Message ID | 20210113120910.1258769-1-hjl.tools@gmail.com |
---|---|
State | New |
Headers | show |
Series | x86: Set header.feature_1 in TCB for always-on CET | expand |
On Wed, Jan 13, 2021 at 4:09 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > Update dl_cet_check() to set header.feature_1 in TCB when both IBT and > SHSTK are always on. > --- > sysdeps/x86/Makefile | 6 ++++++ > sysdeps/x86/dl-cet.c | 5 ++++- > sysdeps/x86/tst-setjmp-cet.c | 1 + > 3 files changed, 11 insertions(+), 1 deletion(-) > create mode 100644 sysdeps/x86/tst-setjmp-cet.c > > diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile > index c814d5a195..adaa2a92cd 100644 > --- a/sysdeps/x86/Makefile > +++ b/sysdeps/x86/Makefile > @@ -48,6 +48,12 @@ endif # $(subdir) == math > ifeq ($(subdir),setjmp) > gen-as-const-headers += jmp_buf-ssp.sym > sysdep_routines += __longjmp_cancel > +ifneq ($(enable-cet),no) > +ifneq ($(have-tunables),no) > +tests += tst-setjmp-cet > +tst-setjmp-cet-ENV = GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on > +endif > +endif > endif > > ifeq ($(subdir),string) > diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c > index ed7fd6d10d..a63b9c7164 100644 > --- a/sysdeps/x86/dl-cet.c > +++ b/sysdeps/x86/dl-cet.c > @@ -47,7 +47,10 @@ dl_cet_check (struct link_map *m, const char *program) > /* No legacy object check if both IBT and SHSTK are always on. */ > if (enable_ibt_type == cet_always_on > && enable_shstk_type == cet_always_on) > - return; > + { > + THREAD_SETMEM (THREAD_SELF, header.feature_1, GL(dl_x86_feature_1)); > + return; > + } > > /* Check if IBT is enabled by kernel. */ > bool ibt_enabled > diff --git a/sysdeps/x86/tst-setjmp-cet.c b/sysdeps/x86/tst-setjmp-cet.c > new file mode 100644 > index 0000000000..42c795d2a8 > --- /dev/null > +++ b/sysdeps/x86/tst-setjmp-cet.c > @@ -0,0 +1 @@ > +#include <setjmp/tst-setjmp.c> > -- > 2.29.2 > This fixed: https://sourceware.org/bugzilla/show_bug.cgi?id=27177 I'd like to fix it for 2.33. Thanks.
On 13/01/2021 09:14, H.J. Lu wrote: > On Wed, Jan 13, 2021 at 4:09 AM H.J. Lu <hjl.tools@gmail.com> wrote: >> >> Update dl_cet_check() to set header.feature_1 in TCB when both IBT and >> SHSTK are always on. >> --- >> sysdeps/x86/Makefile | 6 ++++++ >> sysdeps/x86/dl-cet.c | 5 ++++- >> sysdeps/x86/tst-setjmp-cet.c | 1 + >> 3 files changed, 11 insertions(+), 1 deletion(-) >> create mode 100644 sysdeps/x86/tst-setjmp-cet.c >> >> diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile >> index c814d5a195..adaa2a92cd 100644 >> --- a/sysdeps/x86/Makefile >> +++ b/sysdeps/x86/Makefile >> @@ -48,6 +48,12 @@ endif # $(subdir) == math >> ifeq ($(subdir),setjmp) >> gen-as-const-headers += jmp_buf-ssp.sym >> sysdep_routines += __longjmp_cancel >> +ifneq ($(enable-cet),no) >> +ifneq ($(have-tunables),no) >> +tests += tst-setjmp-cet >> +tst-setjmp-cet-ENV = GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on >> +endif >> +endif >> endif >> >> ifeq ($(subdir),string) >> diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c >> index ed7fd6d10d..a63b9c7164 100644 >> --- a/sysdeps/x86/dl-cet.c >> +++ b/sysdeps/x86/dl-cet.c >> @@ -47,7 +47,10 @@ dl_cet_check (struct link_map *m, const char *program) >> /* No legacy object check if both IBT and SHSTK are always on. */ >> if (enable_ibt_type == cet_always_on >> && enable_shstk_type == cet_always_on) >> - return; >> + { >> + THREAD_SETMEM (THREAD_SELF, header.feature_1, GL(dl_x86_feature_1)); >> + return; >> + } >> >> /* Check if IBT is enabled by kernel. */ >> bool ibt_enabled >> diff --git a/sysdeps/x86/tst-setjmp-cet.c b/sysdeps/x86/tst-setjmp-cet.c >> new file mode 100644 >> index 0000000000..42c795d2a8 >> --- /dev/null >> +++ b/sysdeps/x86/tst-setjmp-cet.c >> @@ -0,0 +1 @@ >> +#include <setjmp/tst-setjmp.c> >> -- >> 2.29.2 >> > > This fixed: > > https://sourceware.org/bugzilla/show_bug.cgi?id=27177 > > I'd like to fix it for 2.33. > > Thanks. > Ok for 2.33.
On Wed, Jan 13, 2021 at 4:58 AM Adhemerval Zanella <adhemerval.zanella@linaro.org> wrote: > > > > On 13/01/2021 09:14, H.J. Lu wrote: > > On Wed, Jan 13, 2021 at 4:09 AM H.J. Lu <hjl.tools@gmail.com> wrote: > >> > >> Update dl_cet_check() to set header.feature_1 in TCB when both IBT and > >> SHSTK are always on. > >> --- > >> sysdeps/x86/Makefile | 6 ++++++ > >> sysdeps/x86/dl-cet.c | 5 ++++- > >> sysdeps/x86/tst-setjmp-cet.c | 1 + > >> 3 files changed, 11 insertions(+), 1 deletion(-) > >> create mode 100644 sysdeps/x86/tst-setjmp-cet.c > >> > >> diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile > >> index c814d5a195..adaa2a92cd 100644 > >> --- a/sysdeps/x86/Makefile > >> +++ b/sysdeps/x86/Makefile > >> @@ -48,6 +48,12 @@ endif # $(subdir) == math > >> ifeq ($(subdir),setjmp) > >> gen-as-const-headers += jmp_buf-ssp.sym > >> sysdep_routines += __longjmp_cancel > >> +ifneq ($(enable-cet),no) > >> +ifneq ($(have-tunables),no) > >> +tests += tst-setjmp-cet > >> +tst-setjmp-cet-ENV = GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on > >> +endif > >> +endif > >> endif > >> > >> ifeq ($(subdir),string) > >> diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c > >> index ed7fd6d10d..a63b9c7164 100644 > >> --- a/sysdeps/x86/dl-cet.c > >> +++ b/sysdeps/x86/dl-cet.c > >> @@ -47,7 +47,10 @@ dl_cet_check (struct link_map *m, const char *program) > >> /* No legacy object check if both IBT and SHSTK are always on. */ > >> if (enable_ibt_type == cet_always_on > >> && enable_shstk_type == cet_always_on) > >> - return; > >> + { > >> + THREAD_SETMEM (THREAD_SELF, header.feature_1, GL(dl_x86_feature_1)); > >> + return; > >> + } > >> > >> /* Check if IBT is enabled by kernel. */ > >> bool ibt_enabled > >> diff --git a/sysdeps/x86/tst-setjmp-cet.c b/sysdeps/x86/tst-setjmp-cet.c > >> new file mode 100644 > >> index 0000000000..42c795d2a8 > >> --- /dev/null > >> +++ b/sysdeps/x86/tst-setjmp-cet.c > >> @@ -0,0 +1 @@ > >> +#include <setjmp/tst-setjmp.c> > >> -- > >> 2.29.2 > >> > > > > This fixed: > > > > https://sourceware.org/bugzilla/show_bug.cgi?id=27177 > > > > I'd like to fix it for 2.33. > > > > Thanks. > > > > Ok for 2.33. I am backporting it to release branches. Thanks.
diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile index c814d5a195..adaa2a92cd 100644 --- a/sysdeps/x86/Makefile +++ b/sysdeps/x86/Makefile @@ -48,6 +48,12 @@ endif # $(subdir) == math ifeq ($(subdir),setjmp) gen-as-const-headers += jmp_buf-ssp.sym sysdep_routines += __longjmp_cancel +ifneq ($(enable-cet),no) +ifneq ($(have-tunables),no) +tests += tst-setjmp-cet +tst-setjmp-cet-ENV = GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on +endif +endif endif ifeq ($(subdir),string) diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c index ed7fd6d10d..a63b9c7164 100644 --- a/sysdeps/x86/dl-cet.c +++ b/sysdeps/x86/dl-cet.c @@ -47,7 +47,10 @@ dl_cet_check (struct link_map *m, const char *program) /* No legacy object check if both IBT and SHSTK are always on. */ if (enable_ibt_type == cet_always_on && enable_shstk_type == cet_always_on) - return; + { + THREAD_SETMEM (THREAD_SELF, header.feature_1, GL(dl_x86_feature_1)); + return; + } /* Check if IBT is enabled by kernel. */ bool ibt_enabled diff --git a/sysdeps/x86/tst-setjmp-cet.c b/sysdeps/x86/tst-setjmp-cet.c new file mode 100644 index 0000000000..42c795d2a8 --- /dev/null +++ b/sysdeps/x86/tst-setjmp-cet.c @@ -0,0 +1 @@ +#include <setjmp/tst-setjmp.c>