From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, peter.maydell@linaro.org,
cohuck@redhat.com, richard.henderson@linaro.org
Subject: [Qemu-devel] [PATCH 9/9] linux-user: add IBT support to x86 safe-syscall.S
Date: Sat, 4 May 2019 06:05:27 -0600 [thread overview]
Message-ID: <20190504120528.6389-10-pbonzini@redhat.com> (raw)
In-Reply-To: <20190504120528.6389-1-pbonzini@redhat.com>
Because safe-syscall.S does not go through the C compiler, the
.note.gnu.property note has to be added manually. Safe syscalls do not
involve any indirect branch or stack unwinding, so they are trivially
safe for IBT or shadow stacks.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
linux-user/host/i386/safe-syscall.inc.S | 19 +++++++++++++++++++
linux-user/host/x86_64/safe-syscall.inc.S | 19 +++++++++++++++++++
2 files changed, 38 insertions(+)
diff --git a/linux-user/host/i386/safe-syscall.inc.S b/linux-user/host/i386/safe-syscall.inc.S
index 9e58fc6504..6c6d568d62 100644
--- a/linux-user/host/i386/safe-syscall.inc.S
+++ b/linux-user/host/i386/safe-syscall.inc.S
@@ -98,3 +98,22 @@ safe_syscall_end:
.cfi_endproc
.size safe_syscall_base, .-safe_syscall_base
+
+ .pushsection ".note.gnu.property", "a"
+ .p2align 2
+ .long 1f - 0f /* name length. */
+ .long 4f - 1f /* data length. */
+ .long 5 /* NT_GNU_PROPERTY_TYPE_0. */
+0:
+ .asciz "GNU" /* vendor name. */
+ .p2align 2
+1:
+ /* GNU_PROPERTY_X86_FEATURE_1_AND. */
+ .long 0xc0000002 /* pr_type. */
+ .long 3f - 2f /* pr_datasz. */
+2:
+ .long 0x3 /* IBT, SHSTK */
+3:
+ .p2align 2
+4:
+ .popsection
diff --git a/linux-user/host/x86_64/safe-syscall.inc.S b/linux-user/host/x86_64/safe-syscall.inc.S
index f36992daa3..e1a57db338 100644
--- a/linux-user/host/x86_64/safe-syscall.inc.S
+++ b/linux-user/host/x86_64/safe-syscall.inc.S
@@ -89,3 +89,22 @@ safe_syscall_end:
.cfi_endproc
.size safe_syscall_base, .-safe_syscall_base
+
+ .pushsection ".note.gnu.property", "a"
+ .p2align 3
+ .long 1f - 0f /* name length. */
+ .long 4f - 1f /* data length. */
+ .long 5 /* NT_GNU_PROPERTY_TYPE_0. */
+0:
+ .asciz "GNU" /* vendor name. */
+ .p2align 3
+1:
+ /* GNU_PROPERTY_X86_FEATURE_1_AND. */
+ .long 0xc0000002 /* pr_type. */
+ .long 3f - 2f /* pr_datasz. */
+2:
+ .long 0x3 /* IBT, SHSTK */
+3:
+ .p2align 3
+4:
+ .popsection
--
2.21.0
WARNING: multiple messages have this Message-ID (diff)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org, cohuck@redhat.com,
richard.henderson@linaro.org, qemu-block@nongnu.org
Subject: [Qemu-devel] [PATCH 9/9] linux-user: add IBT support to x86 safe-syscall.S
Date: Sat, 4 May 2019 06:05:27 -0600 [thread overview]
Message-ID: <20190504120528.6389-10-pbonzini@redhat.com> (raw)
Message-ID: <20190504120527.TKOZ7rZ0TUpDP7DXDa4JEa6KhvFhKrJkarbDKLHEsuA@z> (raw)
In-Reply-To: <20190504120528.6389-1-pbonzini@redhat.com>
Because safe-syscall.S does not go through the C compiler, the
.note.gnu.property note has to be added manually. Safe syscalls do not
involve any indirect branch or stack unwinding, so they are trivially
safe for IBT or shadow stacks.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
linux-user/host/i386/safe-syscall.inc.S | 19 +++++++++++++++++++
linux-user/host/x86_64/safe-syscall.inc.S | 19 +++++++++++++++++++
2 files changed, 38 insertions(+)
diff --git a/linux-user/host/i386/safe-syscall.inc.S b/linux-user/host/i386/safe-syscall.inc.S
index 9e58fc6504..6c6d568d62 100644
--- a/linux-user/host/i386/safe-syscall.inc.S
+++ b/linux-user/host/i386/safe-syscall.inc.S
@@ -98,3 +98,22 @@ safe_syscall_end:
.cfi_endproc
.size safe_syscall_base, .-safe_syscall_base
+
+ .pushsection ".note.gnu.property", "a"
+ .p2align 2
+ .long 1f - 0f /* name length. */
+ .long 4f - 1f /* data length. */
+ .long 5 /* NT_GNU_PROPERTY_TYPE_0. */
+0:
+ .asciz "GNU" /* vendor name. */
+ .p2align 2
+1:
+ /* GNU_PROPERTY_X86_FEATURE_1_AND. */
+ .long 0xc0000002 /* pr_type. */
+ .long 3f - 2f /* pr_datasz. */
+2:
+ .long 0x3 /* IBT, SHSTK */
+3:
+ .p2align 2
+4:
+ .popsection
diff --git a/linux-user/host/x86_64/safe-syscall.inc.S b/linux-user/host/x86_64/safe-syscall.inc.S
index f36992daa3..e1a57db338 100644
--- a/linux-user/host/x86_64/safe-syscall.inc.S
+++ b/linux-user/host/x86_64/safe-syscall.inc.S
@@ -89,3 +89,22 @@ safe_syscall_end:
.cfi_endproc
.size safe_syscall_base, .-safe_syscall_base
+
+ .pushsection ".note.gnu.property", "a"
+ .p2align 3
+ .long 1f - 0f /* name length. */
+ .long 4f - 1f /* data length. */
+ .long 5 /* NT_GNU_PROPERTY_TYPE_0. */
+0:
+ .asciz "GNU" /* vendor name. */
+ .p2align 3
+1:
+ /* GNU_PROPERTY_X86_FEATURE_1_AND. */
+ .long 0xc0000002 /* pr_type. */
+ .long 3f - 2f /* pr_datasz. */
+2:
+ .long 0x3 /* IBT, SHSTK */
+3:
+ .p2align 3
+4:
+ .popsection
--
2.21.0
next prev parent reply other threads:[~2019-05-04 12:05 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-04 12:05 [Qemu-devel] [PATCH 0/9] Assembly coroutine backend and x86 CET support Paolo Bonzini
2019-05-04 12:05 ` Paolo Bonzini
2019-05-04 12:05 ` [Qemu-devel] [PATCH 1/9] qemugdb: allow adding support for other coroutine backends Paolo Bonzini
2019-05-04 12:05 ` Paolo Bonzini
2019-05-04 12:05 ` [Qemu-devel] [PATCH 2/9] qemugdb: allow adding support for other architectures Paolo Bonzini
2019-05-04 12:05 ` Paolo Bonzini
2019-05-04 12:05 ` [Qemu-devel] [PATCH 3/9] coroutine: add host specific coroutine backend for 64-bit x86 Paolo Bonzini
2019-05-04 12:05 ` Paolo Bonzini
2019-05-05 16:52 ` Richard Henderson
2019-05-05 16:52 ` Richard Henderson
2019-05-04 12:05 ` [Qemu-devel] [PATCH 4/9] coroutine: add host specific coroutine backend for 64-bit ARM Paolo Bonzini
2019-05-04 12:05 ` Paolo Bonzini
2019-05-05 17:00 ` Richard Henderson
2019-05-05 17:00 ` Richard Henderson
2019-05-09 13:15 ` Stefan Hajnoczi
2019-05-04 12:05 ` [Qemu-devel] [PATCH 5/9] coroutine: add host specific coroutine backend for 64-bit s390 Paolo Bonzini
2019-05-04 12:05 ` Paolo Bonzini
2019-05-05 17:10 ` Richard Henderson
2019-05-05 17:10 ` Richard Henderson
2019-05-04 12:05 ` [Qemu-devel] [PATCH 6/9] configure: add control-flow protection support Paolo Bonzini
2019-05-04 12:05 ` Paolo Bonzini
2019-05-04 12:05 ` [Qemu-devel] [PATCH 7/9] tcg: add tcg_out_start Paolo Bonzini
2019-05-04 12:05 ` Paolo Bonzini
2019-05-04 12:05 ` [Qemu-devel] [PATCH 8/9] tcg/i386: add support for IBT Paolo Bonzini
2019-05-04 12:05 ` Paolo Bonzini
2019-05-05 17:14 ` Richard Henderson
2019-05-05 17:14 ` Richard Henderson
2019-05-04 12:05 ` Paolo Bonzini [this message]
2019-05-04 12:05 ` [Qemu-devel] [PATCH 9/9] linux-user: add IBT support to x86 safe-syscall.S Paolo Bonzini
2019-05-04 12:05 ` [Qemu-devel] [PATCH 10/9] coroutine-asm: add x86 CET shadow stack support Paolo Bonzini
2019-05-04 12:05 ` Paolo Bonzini
2019-05-05 15:41 ` [Qemu-devel] [PATCH 0/9] Assembly coroutine backend and x86 CET support Alex Bennée
2019-05-05 15:41 ` Alex Bennée
2019-05-09 13:44 ` Peter Maydell
2019-05-15 9:48 ` [Qemu-devel] [Qemu-block] " Stefan Hajnoczi
2019-05-16 12:50 ` Peter Maydell
2019-05-22 10:02 ` Paolo Bonzini
2019-05-09 13:29 ` [Qemu-devel] " Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190504120528.6389-10-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=cohuck@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).