diff options
| author | H.J. Lu <hjl.tools@gmail.com> | 2023-12-29 08:43:49 -0800 |
|---|---|---|
| committer | H.J. Lu <hjl.tools@gmail.com> | 2024-01-01 05:22:48 -0800 |
| commit | edb5e0c8f915a798629717b5680a852c8bb3db25 (patch) | |
| tree | 8b68e53c8d498b8b0ba3a37e02d8c995ec872210 /sysdeps/unix/sysv/linux/x86/include | |
| parent | 6b32696116e0097f5dd578ec087bcbef483f2a07 (diff) | |
| download | glibc-edb5e0c8f915a798629717b5680a852c8bb3db25.zip glibc-edb5e0c8f915a798629717b5680a852c8bb3db25.tar.gz glibc-edb5e0c8f915a798629717b5680a852c8bb3db25.tar.bz2 | |
x86/cet: Sync with Linux kernel 6.6 shadow stack interface
Sync with Linux kernel 6.6 shadow stack interface. Since only x86-64 is
supported, i386 shadow stack codes are unchanged and CET shouldn't be
enabled for i386.
1. When the shadow stack base in TCB is unset, the default shadow stack
is in use. Use the current shadow stack pointer as the marker for the
default shadow stack. It is used to identify if the current shadow stack
is the same as the target shadow stack when switching ucontexts. If yes,
INCSSP will be used to unwind shadow stack. Otherwise, shadow stack
restore token will be used.
2. Allocate shadow stack with the map_shadow_stack syscall. Since there
is no function to explicitly release ucontext, there is no place to
release shadow stack allocated by map_shadow_stack in ucontext functions.
Such shadow stacks will be leaked.
3. Rename arch_prctl CET commands to ARCH_SHSTK_XXX.
4. Rewrite the CET control functions with the current kernel shadow stack
interface.
Since CET is no longer enabled by kernel, a separate patch will enable
shadow stack during startup.
Diffstat (limited to 'sysdeps/unix/sysv/linux/x86/include')
| -rw-r--r-- | sysdeps/unix/sysv/linux/x86/include/asm/prctl.h | 37 |
1 files changed, 16 insertions, 21 deletions
diff --git a/sysdeps/unix/sysv/linux/x86/include/asm/prctl.h b/sysdeps/unix/sysv/linux/x86/include/asm/prctl.h index 45ad0b0..2f51132 100644 --- a/sysdeps/unix/sysv/linux/x86/include/asm/prctl.h +++ b/sysdeps/unix/sysv/linux/x86/include/asm/prctl.h @@ -4,24 +4,19 @@ #include_next <asm/prctl.h> -#ifndef ARCH_CET_STATUS -/* CET features: - IBT: GNU_PROPERTY_X86_FEATURE_1_IBT - SHSTK: GNU_PROPERTY_X86_FEATURE_1_SHSTK - */ -/* Return CET features in unsigned long long *addr: - features: addr[0]. - shadow stack base address: addr[1]. - shadow stack size: addr[2]. - */ -# define ARCH_CET_STATUS 0x3001 -/* Disable CET features in unsigned int features. */ -# define ARCH_CET_DISABLE 0x3002 -/* Lock all CET features. */ -# define ARCH_CET_LOCK 0x3003 -/* Allocate a new shadow stack with unsigned long long *addr: - IN: requested shadow stack size: *addr. - OUT: allocated shadow stack address: *addr. - */ -# define ARCH_CET_ALLOC_SHSTK 0x3004 -#endif /* ARCH_CET_STATUS */ +#ifndef ARCH_SHSTK_ENABLE +/* Enable SHSTK features in unsigned long int features. */ +# define ARCH_SHSTK_ENABLE 0x5001 +/* Disable SHSTK features in unsigned long int features. */ +# define ARCH_SHSTK_DISABLE 0x5002 +/* Lock SHSTK features in unsigned long int features. */ +# define ARCH_SHSTK_LOCK 0x5003 +/* Unlock SHSTK features in unsigned long int features. */ +# define ARCH_SHSTK_UNLOCK 0x5004 +/* Return SHSTK features in unsigned long int features. */ +# define ARCH_SHSTK_STATUS 0x5005 + +/* ARCH_SHSTK_ features bits */ +# define ARCH_SHSTK_SHSTK 0x1 +# define ARCH_SHSTK_WRSS 0x2 +#endif |