subject: [PATCH 0/4] i386: Finish CET support
Date: Tue, 10 Dec 2019 12:47:06 -0800
Message-Id: <20191210204710.4832-1-hjl.tools@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

i386: Finish CET support | expand

Message

H.J. Lu Dec. 10, 2019, 8:47 p.m. UTC

This patch set finishes CET support on i386:

1. getcontext, setcontext and swapcontext are updated not to preserve
EAX, ECX and EDX.  Since they are caller-saved, caller will reload them
after getcontext, setcontext and swapcontext calls if needed.  The extra
scratch registers are used to enable CET.
2. Add missing _CET_ENDBR to i386 assembly files.
3. Enable CET support in i386 ucontext functions.

Tested on i386 CET/non-CET machines.


H.J. Lu (4):
  i386: Don't unnecessarily save and restore EAX, ECX and EDX [BZ#
    25262]
  i386/sub_n.S: Add a missing _CET_ENDBR to indirect jump target
  i386: Add _CET_ENDBR to assembly files without ENTRY
  i386: Enable CET support in ucontext functions

 sysdeps/i386/i386-mcount.S                  |   2 +
 sysdeps/i386/nptl/pthread_spin_lock.S       |   2 +
 sysdeps/i386/nptl/pthread_spin_unlock.S     |   3 +
 sysdeps/i386/pthread_spin_trylock.S         |   2 +
 sysdeps/i386/sub_n.S                        |   1 +
 sysdeps/unix/sysv/linux/i386/_exit.S        |   1 +
 sysdeps/unix/sysv/linux/i386/getcontext.S   |  64 +++++++-
 sysdeps/unix/sysv/linux/i386/makecontext.S  | 123 +++++++++++++++
 sysdeps/unix/sysv/linux/i386/setcontext.S   | 112 ++++++++++++--
 sysdeps/unix/sysv/linux/i386/swapcontext.S  | 156 ++++++++++++++++++--
 sysdeps/unix/sysv/linux/i386/sysdep.h       |   5 +
 sysdeps/unix/sysv/linux/i386/ucontext_i.sym |   1 +
 12 files changed, 443 insertions(+), 29 deletions(-)

Comments

Florian Weimer Dec. 12, 2019, 12:46 p.m. UTC | #1

* H. J. Lu:

> This patch set finishes CET support on i386:
>
> 1. getcontext, setcontext and swapcontext are updated not to preserve
> EAX, ECX and EDX.  Since they are caller-saved, caller will reload them
> after getcontext, setcontext and swapcontext calls if needed.  The extra
> scratch registers are used to enable CET.
> 2. Add missing _CET_ENDBR to i386 assembly files.
> 3. Enable CET support in i386 ucontext functions.
>
> Tested on i386 CET/non-CET machines.

Has the kernel ABI been finalized?

I wonder if we should add IFUNC resolvers which set a flag, and check
that flag at the start of (some of) these functions, so that they cannot
be used as ROP gadgets in programs that do not reference them.

Thanks,
Florian

H.J. Lu Dec. 12, 2019, 3:57 p.m. UTC | #2

On Thu, Dec 12, 2019 at 4:46 AM Florian Weimer <fweimer@redhat.com> wrote:
>
> * H. J. Lu:
>
> > This patch set finishes CET support on i386:
> >
> > 1. getcontext, setcontext and swapcontext are updated not to preserve
> > EAX, ECX and EDX.  Since they are caller-saved, caller will reload them
> > after getcontext, setcontext and swapcontext calls if needed.  The extra
> > scratch registers are used to enable CET.
> > 2. Add missing _CET_ENDBR to i386 assembly files.
> > 3. Enable CET support in i386 ucontext functions.
> >
> > Tested on i386 CET/non-CET machines.
>
> Has the kernel ABI been finalized?

These parts of kernel ABI haven't been changed.

> I wonder if we should add IFUNC resolvers which set a flag, and check
> that flag at the start of (some of) these functions, so that they cannot
> be used as ROP gadgets in programs that do not reference them.
>

What exactly do you have in mind?

H.J. Lu Jan. 7, 2020, 8:43 p.m. UTC | #3

On Tue, Dec 10, 2019 at 12:47 PM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> This patch set finishes CET support on i386:
>
> 1. getcontext, setcontext and swapcontext are updated not to preserve
> EAX, ECX and EDX.  Since they are caller-saved, caller will reload them
> after getcontext, setcontext and swapcontext calls if needed.  The extra
> scratch registers are used to enable CET.
> 2. Add missing _CET_ENDBR to i386 assembly files.
> 3. Enable CET support in i386 ucontext functions.
>
> Tested on i386 CET/non-CET machines.
>
>
> H.J. Lu (4):
>   i386: Don't unnecessarily save and restore EAX, ECX and EDX [BZ#
>     25262]
>   i386/sub_n.S: Add a missing _CET_ENDBR to indirect jump target
>   i386: Add _CET_ENDBR to assembly files without ENTRY
>   i386: Enable CET support in ucontext functions
>
>  sysdeps/i386/i386-mcount.S                  |   2 +
>  sysdeps/i386/nptl/pthread_spin_lock.S       |   2 +
>  sysdeps/i386/nptl/pthread_spin_unlock.S     |   3 +
>  sysdeps/i386/pthread_spin_trylock.S         |   2 +
>  sysdeps/i386/sub_n.S                        |   1 +
>  sysdeps/unix/sysv/linux/i386/_exit.S        |   1 +
>  sysdeps/unix/sysv/linux/i386/getcontext.S   |  64 +++++++-
>  sysdeps/unix/sysv/linux/i386/makecontext.S  | 123 +++++++++++++++
>  sysdeps/unix/sysv/linux/i386/setcontext.S   | 112 ++++++++++++--
>  sysdeps/unix/sysv/linux/i386/swapcontext.S  | 156 ++++++++++++++++++--
>  sysdeps/unix/sysv/linux/i386/sysdep.h       |   5 +
>  sysdeps/unix/sysv/linux/i386/ucontext_i.sym |   1 +
>  12 files changed, 443 insertions(+), 29 deletions(-)
>

I'd like to get them into glibc 2.31.  Is it too late?

Thanks.