From patchwork Wed Dec 20 14:57:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "H.J. Lu" X-Patchwork-Id: 1878566 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20230601 header.b=fX5R3XV5; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4SwGrH6dJnz20LT for ; Thu, 21 Dec 2023 01:57:35 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B9AEC386C585 for ; Wed, 20 Dec 2023 14:57:32 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pl1-x633.google.com (mail-pl1-x633.google.com [IPv6:2607:f8b0:4864:20::633]) by sourceware.org (Postfix) with ESMTPS id 2AE44385E037 for ; Wed, 20 Dec 2023 14:57:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 2AE44385E037 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 2AE44385E037 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::633 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703084228; cv=none; b=HQ3/aef6wKOyUqE7uRM+EFoQcA0RLUvzE8idzmrJ48i0C5ClXyjoSids39Os2SIQuUZ6TjwHFL4jK5HlQUjO8JDZr6bWyoVdFjOD91zjf3mlyydYLDahRBsxulYaIDqf7hRPwssZ4nE1tpm2ElWLM9yNKKoENscCx4UGOcdHTiI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703084228; c=relaxed/simple; bh=DooYOSIHQIq5qCdKnYcbhU/Vs0fUQCQPQPdS2ejcN5w=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=O6hxaZHz7KIw+0wXpu0+fvENAWkOhCHvUgI9nD6Z2gm8+rz4roISwid/XQfs8oTgTfXU92Dmrh8u5Tt/RmqkWQuw0JJM1ylqM4Y1Teu4fL/0CacYHhTA4Lav4nlBfjjq2iM/jk8hN7SR2QeNxajA8xGnlYu6Q9CNmFrkqbudUas= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pl1-x633.google.com with SMTP id d9443c01a7336-1d3f3ee00a2so2759055ad.3 for ; Wed, 20 Dec 2023 06:57:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703084226; x=1703689026; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2DOb3hXebla748WqHZiQogYYTWbTadvfW08sp54PyYE=; b=fX5R3XV5UKBvvDWau0CZX91OdugmpHsvawRtJFFoc4W4S3QdFv6yxeMVyByHbsiHjJ zaA8kwbe/3faBtKlQStiZsbW4n4IVNRPJrDkcQUBLIkxJPxR+zWs4mCW3vV1PVt5kwHq 13X3UJMs8gSmdJLiRcX3ga0NABQAEdb/6ytTEiBaqSSba8MqRTr5+k69vmRLp/87Y4a1 mrn7SQDN4b1dVVq4ELc/K0W6GGQpcsmhwoq/7mGYBxveCJMZl6ZUQm6GeAOkPonHNg6W 0EYAOfLGt/1YRT7TlLDZbQEXwj15SKDvaeWuxRuEmOwcjPOy/x36CWs1xBX7zviMlHFP bpvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703084226; x=1703689026; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2DOb3hXebla748WqHZiQogYYTWbTadvfW08sp54PyYE=; b=A2MOyMKID9uul4NOrkOGclVfp91XGrafIfRDoqE/xEhsxwHIGPVuL2j05SQKm0PE1y O+tHlaHXEEg6b28Tn19RCzY+S73NEQ7HXY4XPdNzhcXzqxTB7FOvd0NpFY5SMFT2kk1Y YwO+C4RtJ6GND9NmBUKeymsZsVS4YIc4dDhxZsLdaZGi86aEbJLamBk/KxYY9Ksbp7Xz rTj/VwgC7IgOLz+EHuzELoc2jj4++9oLhFwPkw/NcpSsuhTkRNJVQy0EvtX6eu9mmcft ok7pMjosxmLhjO0giOiTRzxh6CbBqKQnZVZ/QijRLqkSDDB8r9m+Vznlj6wXc2HlYDq1 EzWQ== X-Gm-Message-State: AOJu0YxfRebiBNz8omPKTeebdYgcEeU3kLJl5IN7+rMhhCp9+XgutWV8 KS10r7q2BMG4r9xikRT7IXXAkP0OxeI= X-Google-Smtp-Source: AGHT+IHB5dwze4swOOIXd0NtlJQqUwsTR0mmfjfJ9IuAg9AlwbsigGphs+5r0OXscDUDZFogXlSg/A== X-Received: by 2002:a17:903:605:b0:1d3:e0af:f5ea with SMTP id kg5-20020a170903060500b001d3e0aff5eamr1663729plb.40.1703084226125; Wed, 20 Dec 2023 06:57:06 -0800 (PST) Received: from gnu-cfl-3.localdomain ([172.59.129.147]) by smtp.gmail.com with ESMTPSA id jv21-20020a170903059500b001d3e6471e12sm2666460plb.30.2023.12.20.06.57.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Dec 2023 06:57:04 -0800 (PST) Received: from gnu-cfl-3.. (localhost [IPv6:::1]) by gnu-cfl-3.localdomain (Postfix) with ESMTP id A94FC74063C; Wed, 20 Dec 2023 06:57:01 -0800 (PST) From: "H.J. Lu" To: libc-alpha@sourceware.org Cc: rick.p.edgecombe@intel.com, goldstein.w.n@gmail.com Subject: [PATCH v4 5/6] x86/cet: Don't set CET active by default Date: Wed, 20 Dec 2023 06:57:00 -0800 Message-ID: <20231220145701.740912-6-hjl.tools@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231220145701.740912-1-hjl.tools@gmail.com> References: <20231220145701.740912-1-hjl.tools@gmail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-3024.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org Not all CET enabled applications and libraries have been properly tested in CET enabled environments. Some CET enabled applications or libraries will crash or misbehave when CET is enabled. Don't set CET active by default so that all applications and libraries will run normally regardless of whether CET is active or not. Shadow stack can be enabled by $ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK at run-time if shadow stack can be enabled by kernel. NB: This commit can be reverted if it is OK to enable CET by default for all applications and libraries. --- sysdeps/x86/cpu-features.c | 2 +- sysdeps/x86/cpu-tunables.c | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c index 097868c1d9..80a07ac589 100644 --- a/sysdeps/x86/cpu-features.c +++ b/sysdeps/x86/cpu-features.c @@ -110,7 +110,7 @@ update_active (struct cpu_features *cpu_features) if (!CPU_FEATURES_CPU_P (cpu_features, RTM_ALWAYS_ABORT)) CPU_FEATURE_SET_ACTIVE (cpu_features, RTM); -#if CET_ENABLED +#if CET_ENABLED && 0 CPU_FEATURE_SET_ACTIVE (cpu_features, IBT); CPU_FEATURE_SET_ACTIVE (cpu_features, SHSTK); #endif diff --git a/sysdeps/x86/cpu-tunables.c b/sysdeps/x86/cpu-tunables.c index 142c6b9240..1742400525 100644 --- a/sysdeps/x86/cpu-tunables.c +++ b/sysdeps/x86/cpu-tunables.c @@ -35,6 +35,17 @@ break; \ } +#define CHECK_GLIBC_IFUNC_CPU_BOTH(f, cpu_features, name, len) \ + _Static_assert (sizeof (#name) - 1 == len, #name " != " #len); \ + if (tunable_str_comma_strcmp_cte (&f, #name)) \ + { \ + if (f.disable) \ + CPU_FEATURE_UNSET (cpu_features, name) \ + else \ + CPU_FEATURE_SET_ACTIVE (cpu_features, name) \ + break; \ + } + /* Disable a preferred feature NAME. We don't enable a preferred feature which isn't available. */ #define CHECK_GLIBC_IFUNC_PREFERRED_OFF(f, cpu_features, name, len) \ @@ -131,11 +142,13 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp) } break; case 5: + { + CHECK_GLIBC_IFUNC_CPU_BOTH (n, cpu_features, SHSTK, 5); + } if (n.disable) { CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, LZCNT, 5); CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, MOVBE, 5); - CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SHSTK, 5); CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SSSE3, 5); CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, XSAVE, 5); }