From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hjl@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1039)
 id 593083953424; Tue, 28 Apr 2020 17:57:45 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 593083953424
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: H.J. Lu <hjl@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc/hjl/cet/master] CET: Rename CET_MAX to CET_CONTROL_MASK [BZ
 #25887]
X-Act-Checkin: glibc
X-Git-Author: H.J. Lu <hjl.tools@gmail.com>
X-Git-Refname: refs/heads/hjl/cet/master
X-Git-Oldrev: 6d246cb852d3c5ab721dc583112a59ac47dc374e
X-Git-Newrev: 97547c772180b927531ce073dd55f2bf646a133d
Message-Id: <20200428175745.593083953424@sourceware.org>
Date: Tue, 28 Apr 2020 17:57:45 +0000 (GMT)
X-BeenThere: glibc-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Glibc-cvs mailing list <glibc-cvs.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/glibc-cvs>,
 <mailto:glibc-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/glibc-cvs/>
List-Help: <mailto:glibc-cvs-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/glibc-cvs>,
 <mailto:glibc-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Apr 2020 17:57:45 -0000

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97547c772180b927531ce073dd55f2bf646a133d

commit 97547c772180b927531ce073dd55f2bf646a133d
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Tue Apr 28 07:46:17 2020 -0700

    CET: Rename CET_MAX to CET_CONTROL_MASK [BZ #25887]
    
    _dl_x86_feature_1[1] is used to control each CET feature, IBT and SHSTK:
    
     /* Valid control values:
        0: Enable CET features based on ELF property note.
        1: Always disable CET features.
        2: Always enable CET features.
        3: Enable CET features permissively.
      */
     #define CET_ELF_PROPERTY       0
     #define CET_ALWAYS_OFF         1
     #define CET_ALWAYS_ON          2
     #define CET_PERMISSIVE         3
     #define CET_MAX                CET_PERMISSIVE
    
    CET control value takes 2 bits.  Rename CET_MAX to CET_CONTROL_MASK.  Add
    CET_IBT_SHIFT and CET_SHSTK_SHIFT.

Diff:
---
 sysdeps/x86/cet-tunables.h | 22 ++++++++++++++++++++--
 sysdeps/x86/cpu-features.c |  7 +++----
 sysdeps/x86/cpu-tunables.c | 39 +++++++++++++++------------------------
 sysdeps/x86/dl-cet.c       |  6 ++----
 4 files changed, 40 insertions(+), 34 deletions(-)

diff --git a/sysdeps/x86/cet-tunables.h b/sysdeps/x86/cet-tunables.h
index 5e1e42df10..0088b89d3e 100644
--- a/sysdeps/x86/cet-tunables.h
+++ b/sysdeps/x86/cet-tunables.h
@@ -16,14 +16,32 @@
    License along with the GNU C Library; if not, see
    <https://www.gnu.org/licenses/>.  */
 
-/* Valid control values:
+#ifndef _CET_TUNABLES_H
+#define _CET_TUNABLES_H
+
+/* For each CET feature, IBT and SHSTK, valid control values:
    0: Enable CET features based on ELF property note.
    1: Always disable CET features.
    2: Always enable CET features.
    3: Enable CET features permissively.
+
+   Bits 0-1: IBT
+   Bits 2-3: SHSTK
  */
 #define CET_ELF_PROPERTY	0
 #define CET_ALWAYS_OFF		1
 #define CET_ALWAYS_ON		2
 #define CET_PERMISSIVE		3
-#define CET_MAX			CET_PERMISSIVE
+#define CET_CONTROL_MASK	3
+#define CET_IBT_SHIFT		0
+#define CET_SHSTK_SHIFT		2
+
+/* Get CET control value.  */
+
+static inline unsigned int
+get_cet_control_value (unsigned int shift)
+{
+  return (GL(dl_x86_feature_1)[1] >> shift) & CET_CONTROL_MASK;
+}
+
+#endif /* cet-tunables.h */
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
index 81a170a819..76a6476607 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
@@ -594,10 +594,9 @@ no_cpuid:
 	    }
 
 	  /* Lock CET if IBT or SHSTK is enabled in executable.  Don't
-	     lock CET if SHSTK is enabled permissively.  */
-	  if (((GL(dl_x86_feature_1)[1] >> CET_MAX)
-	       & ((1 << CET_MAX) - 1))
-	       != CET_PERMISSIVE)
+	     lock CET if IBT or SHSTK is enabled permissively.  */
+	  if (get_cet_control_value (CET_IBT_SHIFT) != CET_PERMISSIVE
+	      && get_cet_control_value (CET_SHSTK_SHIFT) != CET_PERMISSIVE)
 	    dl_cet_lock_cet ();
 	}
 # endif
diff --git a/sysdeps/x86/cpu-tunables.c b/sysdeps/x86/cpu-tunables.c
index 861bd7bcaa..c8fc5e67d9 100644
--- a/sysdeps/x86/cpu-tunables.c
+++ b/sysdeps/x86/cpu-tunables.c
@@ -338,26 +338,26 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp)
 # if CET_ENABLED
 #  include <cet-tunables.h>
 
+/* Set CET control value.  */
+
+static inline void
+set_cet_control_value (unsigned int value, unsigned int shift)
+{
+   GL(dl_x86_feature_1)[1] &= ~(CET_CONTROL_MASK << shift);
+   GL(dl_x86_feature_1)[1] |= value << shift;
+}
+
 attribute_hidden
 void
 TUNABLE_CALLBACK (set_x86_ibt) (tunable_val_t *valp)
 {
   if (DEFAULT_MEMCMP (valp->strval, "on", sizeof ("on")) == 0)
-    {
-      GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1);
-      GL(dl_x86_feature_1)[1] |= CET_ALWAYS_ON;
-    }
+    set_cet_control_value (CET_ALWAYS_ON, CET_IBT_SHIFT);
   else if (DEFAULT_MEMCMP (valp->strval, "off", sizeof ("off")) == 0)
-    {
-      GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1);
-      GL(dl_x86_feature_1)[1] |= CET_ALWAYS_OFF;
-    }
+    set_cet_control_value (CET_ALWAYS_OFF, CET_IBT_SHIFT);
   else if (DEFAULT_MEMCMP (valp->strval, "permissive",
 			   sizeof ("permissive")) == 0)
-    {
-      GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1);
-      GL(dl_x86_feature_1)[1] |= CET_PERMISSIVE;
-    }
+    set_cet_control_value (CET_PERMISSIVE, CET_IBT_SHIFT);
 }
 
 attribute_hidden
@@ -365,21 +365,12 @@ void
 TUNABLE_CALLBACK (set_x86_shstk) (tunable_val_t *valp)
 {
   if (DEFAULT_MEMCMP (valp->strval, "on", sizeof ("on")) == 0)
-    {
-      GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX);
-      GL(dl_x86_feature_1)[1] |= (CET_ALWAYS_ON << CET_MAX);
-    }
+    set_cet_control_value (CET_ALWAYS_ON, CET_SHSTK_SHIFT);
   else if (DEFAULT_MEMCMP (valp->strval, "off", sizeof ("off")) == 0)
-    {
-      GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX);
-      GL(dl_x86_feature_1)[1] |= (CET_ALWAYS_OFF << CET_MAX);
-    }
+    set_cet_control_value (CET_ALWAYS_OFF, CET_SHSTK_SHIFT);
   else if (DEFAULT_MEMCMP (valp->strval, "permissive",
 			   sizeof ("permissive")) == 0)
-    {
-      GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX);
-      GL(dl_x86_feature_1)[1] |= (CET_PERMISSIVE << CET_MAX);
-    }
+    set_cet_control_value (CET_PERMISSIVE, CET_SHSTK_SHIFT);
 }
 # endif
 #endif
diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c
index c7029f1b51..0f115540aa 100644
--- a/sysdeps/x86/dl-cet.c
+++ b/sysdeps/x86/dl-cet.c
@@ -39,11 +39,9 @@ static void
 dl_cet_check (struct link_map *m, const char *program)
 {
   /* Check how IBT should be enabled.  */
-  unsigned int enable_ibt_type
-    = GL(dl_x86_feature_1)[1] & ((1 << CET_MAX) - 1);
+  unsigned int enable_ibt_type = get_cet_control_value (CET_IBT_SHIFT);
   /* Check how SHSTK should be enabled.  */
-  unsigned int enable_shstk_type
-    = ((GL(dl_x86_feature_1)[1] >> CET_MAX) & ((1 << CET_MAX) - 1));
+  unsigned int enable_shstk_type = get_cet_control_value (CET_SHSTK_SHIFT);
 
   /* No legacy object check if both IBT and SHSTK are always on.  */
   if (enable_ibt_type == CET_ALWAYS_ON