Re: [PATCH] fhandler/proc.cc(format_proc_cpuinfo): Add Linux 6.3 cpuinfo

[Brian Inglis <Brian.Inglis@Shaw.ca>]

On 2023-05-12 09:36, Jon Turney wrote:
> On 08/05/2023 04:12, Brian Inglis wrote:
>> cpuid    0x00000007:0 ecx:7 shstk Shadow Stack support & Windows 
>> [20]20H1/[20]2004+
>>             => user_shstk User mode program Shadow Stack support
>> AMD SVM  0x8000000a:0 edx:25 vnmi virtual Non-Maskable Interrrupts
>> Sync AMD 0x80000008:0 ebx flags across two output locations
> 
> Thanks.  I applied this.
> 
> Does this need applying to the 3.4 branch as well?

How many users with the latest models will worry about this before 3.5 release 
about October, and may Cygwin have support by then?

>> ---
>>   winsup/cygwin/fhandler/proc.cc | 29 ++++++++++++++++++++++-------
> 
>> +      /* cpuid 0x00000007 ecx & Windows [20]20H1/[20]2004+ */
>> +      if (maxf >= 0x00000007 && wincap.osname () >= "10.0"
>> +                     && wincap.build_number () >= 19041)
>> +        {
>> +      cpuid (&unused, &unused, &features1, &unused, 0x00000007, 0);
>> +      ftcprint (features1,  7, "user_shstk");    /* "user shadow stack" */
>> +    }
>> +
> 
> This seems a little odd and maybe worthy of a comment, as surely the CPU has the 
> capability irrespective of the OS?

Yes, see the log comment documenting the shtsk feature and the Windows release 
supporting the process feature, and the patch comment echoing that.

Intel 11th gen and AMD Zen3+ processor models both support the same Control-flow 
Enforcement Technology CET and shstk cpuid and arch features, save areas, MSRs, 
etc.

That is the (currently commented out in the patch) shstk feature, which is 
detected by the Linux kernel but not reported by Linux cpuinfo, and not yet 
fully supported in the kernel by the Intel CET Linux patches.

Whereas Linux cpuinfo does report "user_shstk", which depends on kernel, 
process, compiler, library, and image support, which requires Windows from 
[20]20H1/[20]2004+ enabling and setting up the supported variants of CET flagged 
in one of the process image debug headers, and saving/restoring the shadow stack 
pointer SSP register.

https://www.intel.com/content/www/us/en/developer/articles/technical/technical-look-control-flow-enforcement-technology.html

The current GCC supports -mshstk, but I don't know if there is yet any back end 
support for variants of CET to be flagged in ELF or PE32+ process image debug 
headers, or plans for newlib x86 or Cygwin startup support, and exception 
handling?

-- 
Take care. Thanks, Brian Inglis              Calgary, Alberta, Canada

La perfection est atteinte                   Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter  not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer     but when there is no more to cut
                                 -- Antoine de Saint-Exupéry