public inbox for glibc-cvs@sourceware.org help / color / mirror / Atom feed
From: H.J. Lu <hjl@sourceware.org> To: glibc-cvs@sourceware.org Subject: [glibc/hjl/cet/master] CET: Rename CET_MAX to CET_CONTROL_MASK [BZ #25887] Date: Tue, 28 Apr 2020 17:57:45 +0000 (GMT) [thread overview] Message-ID: <20200428175745.593083953424@sourceware.org> (raw) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97547c772180b927531ce073dd55f2bf646a133d commit 97547c772180b927531ce073dd55f2bf646a133d Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Apr 28 07:46:17 2020 -0700 CET: Rename CET_MAX to CET_CONTROL_MASK [BZ #25887] _dl_x86_feature_1[1] is used to control each CET feature, IBT and SHSTK: /* Valid control values: 0: Enable CET features based on ELF property note. 1: Always disable CET features. 2: Always enable CET features. 3: Enable CET features permissively. */ #define CET_ELF_PROPERTY 0 #define CET_ALWAYS_OFF 1 #define CET_ALWAYS_ON 2 #define CET_PERMISSIVE 3 #define CET_MAX CET_PERMISSIVE CET control value takes 2 bits. Rename CET_MAX to CET_CONTROL_MASK. Add CET_IBT_SHIFT and CET_SHSTK_SHIFT. Diff: --- sysdeps/x86/cet-tunables.h | 22 ++++++++++++++++++++-- sysdeps/x86/cpu-features.c | 7 +++---- sysdeps/x86/cpu-tunables.c | 39 +++++++++++++++------------------------ sysdeps/x86/dl-cet.c | 6 ++---- 4 files changed, 40 insertions(+), 34 deletions(-) diff --git a/sysdeps/x86/cet-tunables.h b/sysdeps/x86/cet-tunables.h index 5e1e42df10..0088b89d3e 100644 --- a/sysdeps/x86/cet-tunables.h +++ b/sysdeps/x86/cet-tunables.h @@ -16,14 +16,32 @@ License along with the GNU C Library; if not, see <https://www.gnu.org/licenses/>. */ -/* Valid control values: +#ifndef _CET_TUNABLES_H +#define _CET_TUNABLES_H + +/* For each CET feature, IBT and SHSTK, valid control values: 0: Enable CET features based on ELF property note. 1: Always disable CET features. 2: Always enable CET features. 3: Enable CET features permissively. + + Bits 0-1: IBT + Bits 2-3: SHSTK */ #define CET_ELF_PROPERTY 0 #define CET_ALWAYS_OFF 1 #define CET_ALWAYS_ON 2 #define CET_PERMISSIVE 3 -#define CET_MAX CET_PERMISSIVE +#define CET_CONTROL_MASK 3 +#define CET_IBT_SHIFT 0 +#define CET_SHSTK_SHIFT 2 + +/* Get CET control value. */ + +static inline unsigned int +get_cet_control_value (unsigned int shift) +{ + return (GL(dl_x86_feature_1)[1] >> shift) & CET_CONTROL_MASK; +} + +#endif /* cet-tunables.h */ diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c index 81a170a819..76a6476607 100644 --- a/sysdeps/x86/cpu-features.c +++ b/sysdeps/x86/cpu-features.c @@ -594,10 +594,9 @@ no_cpuid: } /* Lock CET if IBT or SHSTK is enabled in executable. Don't - lock CET if SHSTK is enabled permissively. */ - if (((GL(dl_x86_feature_1)[1] >> CET_MAX) - & ((1 << CET_MAX) - 1)) - != CET_PERMISSIVE) + lock CET if IBT or SHSTK is enabled permissively. */ + if (get_cet_control_value (CET_IBT_SHIFT) != CET_PERMISSIVE + && get_cet_control_value (CET_SHSTK_SHIFT) != CET_PERMISSIVE) dl_cet_lock_cet (); } # endif diff --git a/sysdeps/x86/cpu-tunables.c b/sysdeps/x86/cpu-tunables.c index 861bd7bcaa..c8fc5e67d9 100644 --- a/sysdeps/x86/cpu-tunables.c +++ b/sysdeps/x86/cpu-tunables.c @@ -338,26 +338,26 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp) # if CET_ENABLED # include <cet-tunables.h> +/* Set CET control value. */ + +static inline void +set_cet_control_value (unsigned int value, unsigned int shift) +{ + GL(dl_x86_feature_1)[1] &= ~(CET_CONTROL_MASK << shift); + GL(dl_x86_feature_1)[1] |= value << shift; +} + attribute_hidden void TUNABLE_CALLBACK (set_x86_ibt) (tunable_val_t *valp) { if (DEFAULT_MEMCMP (valp->strval, "on", sizeof ("on")) == 0) - { - GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1); - GL(dl_x86_feature_1)[1] |= CET_ALWAYS_ON; - } + set_cet_control_value (CET_ALWAYS_ON, CET_IBT_SHIFT); else if (DEFAULT_MEMCMP (valp->strval, "off", sizeof ("off")) == 0) - { - GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1); - GL(dl_x86_feature_1)[1] |= CET_ALWAYS_OFF; - } + set_cet_control_value (CET_ALWAYS_OFF, CET_IBT_SHIFT); else if (DEFAULT_MEMCMP (valp->strval, "permissive", sizeof ("permissive")) == 0) - { - GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1); - GL(dl_x86_feature_1)[1] |= CET_PERMISSIVE; - } + set_cet_control_value (CET_PERMISSIVE, CET_IBT_SHIFT); } attribute_hidden @@ -365,21 +365,12 @@ void TUNABLE_CALLBACK (set_x86_shstk) (tunable_val_t *valp) { if (DEFAULT_MEMCMP (valp->strval, "on", sizeof ("on")) == 0) - { - GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX); - GL(dl_x86_feature_1)[1] |= (CET_ALWAYS_ON << CET_MAX); - } + set_cet_control_value (CET_ALWAYS_ON, CET_SHSTK_SHIFT); else if (DEFAULT_MEMCMP (valp->strval, "off", sizeof ("off")) == 0) - { - GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX); - GL(dl_x86_feature_1)[1] |= (CET_ALWAYS_OFF << CET_MAX); - } + set_cet_control_value (CET_ALWAYS_OFF, CET_SHSTK_SHIFT); else if (DEFAULT_MEMCMP (valp->strval, "permissive", sizeof ("permissive")) == 0) - { - GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX); - GL(dl_x86_feature_1)[1] |= (CET_PERMISSIVE << CET_MAX); - } + set_cet_control_value (CET_PERMISSIVE, CET_SHSTK_SHIFT); } # endif #endif diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c index c7029f1b51..0f115540aa 100644 --- a/sysdeps/x86/dl-cet.c +++ b/sysdeps/x86/dl-cet.c @@ -39,11 +39,9 @@ static void dl_cet_check (struct link_map *m, const char *program) { /* Check how IBT should be enabled. */ - unsigned int enable_ibt_type - = GL(dl_x86_feature_1)[1] & ((1 << CET_MAX) - 1); + unsigned int enable_ibt_type = get_cet_control_value (CET_IBT_SHIFT); /* Check how SHSTK should be enabled. */ - unsigned int enable_shstk_type - = ((GL(dl_x86_feature_1)[1] >> CET_MAX) & ((1 << CET_MAX) - 1)); + unsigned int enable_shstk_type = get_cet_control_value (CET_SHSTK_SHIFT); /* No legacy object check if both IBT and SHSTK are always on. */ if (enable_ibt_type == CET_ALWAYS_ON
reply other threads:[~2020-04-28 17:57 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200428175745.593083953424@sourceware.org \ --to=hjl@sourceware.org \ --cc=glibc-cvs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).