| Message ID | 20200428215243.236312-2-hjl.tools@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | x86: Add --enable-cet=permissive | expand |
On Tue, Apr 28, 2020 at 2:52 PM H.J. Lu <hjl.tools@gmail.com> wrote: > > _dl_x86_feature_1[1] is used to control each CET feature, IBT and SHSTK: > > /* Valid control values: > 0: Enable CET features based on ELF property note. > 1: Always disable CET features. > 2: Always enable CET features. > 3: Enable CET features permissively. > */ > #define CET_ELF_PROPERTY 0 > #define CET_ALWAYS_OFF 1 > #define CET_ALWAYS_ON 2 > #define CET_PERMISSIVE 3 > #define CET_MAX CET_PERMISSIVE > > CET control value takes 2 bits. Rename CET_MAX to CET_CONTROL_MASK. Add > CET_IBT_SHIFT and CET_SHSTK_SHIFT. > --- > sysdeps/x86/cet-tunables.h | 22 +++++++++++++++++++-- > sysdeps/x86/cpu-features.c | 7 +++---- > sysdeps/x86/cpu-tunables.c | 39 +++++++++++++++----------------------- > sysdeps/x86/dl-cet.c | 6 ++---- > 4 files changed, 40 insertions(+), 34 deletions(-) > > diff --git a/sysdeps/x86/cet-tunables.h b/sysdeps/x86/cet-tunables.h > index 5e1e42df10..0088b89d3e 100644 > --- a/sysdeps/x86/cet-tunables.h > +++ b/sysdeps/x86/cet-tunables.h > @@ -16,14 +16,32 @@ > License along with the GNU C Library; if not, see > <https://www.gnu.org/licenses/>. */ > > -/* Valid control values: > +#ifndef _CET_TUNABLES_H > +#define _CET_TUNABLES_H > + > +/* For each CET feature, IBT and SHSTK, valid control values: > 0: Enable CET features based on ELF property note. > 1: Always disable CET features. > 2: Always enable CET features. > 3: Enable CET features permissively. > + > + Bits 0-1: IBT > + Bits 2-3: SHSTK > */ > #define CET_ELF_PROPERTY 0 > #define CET_ALWAYS_OFF 1 > #define CET_ALWAYS_ON 2 > #define CET_PERMISSIVE 3 > -#define CET_MAX CET_PERMISSIVE > +#define CET_CONTROL_MASK 3 > +#define CET_IBT_SHIFT 0 > +#define CET_SHSTK_SHIFT 2 > + > +/* Get CET control value. */ > + > +static inline unsigned int > +get_cet_control_value (unsigned int shift) > +{ > + return (GL(dl_x86_feature_1)[1] >> shift) & CET_CONTROL_MASK; > +} > + > +#endif /* cet-tunables.h */ > diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c > index 81a170a819..76a6476607 100644 > --- a/sysdeps/x86/cpu-features.c > +++ b/sysdeps/x86/cpu-features.c > @@ -594,10 +594,9 @@ no_cpuid: > } > > /* Lock CET if IBT or SHSTK is enabled in executable. Don't > - lock CET if SHSTK is enabled permissively. */ > - if (((GL(dl_x86_feature_1)[1] >> CET_MAX) > - & ((1 << CET_MAX) - 1)) > - != CET_PERMISSIVE) > + lock CET if IBT or SHSTK is enabled permissively. */ > + if (get_cet_control_value (CET_IBT_SHIFT) != CET_PERMISSIVE > + && get_cet_control_value (CET_SHSTK_SHIFT) != CET_PERMISSIVE) > dl_cet_lock_cet (); > } > # endif > diff --git a/sysdeps/x86/cpu-tunables.c b/sysdeps/x86/cpu-tunables.c > index 861bd7bcaa..c8fc5e67d9 100644 > --- a/sysdeps/x86/cpu-tunables.c > +++ b/sysdeps/x86/cpu-tunables.c > @@ -338,26 +338,26 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp) > # if CET_ENABLED > # include <cet-tunables.h> > > +/* Set CET control value. */ > + > +static inline void > +set_cet_control_value (unsigned int value, unsigned int shift) > +{ > + GL(dl_x86_feature_1)[1] &= ~(CET_CONTROL_MASK << shift); > + GL(dl_x86_feature_1)[1] |= value << shift; > +} > + > attribute_hidden > void > TUNABLE_CALLBACK (set_x86_ibt) (tunable_val_t *valp) > { > if (DEFAULT_MEMCMP (valp->strval, "on", sizeof ("on")) == 0) > - { > - GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1); > - GL(dl_x86_feature_1)[1] |= CET_ALWAYS_ON; > - } > + set_cet_control_value (CET_ALWAYS_ON, CET_IBT_SHIFT); > else if (DEFAULT_MEMCMP (valp->strval, "off", sizeof ("off")) == 0) > - { > - GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1); > - GL(dl_x86_feature_1)[1] |= CET_ALWAYS_OFF; > - } > + set_cet_control_value (CET_ALWAYS_OFF, CET_IBT_SHIFT); > else if (DEFAULT_MEMCMP (valp->strval, "permissive", > sizeof ("permissive")) == 0) > - { > - GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1); > - GL(dl_x86_feature_1)[1] |= CET_PERMISSIVE; > - } > + set_cet_control_value (CET_PERMISSIVE, CET_IBT_SHIFT); > } > > attribute_hidden > @@ -365,21 +365,12 @@ void > TUNABLE_CALLBACK (set_x86_shstk) (tunable_val_t *valp) > { > if (DEFAULT_MEMCMP (valp->strval, "on", sizeof ("on")) == 0) > - { > - GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX); > - GL(dl_x86_feature_1)[1] |= (CET_ALWAYS_ON << CET_MAX); > - } > + set_cet_control_value (CET_ALWAYS_ON, CET_SHSTK_SHIFT); > else if (DEFAULT_MEMCMP (valp->strval, "off", sizeof ("off")) == 0) > - { > - GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX); > - GL(dl_x86_feature_1)[1] |= (CET_ALWAYS_OFF << CET_MAX); > - } > + set_cet_control_value (CET_ALWAYS_OFF, CET_SHSTK_SHIFT); > else if (DEFAULT_MEMCMP (valp->strval, "permissive", > sizeof ("permissive")) == 0) > - { > - GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX); > - GL(dl_x86_feature_1)[1] |= (CET_PERMISSIVE << CET_MAX); > - } > + set_cet_control_value (CET_PERMISSIVE, CET_SHSTK_SHIFT); > } > # endif > #endif > diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c > index c7029f1b51..0f115540aa 100644 > --- a/sysdeps/x86/dl-cet.c > +++ b/sysdeps/x86/dl-cet.c > @@ -39,11 +39,9 @@ static void > dl_cet_check (struct link_map *m, const char *program) > { > /* Check how IBT should be enabled. */ > - unsigned int enable_ibt_type > - = GL(dl_x86_feature_1)[1] & ((1 << CET_MAX) - 1); > + unsigned int enable_ibt_type = get_cet_control_value (CET_IBT_SHIFT); > /* Check how SHSTK should be enabled. */ > - unsigned int enable_shstk_type > - = ((GL(dl_x86_feature_1)[1] >> CET_MAX) & ((1 << CET_MAX) - 1)); > + unsigned int enable_shstk_type = get_cet_control_value (CET_SHSTK_SHIFT); > > /* No legacy object check if both IBT and SHSTK are always on. */ > if (enable_ibt_type == CET_ALWAYS_ON > -- > 2.25.4 > PING.
* H. J. Lu via Libc-alpha: > diff --git a/sysdeps/x86/cet-tunables.h b/sysdeps/x86/cet-tunables.h > index 5e1e42df10..0088b89d3e 100644 > --- a/sysdeps/x86/cet-tunables.h > +++ b/sysdeps/x86/cet-tunables.h > @@ -16,14 +16,32 @@ > License along with the GNU C Library; if not, see > <https://www.gnu.org/licenses/>. */ > > -/* Valid control values: > +#ifndef _CET_TUNABLES_H > +#define _CET_TUNABLES_H > + > +/* For each CET feature, IBT and SHSTK, valid control values: > 0: Enable CET features based on ELF property note. > 1: Always disable CET features. > 2: Always enable CET features. > 3: Enable CET features permissively. > + > + Bits 0-1: IBT > + Bits 2-3: SHSTK > */ > #define CET_ELF_PROPERTY 0 > #define CET_ALWAYS_OFF 1 > #define CET_ALWAYS_ON 2 > #define CET_PERMISSIVE 3 > -#define CET_MAX CET_PERMISSIVE > +#define CET_CONTROL_MASK 3 > +#define CET_IBT_SHIFT 0 > +#define CET_SHSTK_SHIFT 2 > + > +/* Get CET control value. */ > + > +static inline unsigned int > +get_cet_control_value (unsigned int shift) > +{ > + return (GL(dl_x86_feature_1)[1] >> shift) & CET_CONTROL_MASK; > +} > + > +#endif /* cet-tunables.h */ Is there a reason why this has to be a single bitmask? Maybe a bitfield would better document the intent?
diff --git a/sysdeps/x86/cet-tunables.h b/sysdeps/x86/cet-tunables.h index 5e1e42df10..0088b89d3e 100644 --- a/sysdeps/x86/cet-tunables.h +++ b/sysdeps/x86/cet-tunables.h @@ -16,14 +16,32 @@ License along with the GNU C Library; if not, see <https://www.gnu.org/licenses/>. */ -/* Valid control values: +#ifndef _CET_TUNABLES_H +#define _CET_TUNABLES_H + +/* For each CET feature, IBT and SHSTK, valid control values: 0: Enable CET features based on ELF property note. 1: Always disable CET features. 2: Always enable CET features. 3: Enable CET features permissively. + + Bits 0-1: IBT + Bits 2-3: SHSTK */ #define CET_ELF_PROPERTY 0 #define CET_ALWAYS_OFF 1 #define CET_ALWAYS_ON 2 #define CET_PERMISSIVE 3 -#define CET_MAX CET_PERMISSIVE +#define CET_CONTROL_MASK 3 +#define CET_IBT_SHIFT 0 +#define CET_SHSTK_SHIFT 2 + +/* Get CET control value. */ + +static inline unsigned int +get_cet_control_value (unsigned int shift) +{ + return (GL(dl_x86_feature_1)[1] >> shift) & CET_CONTROL_MASK; +} + +#endif /* cet-tunables.h */ diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c index 81a170a819..76a6476607 100644 --- a/sysdeps/x86/cpu-features.c +++ b/sysdeps/x86/cpu-features.c @@ -594,10 +594,9 @@ no_cpuid: } /* Lock CET if IBT or SHSTK is enabled in executable. Don't - lock CET if SHSTK is enabled permissively. */ - if (((GL(dl_x86_feature_1)[1] >> CET_MAX) - & ((1 << CET_MAX) - 1)) - != CET_PERMISSIVE) + lock CET if IBT or SHSTK is enabled permissively. */ + if (get_cet_control_value (CET_IBT_SHIFT) != CET_PERMISSIVE + && get_cet_control_value (CET_SHSTK_SHIFT) != CET_PERMISSIVE) dl_cet_lock_cet (); } # endif diff --git a/sysdeps/x86/cpu-tunables.c b/sysdeps/x86/cpu-tunables.c index 861bd7bcaa..c8fc5e67d9 100644 --- a/sysdeps/x86/cpu-tunables.c +++ b/sysdeps/x86/cpu-tunables.c @@ -338,26 +338,26 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp) # if CET_ENABLED # include <cet-tunables.h> +/* Set CET control value. */ + +static inline void +set_cet_control_value (unsigned int value, unsigned int shift) +{ + GL(dl_x86_feature_1)[1] &= ~(CET_CONTROL_MASK << shift); + GL(dl_x86_feature_1)[1] |= value << shift; +} + attribute_hidden void TUNABLE_CALLBACK (set_x86_ibt) (tunable_val_t *valp) { if (DEFAULT_MEMCMP (valp->strval, "on", sizeof ("on")) == 0) - { - GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1); - GL(dl_x86_feature_1)[1] |= CET_ALWAYS_ON; - } + set_cet_control_value (CET_ALWAYS_ON, CET_IBT_SHIFT); else if (DEFAULT_MEMCMP (valp->strval, "off", sizeof ("off")) == 0) - { - GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1); - GL(dl_x86_feature_1)[1] |= CET_ALWAYS_OFF; - } + set_cet_control_value (CET_ALWAYS_OFF, CET_IBT_SHIFT); else if (DEFAULT_MEMCMP (valp->strval, "permissive", sizeof ("permissive")) == 0) - { - GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1); - GL(dl_x86_feature_1)[1] |= CET_PERMISSIVE; - } + set_cet_control_value (CET_PERMISSIVE, CET_IBT_SHIFT); } attribute_hidden @@ -365,21 +365,12 @@ void TUNABLE_CALLBACK (set_x86_shstk) (tunable_val_t *valp) { if (DEFAULT_MEMCMP (valp->strval, "on", sizeof ("on")) == 0) - { - GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX); - GL(dl_x86_feature_1)[1] |= (CET_ALWAYS_ON << CET_MAX); - } + set_cet_control_value (CET_ALWAYS_ON, CET_SHSTK_SHIFT); else if (DEFAULT_MEMCMP (valp->strval, "off", sizeof ("off")) == 0) - { - GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX); - GL(dl_x86_feature_1)[1] |= (CET_ALWAYS_OFF << CET_MAX); - } + set_cet_control_value (CET_ALWAYS_OFF, CET_SHSTK_SHIFT); else if (DEFAULT_MEMCMP (valp->strval, "permissive", sizeof ("permissive")) == 0) - { - GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX); - GL(dl_x86_feature_1)[1] |= (CET_PERMISSIVE << CET_MAX); - } + set_cet_control_value (CET_PERMISSIVE, CET_SHSTK_SHIFT); } # endif #endif diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c index c7029f1b51..0f115540aa 100644 --- a/sysdeps/x86/dl-cet.c +++ b/sysdeps/x86/dl-cet.c @@ -39,11 +39,9 @@ static void dl_cet_check (struct link_map *m, const char *program) { /* Check how IBT should be enabled. */ - unsigned int enable_ibt_type - = GL(dl_x86_feature_1)[1] & ((1 << CET_MAX) - 1); + unsigned int enable_ibt_type = get_cet_control_value (CET_IBT_SHIFT); /* Check how SHSTK should be enabled. */ - unsigned int enable_shstk_type - = ((GL(dl_x86_feature_1)[1] >> CET_MAX) & ((1 << CET_MAX) - 1)); + unsigned int enable_shstk_type = get_cet_control_value (CET_SHSTK_SHIFT); /* No legacy object check if both IBT and SHSTK are always on. */ if (enable_ibt_type == CET_ALWAYS_ON
_dl_x86_feature_1[1] is used to control each CET feature, IBT and SHSTK: /* Valid control values: 0: Enable CET features based on ELF property note. 1: Always disable CET features. 2: Always enable CET features. 3: Enable CET features permissively. */ #define CET_ELF_PROPERTY 0 #define CET_ALWAYS_OFF 1 #define CET_ALWAYS_ON 2 #define CET_PERMISSIVE 3 #define CET_MAX CET_PERMISSIVE CET control value takes 2 bits. Rename CET_MAX to CET_CONTROL_MASK. Add CET_IBT_SHIFT and CET_SHSTK_SHIFT. --- sysdeps/x86/cet-tunables.h | 22 +++++++++++++++++++-- sysdeps/x86/cpu-features.c | 7 +++---- sysdeps/x86/cpu-tunables.c | 39 +++++++++++++++----------------------- sysdeps/x86/dl-cet.c | 6 ++---- 4 files changed, 40 insertions(+), 34 deletions(-)