From: Brian Inglis <Brian.Inglis@Shaw.ca>
To: cygwin-patches@cygwin.com
Subject: Re: [PATCH] fhandler/proc.cc(format_proc_cpuinfo): Add Linux 6.3 cpuinfo
Date: Fri, 12 May 2023 12:09:45 -0600 [thread overview]
Message-ID: <8e45602e-91c6-9621-1e70-4b1b3c400679@Shaw.ca> (raw)
In-Reply-To: <0a50e9ad-59c8-65e9-95f5-f53843fbf918@dronecode.org.uk>
On 2023-05-12 09:36, Jon Turney wrote:
> On 08/05/2023 04:12, Brian Inglis wrote:
>> cpuid 0x00000007:0 ecx:7 shstk Shadow Stack support & Windows
>> [20]20H1/[20]2004+
>> => user_shstk User mode program Shadow Stack support
>> AMD SVM 0x8000000a:0 edx:25 vnmi virtual Non-Maskable Interrrupts
>> Sync AMD 0x80000008:0 ebx flags across two output locations
>
> Thanks. I applied this.
>
> Does this need applying to the 3.4 branch as well?
How many users with the latest models will worry about this before 3.5 release
about October, and may Cygwin have support by then?
>> ---
>> winsup/cygwin/fhandler/proc.cc | 29 ++++++++++++++++++++++-------
>
>> + /* cpuid 0x00000007 ecx & Windows [20]20H1/[20]2004+ */
>> + if (maxf >= 0x00000007 && wincap.osname () >= "10.0"
>> + && wincap.build_number () >= 19041)
>> + {
>> + cpuid (&unused, &unused, &features1, &unused, 0x00000007, 0);
>> + ftcprint (features1, 7, "user_shstk"); /* "user shadow stack" */
>> + }
>> +
>
> This seems a little odd and maybe worthy of a comment, as surely the CPU has the
> capability irrespective of the OS?
Yes, see the log comment documenting the shtsk feature and the Windows release
supporting the process feature, and the patch comment echoing that.
Intel 11th gen and AMD Zen3+ processor models both support the same Control-flow
Enforcement Technology CET and shstk cpuid and arch features, save areas, MSRs,
etc.
That is the (currently commented out in the patch) shstk feature, which is
detected by the Linux kernel but not reported by Linux cpuinfo, and not yet
fully supported in the kernel by the Intel CET Linux patches.
Whereas Linux cpuinfo does report "user_shstk", which depends on kernel,
process, compiler, library, and image support, which requires Windows from
[20]20H1/[20]2004+ enabling and setting up the supported variants of CET flagged
in one of the process image debug headers, and saving/restoring the shadow stack
pointer SSP register.
https://www.intel.com/content/www/us/en/developer/articles/technical/technical-look-control-flow-enforcement-technology.html
The current GCC supports -mshstk, but I don't know if there is yet any back end
support for variants of CET to be flagged in ELF or PE32+ process image debug
headers, or plans for newlib x86 or Cygwin startup support, and exception
handling?
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
next prev parent reply other threads:[~2023-05-12 18:09 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-08 3:12 Brian Inglis
2023-05-12 15:36 ` Jon Turney
2023-05-12 18:09 ` Brian Inglis [this message]
2023-05-21 20:32 ` Jon Turney
2023-05-22 15:45 ` Brian Inglis
2023-06-05 16:55 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8e45602e-91c6-9621-1e70-4b1b3c400679@Shaw.ca \
--to=brian.inglis@shaw.ca \
--cc=cygwin-patches@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).