99 lines
3.1 KiB
Diff
99 lines
3.1 KiB
Diff
From 361cb3ec2ab4322f860d18a3a1d674603fe275c5 Mon Sep 17 00:00:00 2001
|
|
From: "H.J. Lu" <hjl.tools@gmail.com>
|
|
Date: Sun, 16 Jan 2022 18:23:58 -0800
|
|
Subject: [PATCH v2 03/15] x86/cet: Don't assume that SHSTK implies IBT
|
|
|
|
Since shadow stack (SHSTK) is enabled in the Linux kernel without
|
|
enabling indirect branch tracking (IBT), don't assume that SHSTK
|
|
implies IBT. Use "CPU_FEATURE_ACTIVE (IBT)" to check if IBT is active
|
|
and "CPU_FEATURE_ACTIVE (SHSTK)" to check if SHSTK is active.
|
|
---
|
|
sysdeps/x86/Makefile | 1 -
|
|
sysdeps/x86/tst-cet-legacy-10.c | 6 +++---
|
|
sysdeps/x86/tst-cet-legacy-8.c | 15 ++++++++-------
|
|
3 files changed, 11 insertions(+), 11 deletions(-)
|
|
|
|
diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile
|
|
index 917c26f116..ea45aad34c 100644
|
|
--- a/sysdeps/x86/Makefile
|
|
+++ b/sysdeps/x86/Makefile
|
|
@@ -165,7 +165,6 @@ CFLAGS-tst-cet-legacy-mod-6a.c += -fcf-protection=branch
|
|
CFLAGS-tst-cet-legacy-mod-6b.c += -fcf-protection
|
|
CFLAGS-tst-cet-legacy-mod-6c.c += -fcf-protection
|
|
CFLAGS-tst-cet-legacy-7.c += -fcf-protection=none
|
|
-CFLAGS-tst-cet-legacy-8.c += -mshstk
|
|
CFLAGS-tst-cet-legacy-10.c += -mshstk
|
|
CFLAGS-tst-cet-legacy-10-static.c += -mshstk
|
|
|
|
diff --git a/sysdeps/x86/tst-cet-legacy-10.c b/sysdeps/x86/tst-cet-legacy-10.c
|
|
index a85cdc3171..ae2c34de3e 100644
|
|
--- a/sysdeps/x86/tst-cet-legacy-10.c
|
|
+++ b/sysdeps/x86/tst-cet-legacy-10.c
|
|
@@ -21,19 +21,19 @@
|
|
#include <support/test-driver.h>
|
|
#include <support/xunistd.h>
|
|
|
|
-/* Check that CPU_FEATURE_ACTIVE on IBT and SHSTK matches _get_ssp. */
|
|
+/* Check that CPU_FEATURE_ACTIVE on SHSTK matches _get_ssp. */
|
|
|
|
static int
|
|
do_test (void)
|
|
{
|
|
if (_get_ssp () != 0)
|
|
{
|
|
- if (CPU_FEATURE_ACTIVE (IBT) && CPU_FEATURE_ACTIVE (SHSTK))
|
|
+ if (CPU_FEATURE_ACTIVE (SHSTK))
|
|
return EXIT_SUCCESS;
|
|
}
|
|
else
|
|
{
|
|
- if (!CPU_FEATURE_ACTIVE (IBT) && !CPU_FEATURE_ACTIVE (SHSTK))
|
|
+ if (!CPU_FEATURE_ACTIVE (SHSTK))
|
|
return EXIT_SUCCESS;
|
|
}
|
|
|
|
diff --git a/sysdeps/x86/tst-cet-legacy-8.c b/sysdeps/x86/tst-cet-legacy-8.c
|
|
index 5d8d9ba7dc..77d77a5408 100644
|
|
--- a/sysdeps/x86/tst-cet-legacy-8.c
|
|
+++ b/sysdeps/x86/tst-cet-legacy-8.c
|
|
@@ -18,7 +18,7 @@
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
-#include <x86intrin.h>
|
|
+#include <sys/platform/x86.h>
|
|
#include <sys/mman.h>
|
|
#include <support/test-driver.h>
|
|
#include <support/xsignal.h>
|
|
@@ -29,11 +29,6 @@
|
|
static int
|
|
do_test (void)
|
|
{
|
|
- /* NB: This test should trigger SIGSEGV on CET platforms. If SHSTK
|
|
- is disabled, assuming IBT is also disabled. */
|
|
- if (_get_ssp () == 0)
|
|
- return EXIT_UNSUPPORTED;
|
|
-
|
|
void (*funcp) (void);
|
|
funcp = xmmap (NULL, 0x1000, PROT_EXEC | PROT_READ | PROT_WRITE,
|
|
MAP_ANONYMOUS | MAP_PRIVATE, -1);
|
|
@@ -41,8 +36,14 @@ do_test (void)
|
|
/* Write RET instruction. */
|
|
*(char *) funcp = 0xc3;
|
|
funcp ();
|
|
+
|
|
+ /* NB: This test should trigger SIGSEGV when IBT is active. We should
|
|
+ reach here if IBT isn't active. */
|
|
+ if (!CPU_FEATURE_ACTIVE (IBT))
|
|
+ return EXIT_UNSUPPORTED;
|
|
+
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
-#define EXPECTED_SIGNAL (_get_ssp () == 0 ? 0 : SIGSEGV)
|
|
+#define EXPECTED_SIGNAL (CPU_FEATURE_ACTIVE (IBT) ? SIGSEGV : 0)
|
|
#include <support/test-driver.c>
|
|
--
|
|
2.40.1
|
|
|