public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc/hjl/cet/2.30] Remove ARCH_CET_MARK_LEGACY_CODE
@ 2020-03-04 21:53 H.J.Lu
0 siblings, 0 replies; 2+ messages in thread
From: H.J.Lu @ 2020-03-04 21:53 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=99b75eb162ce5f5514d01ab25030cd90ee2ab014
commit 99b75eb162ce5f5514d01ab25030cd90ee2ab014
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Tue Mar 3 14:16:43 2020 -0800
Remove ARCH_CET_MARK_LEGACY_CODE
Diff:
---
sysdeps/unix/sysv/linux/x86/dl-cet.h | 20 ----
sysdeps/unix/sysv/linux/x86/include/asm/prctl.h | 6 --
sysdeps/x86/dl-cet.c | 121 ++++++------------------
sysdeps/x86/dl-lookupcfg.h | 6 --
sysdeps/x86/link_map.h | 1 -
5 files changed, 29 insertions(+), 125 deletions(-)
diff --git a/sysdeps/unix/sysv/linux/x86/dl-cet.h b/sysdeps/unix/sysv/linux/x86/dl-cet.h
index 867e263..9c43b01 100644
--- a/sysdeps/unix/sysv/linux/x86/dl-cet.h
+++ b/sysdeps/unix/sysv/linux/x86/dl-cet.h
@@ -19,26 +19,6 @@
#include <asm/prctl.h>
static inline int __attribute__ ((always_inline))
-dl_cet_mark_legacy_code (unsigned long *legacy_bitmap)
-{
- /* Allocate legacy bitmap. */
- INTERNAL_SYSCALL_DECL (err);
-#ifdef __LP64__
- return (int) INTERNAL_SYSCALL (arch_prctl, err, 2,
- ARCH_CET_MARK_LEGACY_CODE,
- legacy_bitmap);
-#else
- unsigned long long legacy_bitmap_u64[3];
- legacy_bitmap_u64[0] = legacy_bitmap[0];
- legacy_bitmap_u64[1] = legacy_bitmap[1];
- legacy_bitmap_u64[2] = legacy_bitmap[2];
- return (int) INTERNAL_SYSCALL (arch_prctl, err, 2,
- ARCH_CET_MARK_LEGACY_CODE,
- legacy_bitmap_u64);
-#endif
-}
-
-static inline int __attribute__ ((always_inline))
dl_cet_disable_cet (unsigned int cet_feature)
{
INTERNAL_SYSCALL_DECL (err);
diff --git a/sysdeps/unix/sysv/linux/x86/include/asm/prctl.h b/sysdeps/unix/sysv/linux/x86/include/asm/prctl.h
index 0d0cda1..45ad0b0 100644
--- a/sysdeps/unix/sysv/linux/x86/include/asm/prctl.h
+++ b/sysdeps/unix/sysv/linux/x86/include/asm/prctl.h
@@ -24,10 +24,4 @@
OUT: allocated shadow stack address: *addr.
*/
# define ARCH_CET_ALLOC_SHSTK 0x3004
-/* Mark legacy code region in legacy bitmap with unsigned long long *addr:
- address: addr[0].
- size: addr[1].
- set: addr[2].
- */
-# define ARCH_CET_MARK_LEGACY_CODE 0x3007
#endif /* ARCH_CET_STATUS */
diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c
index b7bd6bc..7d5bd4f 100644
--- a/sysdeps/x86/dl-cet.c
+++ b/sysdeps/x86/dl-cet.c
@@ -33,29 +33,6 @@
# error GNU_PROPERTY_X86_FEATURE_1_SHSTK != X86_FEATURE_1_SHSTK
#endif
-static int
-dl_cet_mark_legacy_region (struct link_map *l, unsigned int set)
-{
- /* Mark PT_LOAD segments with PF_X in legacy code page bitmap. */
- size_t i, phnum = l->l_phnum;
- const ElfW(Phdr) *phdr = l->l_phdr;
- unsigned long legacy_bitmap[3];
- int res = 0;
-
- legacy_bitmap[2] = set;
- for (i = 0; i < phnum; i++)
- if (phdr[i].p_type == PT_LOAD && (phdr[i].p_flags & PF_X))
- {
- legacy_bitmap[0] = phdr[i].p_vaddr + l->l_addr;
- legacy_bitmap[1] = phdr[i].p_memsz;
- res = dl_cet_mark_legacy_code (legacy_bitmap);
- if (res)
- break;
- }
-
- return res;
-}
-
/* Check if object M is compatible with CET. */
static void
@@ -108,10 +85,7 @@ dl_cet_check (struct link_map *m, const char *program)
support IBT nor SHSTK. */
if (enable_ibt || enable_shstk)
{
- int res;
unsigned int i;
- unsigned int first_legacy, last_legacy;
- bool need_legacy_bitmap = false;
i = m->l_searchlist.r_nlist;
while (i-- > 0)
@@ -133,79 +107,50 @@ dl_cet_check (struct link_map *m, const char *program)
continue;
#endif
- if (enable_ibt
- && enable_ibt_type != CET_ALWAYS_ON
- && !(l->l_cet & lc_ibt))
- {
- /* Remember the first and last legacy objects. */
- if (!need_legacy_bitmap)
- last_legacy = i;
- first_legacy = i;
- need_legacy_bitmap = true;
- }
+ /* IBT is enabled only if it is enabled in executable as
+ well as all shared objects. */
+ enable_ibt &= (enable_ibt_type == CET_ALWAYS_ON
+ || (l->l_cet & lc_ibt) != 0);
/* SHSTK is enabled only if it is enabled in executable as
well as all shared objects. */
enable_shstk &= (enable_shstk_type == CET_ALWAYS_ON
|| (l->l_cet & lc_shstk) != 0);
}
-
- if (need_legacy_bitmap)
- {
- /* Put legacy shared objects in legacy bitmap. */
- for (i = first_legacy; i <= last_legacy; i++)
- {
- l = m->l_initfini[i];
-
- if (l->l_init_called || (l->l_cet & lc_ibt))
- continue;
-
-#ifdef SHARED
- if (l == &GL(dl_rtld_map)
- || l->l_real == &GL(dl_rtld_map)
- || (program && l == m))
- continue;
-#endif
-
- /* If IBT is enabled in executable and IBT isn't enabled
- in this shard object, mark PT_LOAD segments with PF_X
- in legacy code page bitmap. */
- res = dl_cet_mark_legacy_region (l, 1);
- if (res != 0)
- {
- if (program)
- _dl_fatal_printf ("%s: failed to mark legacy code region\n",
- l->l_name);
- else
- _dl_signal_error (-res, l->l_name, "dlopen",
- N_("failed to mark legacy code region"));
- }
- l->l_cet |= lc_legacy_bitmap;
- }
- }
}
bool cet_feature_changed = false;
if (enable_ibt != ibt_enabled || enable_shstk != shstk_enabled)
{
- if (!program
- && enable_shstk_type != CET_PERMISSIVE)
+ if (!program)
{
- /* When SHSTK is enabled, we can't dlopening a shared
- object without SHSTK. */
- if (enable_shstk != shstk_enabled)
- _dl_signal_error (EINVAL, l->l_name, "dlopen",
- N_("shadow stack isn't enabled"));
- return;
+ if (enable_ibt_type != CET_PERMISSIVE)
+ {
+ /* When IBT is enabled, we can't dlopening a shared
+ object without IBT. */
+ if (enable_ibt != ibt_enabled)
+ _dl_signal_error (EINVAL, l->l_name, "dlopen",
+ N_("indirect branch tracking isn't enabled"));
+ return;
+ }
+
+ if (enable_shstk_type != CET_PERMISSIVE)
+ {
+ /* When SHSTK is enabled, we can't dlopening a shared
+ object without SHSTK. */
+ if (enable_shstk != shstk_enabled)
+ _dl_signal_error (EINVAL, l->l_name, "dlopen",
+ N_("shadow stack isn't enabled"));
+ return;
+ }
}
/* Disable IBT and/or SHSTK if they are enabled by kernel, but
disabled in executable or shared objects. */
unsigned int cet_feature = 0;
- /* Disable IBT only during program startup. */
- if (program && !enable_ibt)
+ if (!enable_ibt)
cet_feature |= GNU_PROPERTY_X86_FEATURE_1_IBT;
if (!enable_shstk)
cet_feature |= GNU_PROPERTY_X86_FEATURE_1_SHSTK;
@@ -228,12 +173,13 @@ dl_cet_check (struct link_map *m, const char *program)
#ifdef SHARED
if (program
+ && (!ibt_enabled
+ || enable_ibt_type != CET_PERMISSIVE)
&& (!shstk_enabled
- || enable_shstk_type != CET_PERMISSIVE)
- && (ibt_enabled || shstk_enabled))
+ || enable_shstk_type != CET_PERMISSIVE))
{
/* Lock CET if IBT or SHSTK is enabled in executable. Don't
- lock CET if SHSTK is enabled permissively. */
+ lock CET if IBT or SHSTK is enabled permissively. */
int res = dl_cet_lock_cet ();
if (res != 0)
_dl_fatal_printf ("%s: can't lock CET\n", program);
@@ -256,15 +202,6 @@ dl_cet_check (struct link_map *m, const char *program)
}
void
-_dl_cet_unmap (struct link_map *l)
-{
- if (l->l_cet & lc_legacy_bitmap)
- dl_cet_mark_legacy_region (l, 0);
-
- _dl_unmap (l);
-}
-
-void
_dl_cet_open_check (struct link_map *l)
{
dl_cet_check (l, NULL);
diff --git a/sysdeps/x86/dl-lookupcfg.h b/sysdeps/x86/dl-lookupcfg.h
index 9bd6ad0..52898de0 100644
--- a/sysdeps/x86/dl-lookupcfg.h
+++ b/sysdeps/x86/dl-lookupcfg.h
@@ -28,10 +28,4 @@ struct link_map;
extern void _dl_unmap (struct link_map *map) attribute_hidden;
-#ifdef __CET__
-extern void _dl_cet_unmap (struct link_map *map) attribute_hidden;
-
-#define DL_UNMAP(map) _dl_cet_unmap (map)
-#else
#define DL_UNMAP(map) _dl_unmap (map)
-#endif
diff --git a/sysdeps/x86/link_map.h b/sysdeps/x86/link_map.h
index 9f652cf..55d3822 100644
--- a/sysdeps/x86/link_map.h
+++ b/sysdeps/x86/link_map.h
@@ -23,6 +23,5 @@ enum
lc_none = 1 << 0, /* Not enabled with CET. */
lc_ibt = 1 << 1, /* Enabled with IBT. */
lc_shstk = 1 << 2, /* Enabled with STSHK. */
- lc_legacy_bitmap = 1 << 3, /* Legacy bitmap is used. */
lc_ibt_and_shstk = lc_ibt | lc_shstk /* Enabled with both. */
} l_cet:4;
^ permalink raw reply [flat|nested] 2+ messages in thread
* [glibc/hjl/cet/2.30] Remove ARCH_CET_MARK_LEGACY_CODE
@ 2020-03-04 22:29 H.J.Lu
0 siblings, 0 replies; 2+ messages in thread
From: H.J.Lu @ 2020-03-04 22:29 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3846a2a19fd36a7191b31c0a2446fd6794dd098b
commit 3846a2a19fd36a7191b31c0a2446fd6794dd098b
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Tue Mar 3 14:16:43 2020 -0800
Remove ARCH_CET_MARK_LEGACY_CODE
Diff:
---
sysdeps/unix/sysv/linux/x86/dl-cet.h | 20 ----
sysdeps/unix/sysv/linux/x86/include/asm/prctl.h | 6 --
sysdeps/x86/dl-cet.c | 138 +++++++-----------------
sysdeps/x86/dl-lookupcfg.h | 6 --
sysdeps/x86/link_map.h | 1 -
5 files changed, 40 insertions(+), 131 deletions(-)
diff --git a/sysdeps/unix/sysv/linux/x86/dl-cet.h b/sysdeps/unix/sysv/linux/x86/dl-cet.h
index 867e263..9c43b01 100644
--- a/sysdeps/unix/sysv/linux/x86/dl-cet.h
+++ b/sysdeps/unix/sysv/linux/x86/dl-cet.h
@@ -19,26 +19,6 @@
#include <asm/prctl.h>
static inline int __attribute__ ((always_inline))
-dl_cet_mark_legacy_code (unsigned long *legacy_bitmap)
-{
- /* Allocate legacy bitmap. */
- INTERNAL_SYSCALL_DECL (err);
-#ifdef __LP64__
- return (int) INTERNAL_SYSCALL (arch_prctl, err, 2,
- ARCH_CET_MARK_LEGACY_CODE,
- legacy_bitmap);
-#else
- unsigned long long legacy_bitmap_u64[3];
- legacy_bitmap_u64[0] = legacy_bitmap[0];
- legacy_bitmap_u64[1] = legacy_bitmap[1];
- legacy_bitmap_u64[2] = legacy_bitmap[2];
- return (int) INTERNAL_SYSCALL (arch_prctl, err, 2,
- ARCH_CET_MARK_LEGACY_CODE,
- legacy_bitmap_u64);
-#endif
-}
-
-static inline int __attribute__ ((always_inline))
dl_cet_disable_cet (unsigned int cet_feature)
{
INTERNAL_SYSCALL_DECL (err);
diff --git a/sysdeps/unix/sysv/linux/x86/include/asm/prctl.h b/sysdeps/unix/sysv/linux/x86/include/asm/prctl.h
index 0d0cda1..45ad0b0 100644
--- a/sysdeps/unix/sysv/linux/x86/include/asm/prctl.h
+++ b/sysdeps/unix/sysv/linux/x86/include/asm/prctl.h
@@ -24,10 +24,4 @@
OUT: allocated shadow stack address: *addr.
*/
# define ARCH_CET_ALLOC_SHSTK 0x3004
-/* Mark legacy code region in legacy bitmap with unsigned long long *addr:
- address: addr[0].
- size: addr[1].
- set: addr[2].
- */
-# define ARCH_CET_MARK_LEGACY_CODE 0x3007
#endif /* ARCH_CET_STATUS */
diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c
index b7bd6bc..2203958 100644
--- a/sysdeps/x86/dl-cet.c
+++ b/sysdeps/x86/dl-cet.c
@@ -33,29 +33,6 @@
# error GNU_PROPERTY_X86_FEATURE_1_SHSTK != X86_FEATURE_1_SHSTK
#endif
-static int
-dl_cet_mark_legacy_region (struct link_map *l, unsigned int set)
-{
- /* Mark PT_LOAD segments with PF_X in legacy code page bitmap. */
- size_t i, phnum = l->l_phnum;
- const ElfW(Phdr) *phdr = l->l_phdr;
- unsigned long legacy_bitmap[3];
- int res = 0;
-
- legacy_bitmap[2] = set;
- for (i = 0; i < phnum; i++)
- if (phdr[i].p_type == PT_LOAD && (phdr[i].p_flags & PF_X))
- {
- legacy_bitmap[0] = phdr[i].p_vaddr + l->l_addr;
- legacy_bitmap[1] = phdr[i].p_memsz;
- res = dl_cet_mark_legacy_code (legacy_bitmap);
- if (res)
- break;
- }
-
- return res;
-}
-
/* Check if object M is compatible with CET. */
static void
@@ -108,10 +85,7 @@ dl_cet_check (struct link_map *m, const char *program)
support IBT nor SHSTK. */
if (enable_ibt || enable_shstk)
{
- int res;
unsigned int i;
- unsigned int first_legacy, last_legacy;
- bool need_legacy_bitmap = false;
i = m->l_searchlist.r_nlist;
while (i-- > 0)
@@ -133,79 +107,52 @@ dl_cet_check (struct link_map *m, const char *program)
continue;
#endif
- if (enable_ibt
- && enable_ibt_type != CET_ALWAYS_ON
- && !(l->l_cet & lc_ibt))
- {
- /* Remember the first and last legacy objects. */
- if (!need_legacy_bitmap)
- last_legacy = i;
- first_legacy = i;
- need_legacy_bitmap = true;
- }
+ /* IBT is enabled only if it is enabled in executable as
+ well as all shared objects. */
+ enable_ibt &= (enable_ibt_type == CET_ALWAYS_ON
+ || (l->l_cet & lc_ibt) != 0);
/* SHSTK is enabled only if it is enabled in executable as
well as all shared objects. */
enable_shstk &= (enable_shstk_type == CET_ALWAYS_ON
|| (l->l_cet & lc_shstk) != 0);
}
-
- if (need_legacy_bitmap)
- {
- /* Put legacy shared objects in legacy bitmap. */
- for (i = first_legacy; i <= last_legacy; i++)
- {
- l = m->l_initfini[i];
-
- if (l->l_init_called || (l->l_cet & lc_ibt))
- continue;
-
-#ifdef SHARED
- if (l == &GL(dl_rtld_map)
- || l->l_real == &GL(dl_rtld_map)
- || (program && l == m))
- continue;
-#endif
-
- /* If IBT is enabled in executable and IBT isn't enabled
- in this shard object, mark PT_LOAD segments with PF_X
- in legacy code page bitmap. */
- res = dl_cet_mark_legacy_region (l, 1);
- if (res != 0)
- {
- if (program)
- _dl_fatal_printf ("%s: failed to mark legacy code region\n",
- l->l_name);
- else
- _dl_signal_error (-res, l->l_name, "dlopen",
- N_("failed to mark legacy code region"));
- }
- l->l_cet |= lc_legacy_bitmap;
- }
- }
}
bool cet_feature_changed = false;
if (enable_ibt != ibt_enabled || enable_shstk != shstk_enabled)
{
- if (!program
- && enable_shstk_type != CET_PERMISSIVE)
+ if (!program)
{
- /* When SHSTK is enabled, we can't dlopening a shared
- object without SHSTK. */
- if (enable_shstk != shstk_enabled)
- _dl_signal_error (EINVAL, l->l_name, "dlopen",
- N_("shadow stack isn't enabled"));
- return;
+ if (enable_ibt_type != CET_PERMISSIVE)
+ {
+ /* When IBT is enabled, we can't dlopening a shared
+ object without IBT. */
+ if (enable_ibt != ibt_enabled)
+ _dl_signal_error (EINVAL, l->l_name, "dlopen",
+ N_("indirect branch tracking isn't enabled"));
+ }
+
+ if (enable_shstk_type != CET_PERMISSIVE)
+ {
+ /* When SHSTK is enabled, we can't dlopening a shared
+ object without SHSTK. */
+ if (enable_shstk != shstk_enabled)
+ _dl_signal_error (EINVAL, l->l_name, "dlopen",
+ N_("shadow stack isn't enabled"));
+ }
+
+ if (enable_ibt_type != CET_PERMISSIVE
+ && enable_shstk_type != CET_PERMISSIVE)
+ return;
}
/* Disable IBT and/or SHSTK if they are enabled by kernel, but
disabled in executable or shared objects. */
unsigned int cet_feature = 0;
- /* Disable IBT only during program startup. */
- if (program && !enable_ibt)
+ if (!enable_ibt)
cet_feature |= GNU_PROPERTY_X86_FEATURE_1_IBT;
if (!enable_shstk)
cet_feature |= GNU_PROPERTY_X86_FEATURE_1_SHSTK;
@@ -227,17 +174,21 @@ dl_cet_check (struct link_map *m, const char *program)
}
#ifdef SHARED
- if (program
- && (!shstk_enabled
- || enable_shstk_type != CET_PERMISSIVE)
- && (ibt_enabled || shstk_enabled))
+ if (program && (ibt_enabled || shstk_enabled))
{
- /* Lock CET if IBT or SHSTK is enabled in executable. Don't
- lock CET if SHSTK is enabled permissively. */
- int res = dl_cet_lock_cet ();
- if (res != 0)
- _dl_fatal_printf ("%s: can't lock CET\n", program);
+ if ((!ibt_enabled
+ || enable_ibt_type != CET_PERMISSIVE)
+ && (!shstk_enabled
+ || enable_shstk_type != CET_PERMISSIVE))
+ {
+ /* Lock CET if IBT or SHSTK is enabled in executable unless
+ IBT or SHSTK is enabled permissively. */
+ int res = dl_cet_lock_cet ();
+ if (res != 0)
+ _dl_fatal_printf ("%s: can't lock CET\n", program);
+ }
+ /* Set feature_1 if IBT or SHSTK is enabled in executable. */
cet_feature_changed = true;
}
#endif
@@ -256,15 +207,6 @@ dl_cet_check (struct link_map *m, const char *program)
}
void
-_dl_cet_unmap (struct link_map *l)
-{
- if (l->l_cet & lc_legacy_bitmap)
- dl_cet_mark_legacy_region (l, 0);
-
- _dl_unmap (l);
-}
-
-void
_dl_cet_open_check (struct link_map *l)
{
dl_cet_check (l, NULL);
diff --git a/sysdeps/x86/dl-lookupcfg.h b/sysdeps/x86/dl-lookupcfg.h
index 9bd6ad0..52898de0 100644
--- a/sysdeps/x86/dl-lookupcfg.h
+++ b/sysdeps/x86/dl-lookupcfg.h
@@ -28,10 +28,4 @@ struct link_map;
extern void _dl_unmap (struct link_map *map) attribute_hidden;
-#ifdef __CET__
-extern void _dl_cet_unmap (struct link_map *map) attribute_hidden;
-
-#define DL_UNMAP(map) _dl_cet_unmap (map)
-#else
#define DL_UNMAP(map) _dl_unmap (map)
-#endif
diff --git a/sysdeps/x86/link_map.h b/sysdeps/x86/link_map.h
index 9f652cf..55d3822 100644
--- a/sysdeps/x86/link_map.h
+++ b/sysdeps/x86/link_map.h
@@ -23,6 +23,5 @@ enum
lc_none = 1 << 0, /* Not enabled with CET. */
lc_ibt = 1 << 1, /* Enabled with IBT. */
lc_shstk = 1 << 2, /* Enabled with STSHK. */
- lc_legacy_bitmap = 1 << 3, /* Legacy bitmap is used. */
lc_ibt_and_shstk = lc_ibt | lc_shstk /* Enabled with both. */
} l_cet:4;
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-03-04 22:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-04 21:53 [glibc/hjl/cet/2.30] Remove ARCH_CET_MARK_LEGACY_CODE H.J.Lu
2020-03-04 22:29 H.J.Lu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).