From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 30313 invoked from network); 16 Sep 2023 19:15:17 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 16 Sep 2023 19:15:17 -0000 Received: (qmail 26533 invoked by uid 550); 16 Sep 2023 19:15:12 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 26501 invoked from network); 16 Sep 2023 19:15:12 -0000 Date: Sat, 16 Sep 2023 21:14:59 +0200 From: Szabolcs Nagy To: =?utf-8?B?U8O2cmVu?= Tempel Cc: musl@lists.openwall.com, joao@overdrivepizza.com Message-ID: <20230916191459.GI3448312@port70.net> Mail-Followup-To: =?utf-8?B?U8O2cmVu?= Tempel , musl@lists.openwall.com, joao@overdrivepizza.com References: <41b3220c-630d-dba8-d8fb-6ffdce3514f1@overdrivepizza.com> <2DQTRYRB63ZUP.2HMEVUG64EIC1@8pit.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <2DQTRYRB63ZUP.2HMEVUG64EIC1@8pit.net> Subject: Re: [musl] Intel CET Support * S=C3=B6ren Tempel [2023-09-15 09:45:41 +0200]: > Hello, >=20 > Has there been any progress on this? On the Alpine side of things, there = is > currently an ongoing discussion regarding enabling CET by default, but of= course > that would presuppose support for this feature in musl [1]. From the Alpi= ne point > of view, support for CET would certainly be interesting! >=20 > Maybe it would also be possible to only implement support for > -cf-protection=3Dreturn as a first step? If my understanding of CET is co= rrect, > doing so would not require adding endbr instructions to assembler files (= these > should only be needed for -cf-protection=3Dbranch). As such, this might m= ake the > initial diff a bit easier to review? >=20 > Greetings > S=C3=B6ren sounds premature. =2E.the kernel has no support yet! so what os abi do you target? the kernel abi design is a mess exactly because binaries got deployed with broken abi.. the latest on shadow stacks (cf-protection=3Dreturn) is proposed for linux next =3D v6.6 (with a number of compromises that imho limits its use: makecontext leaks memory, some sigaltstack uses are broken, no way to handle shadow stack overflow, RLIMIT_DATA, RLIMIT_AS or strict overcommit users can fail, longjmp across threads/makecontext is broken (qemu), userspace cannot set shstk size, some existing unwinders fail to unwind from signal handler, and it has the usual incompat dlopen problem) https://lore.kernel.org/lkml/20230830234752.19858-1-dave.hansen@linux.intel= =2Ecom/ ibt (forward edge, cf-protection=3Dbranch) is in the kernel but as far as i know it has issues in practice due to the binary marking scheme and because it is all or nothing per process (if any lib is unmarked then it is disabled which is not suitable for dlopen: dlopen fails or the security is disabled at runtime). there are still jop gadgets present after all the endbr mess so the benefit is unclear and despite the claims that it is widely deployed i doubt it is widely enabled (so we don't know of all the issues). i think if we add cf protection then forward and backward should be added together. musl is not in a hurry, it can wait for a kernel abi at least. >=20 > [1]: https://gitlab.alpinelinux.org/alpine/tsc/-/issues/64 >=20 > > Hi, > >=20 > > Long ago I sent some patches here to enable CET support within MUSL=20 > > (https://www.openwall.com/lists/musl/2020/10/19/3). > >=20 > > These patches were a result from some experiment I have been running=20 > > with clang, and to which I needed a suitable library. I understand that= =20 > > the patches were not in their best shape, and I was a bit busy at the= =20 > > time so I didn't really push this through. > >=20 > > Either way, I'm now wondering if there is any interest from MUSL to=20 > > support CET. If yes, I can start working on an updated patch-set to be= =20 > > sent here eventually. > >=20 > > Additionally, if the support is of interest, it would also be=20 > > interesting to know if MUSL intends to support CET as specified in the= =20 > > X86-64 ABI (where a single linked DSO without the CET bits set disables= =20 > > the feature) or if you have something different in mind. > >=20 > > Tks, > > Joao.