Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function

From: Florian Weimer
Date: Mon Jun 10 2019 - 13:33:19 EST

Next message: Takashi Iwai: "Re: [PATCH 0/5] firmware: Add support for loading compressed files"
Previous message: Jason Gunthorpe: "Re: [PATCH v3 13/33] docs: infiniband: convert docs to ReST and rename to *.rst"
In reply to: Yu-cheng Yu: "Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function"
Next in thread: Dave Hansen: "Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Yu-cheng Yu:

> On Fri, 2019-06-07 at 14:09 -0700, Dave Hansen wrote:
>> On 6/7/19 1:06 PM, Yu-cheng Yu wrote:
>> > > Huh, how does glibc know about all possible past and future legacy code
>> > > in the application?
>> >
>> > When dlopen() gets a legacy binary and the policy allows that, it will
>> > manage
>> > the bitmap:
>> >
>> > If a bitmap has not been created, create one.
>> > Set bits for the legacy code being loaded.
>>
>> I was thinking about code that doesn't go through GLIBC like JITs.
>
> If JIT manages the bitmap, it knows where it is.
> It can always read the bitmap again, right?

The problem are JIT libraries without assembler code which can be marked
non-CET, such as liborc. Our builds (e.g., orc-0.4.29-2.fc30.x86_64)
currently carries the IBT and SHSTK flag, although the entry points into
the generated code do not start with ENDBR, so that a jump to them will
fault with the CET enabled.

Thanks,
Florian

Next message: Takashi Iwai: "Re: [PATCH 0/5] firmware: Add support for loading compressed files"
Previous message: Jason Gunthorpe: "Re: [PATCH v3 13/33] docs: infiniband: convert docs to ReST and rename to *.rst"
In reply to: Yu-cheng Yu: "Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function"
Next in thread: Dave Hansen: "Re: [PATCH v7 03/14] x86/cet/ibt: Add IBT legacy code bitmap setup function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]