public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc/hjl/cet/master] CET: Rename CET_MAX to CET_CONTROL_MASK [BZ #25887]
@ 2020-04-28 17:57 H.J. Lu
0 siblings, 0 replies; only message in thread
From: H.J. Lu @ 2020-04-28 17:57 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97547c772180b927531ce073dd55f2bf646a133d
commit 97547c772180b927531ce073dd55f2bf646a133d
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Tue Apr 28 07:46:17 2020 -0700
CET: Rename CET_MAX to CET_CONTROL_MASK [BZ #25887]
_dl_x86_feature_1[1] is used to control each CET feature, IBT and SHSTK:
/* Valid control values:
0: Enable CET features based on ELF property note.
1: Always disable CET features.
2: Always enable CET features.
3: Enable CET features permissively.
*/
#define CET_ELF_PROPERTY 0
#define CET_ALWAYS_OFF 1
#define CET_ALWAYS_ON 2
#define CET_PERMISSIVE 3
#define CET_MAX CET_PERMISSIVE
CET control value takes 2 bits. Rename CET_MAX to CET_CONTROL_MASK. Add
CET_IBT_SHIFT and CET_SHSTK_SHIFT.
Diff:
---
sysdeps/x86/cet-tunables.h | 22 ++++++++++++++++++++--
sysdeps/x86/cpu-features.c | 7 +++----
sysdeps/x86/cpu-tunables.c | 39 +++++++++++++++------------------------
sysdeps/x86/dl-cet.c | 6 ++----
4 files changed, 40 insertions(+), 34 deletions(-)
diff --git a/sysdeps/x86/cet-tunables.h b/sysdeps/x86/cet-tunables.h
index 5e1e42df10..0088b89d3e 100644
--- a/sysdeps/x86/cet-tunables.h
+++ b/sysdeps/x86/cet-tunables.h
@@ -16,14 +16,32 @@
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
-/* Valid control values:
+#ifndef _CET_TUNABLES_H
+#define _CET_TUNABLES_H
+
+/* For each CET feature, IBT and SHSTK, valid control values:
0: Enable CET features based on ELF property note.
1: Always disable CET features.
2: Always enable CET features.
3: Enable CET features permissively.
+
+ Bits 0-1: IBT
+ Bits 2-3: SHSTK
*/
#define CET_ELF_PROPERTY 0
#define CET_ALWAYS_OFF 1
#define CET_ALWAYS_ON 2
#define CET_PERMISSIVE 3
-#define CET_MAX CET_PERMISSIVE
+#define CET_CONTROL_MASK 3
+#define CET_IBT_SHIFT 0
+#define CET_SHSTK_SHIFT 2
+
+/* Get CET control value. */
+
+static inline unsigned int
+get_cet_control_value (unsigned int shift)
+{
+ return (GL(dl_x86_feature_1)[1] >> shift) & CET_CONTROL_MASK;
+}
+
+#endif /* cet-tunables.h */
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
index 81a170a819..76a6476607 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
@@ -594,10 +594,9 @@ no_cpuid:
}
/* Lock CET if IBT or SHSTK is enabled in executable. Don't
- lock CET if SHSTK is enabled permissively. */
- if (((GL(dl_x86_feature_1)[1] >> CET_MAX)
- & ((1 << CET_MAX) - 1))
- != CET_PERMISSIVE)
+ lock CET if IBT or SHSTK is enabled permissively. */
+ if (get_cet_control_value (CET_IBT_SHIFT) != CET_PERMISSIVE
+ && get_cet_control_value (CET_SHSTK_SHIFT) != CET_PERMISSIVE)
dl_cet_lock_cet ();
}
# endif
diff --git a/sysdeps/x86/cpu-tunables.c b/sysdeps/x86/cpu-tunables.c
index 861bd7bcaa..c8fc5e67d9 100644
--- a/sysdeps/x86/cpu-tunables.c
+++ b/sysdeps/x86/cpu-tunables.c
@@ -338,26 +338,26 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp)
# if CET_ENABLED
# include <cet-tunables.h>
+/* Set CET control value. */
+
+static inline void
+set_cet_control_value (unsigned int value, unsigned int shift)
+{
+ GL(dl_x86_feature_1)[1] &= ~(CET_CONTROL_MASK << shift);
+ GL(dl_x86_feature_1)[1] |= value << shift;
+}
+
attribute_hidden
void
TUNABLE_CALLBACK (set_x86_ibt) (tunable_val_t *valp)
{
if (DEFAULT_MEMCMP (valp->strval, "on", sizeof ("on")) == 0)
- {
- GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1);
- GL(dl_x86_feature_1)[1] |= CET_ALWAYS_ON;
- }
+ set_cet_control_value (CET_ALWAYS_ON, CET_IBT_SHIFT);
else if (DEFAULT_MEMCMP (valp->strval, "off", sizeof ("off")) == 0)
- {
- GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1);
- GL(dl_x86_feature_1)[1] |= CET_ALWAYS_OFF;
- }
+ set_cet_control_value (CET_ALWAYS_OFF, CET_IBT_SHIFT);
else if (DEFAULT_MEMCMP (valp->strval, "permissive",
sizeof ("permissive")) == 0)
- {
- GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1);
- GL(dl_x86_feature_1)[1] |= CET_PERMISSIVE;
- }
+ set_cet_control_value (CET_PERMISSIVE, CET_IBT_SHIFT);
}
attribute_hidden
@@ -365,21 +365,12 @@ void
TUNABLE_CALLBACK (set_x86_shstk) (tunable_val_t *valp)
{
if (DEFAULT_MEMCMP (valp->strval, "on", sizeof ("on")) == 0)
- {
- GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX);
- GL(dl_x86_feature_1)[1] |= (CET_ALWAYS_ON << CET_MAX);
- }
+ set_cet_control_value (CET_ALWAYS_ON, CET_SHSTK_SHIFT);
else if (DEFAULT_MEMCMP (valp->strval, "off", sizeof ("off")) == 0)
- {
- GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX);
- GL(dl_x86_feature_1)[1] |= (CET_ALWAYS_OFF << CET_MAX);
- }
+ set_cet_control_value (CET_ALWAYS_OFF, CET_SHSTK_SHIFT);
else if (DEFAULT_MEMCMP (valp->strval, "permissive",
sizeof ("permissive")) == 0)
- {
- GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX);
- GL(dl_x86_feature_1)[1] |= (CET_PERMISSIVE << CET_MAX);
- }
+ set_cet_control_value (CET_PERMISSIVE, CET_SHSTK_SHIFT);
}
# endif
#endif
diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c
index c7029f1b51..0f115540aa 100644
--- a/sysdeps/x86/dl-cet.c
+++ b/sysdeps/x86/dl-cet.c
@@ -39,11 +39,9 @@ static void
dl_cet_check (struct link_map *m, const char *program)
{
/* Check how IBT should be enabled. */
- unsigned int enable_ibt_type
- = GL(dl_x86_feature_1)[1] & ((1 << CET_MAX) - 1);
+ unsigned int enable_ibt_type = get_cet_control_value (CET_IBT_SHIFT);
/* Check how SHSTK should be enabled. */
- unsigned int enable_shstk_type
- = ((GL(dl_x86_feature_1)[1] >> CET_MAX) & ((1 << CET_MAX) - 1));
+ unsigned int enable_shstk_type = get_cet_control_value (CET_SHSTK_SHIFT);
/* No legacy object check if both IBT and SHSTK are always on. */
if (enable_ibt_type == CET_ALWAYS_ON
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-04-28 17:57 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-28 17:57 [glibc/hjl/cet/master] CET: Rename CET_MAX to CET_CONTROL_MASK [BZ #25887] H.J. Lu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).