Makefile.target | 5 + configure | 60 +++++ linux-user/host/i386/safe-syscall.inc.S | 19 ++ linux-user/host/x86_64/safe-syscall.inc.S | 19 ++ scripts/qemugdb/coroutine.py | 107 +++----- scripts/qemugdb/coroutine_ucontext.py | 69 +++++ scripts/qemugdb/coroutine_x86.py | 21 ++ tcg/aarch64/tcg-target.inc.c | 4 + tcg/arm/tcg-target.inc.c | 4 + tcg/i386/tcg-target.inc.c | 18 ++ tcg/mips/tcg-target.inc.c | 4 + tcg/ppc/tcg-target.inc.c | 4 + tcg/riscv/tcg-target.inc.c | 4 + tcg/s390/tcg-target.inc.c | 4 + tcg/sparc/tcg-target.inc.c | 4 + tcg/tcg.c | 2 + tcg/tci/tcg-target.inc.c | 4 + util/Makefile.objs | 5 + util/coroutine-x86.c | 298 ++++++++++++++++++++++ 19 files changed, 580 insertions(+), 75 deletions(-) create mode 100644 scripts/qemugdb/coroutine_ucontext.py create mode 100644 scripts/qemugdb/coroutine_x86.py create mode 100644 util/coroutine-x86.c
These patches add support for control flow protection, and as a bonus while no one actually has machines that support CET, a faster x86-specific coroutine backend. I have tested the first six; I cannot yet test the seventh because my CET machine has an old kernel without ARCH_X86_CET_ALLOC_SHSTK support. Unfortunately, I'm seeing a 60x performance drop with IBT (!). It may be (or so I hope) a problem with this particular machine, but anyway for now CET is left disabled... Paolo Paolo Bonzini (7): qemugdb: allow adding support for other coroutine backends coroutine: add x86 specific coroutine backend configure: add CET support tcg: add tcg_out_start tcg/i386: add support for IBT linux-user: add IBT support to x86 safe-syscall.S coroutine-x86: add CET shadow stack support Makefile.target | 5 + configure | 60 +++++ linux-user/host/i386/safe-syscall.inc.S | 19 ++ linux-user/host/x86_64/safe-syscall.inc.S | 19 ++ scripts/qemugdb/coroutine.py | 107 +++----- scripts/qemugdb/coroutine_ucontext.py | 69 +++++ scripts/qemugdb/coroutine_x86.py | 21 ++ tcg/aarch64/tcg-target.inc.c | 4 + tcg/arm/tcg-target.inc.c | 4 + tcg/i386/tcg-target.inc.c | 18 ++ tcg/mips/tcg-target.inc.c | 4 + tcg/ppc/tcg-target.inc.c | 4 + tcg/riscv/tcg-target.inc.c | 4 + tcg/s390/tcg-target.inc.c | 4 + tcg/sparc/tcg-target.inc.c | 4 + tcg/tcg.c | 2 + tcg/tci/tcg-target.inc.c | 4 + util/Makefile.objs | 5 + util/coroutine-x86.c | 298 ++++++++++++++++++++++ 19 files changed, 580 insertions(+), 75 deletions(-) create mode 100644 scripts/qemugdb/coroutine_ucontext.py create mode 100644 scripts/qemugdb/coroutine_x86.py create mode 100644 util/coroutine-x86.c -- 2.20.1
Patchew URL: https://patchew.org/QEMU/20190313124042.12855-1-pbonzini@redhat.com/
Hi,
This series seems to have some coding style problems. See output below for
more information:
Type: series
Message-id: 20190313124042.12855-1-pbonzini@redhat.com
Subject: [Qemu-devel] [RFC PATCH for-4.1 0/7] CET support
=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===
Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
* [new tag] patchew/20190313124042.12855-1-pbonzini@redhat.com -> patchew/20190313124042.12855-1-pbonzini@redhat.com
Switched to a new branch 'test'
02c0a89398 coroutine-x86: add CET shadow stack support
d6b4a66dae linux-user: add IBT support to x86 safe-syscall.S
557440b557 tcg/i386: add support for IBT
0dcf5666a8 tcg: add tcg_out_start
3d024eed3b configure: add CET support
7329c9d257 coroutine: add x86 specific coroutine backend
ac50f7fd11 qemugdb: allow adding support for other coroutine backends
=== OUTPUT BEGIN ===
1/7 Checking commit ac50f7fd1139 (qemugdb: allow adding support for other coroutine backends)
WARNING: line over 80 characters
#147: FILE: scripts/qemugdb/coroutine.py:65:
+ return coroutine_backend().get_coroutine_regs(addr)['rsp'].cast(VOID_PTR)
WARNING: line over 80 characters
#155: FILE: scripts/qemugdb/coroutine.py:72:
+ return coroutine_backend().get_coroutine_regs(addr)['rip'].cast(VOID_PTR)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#157:
new file mode 100644
ERROR: line over 90 characters
#206: FILE: scripts/qemugdb/coroutine_ucontext.py:45:
+ return gdb.parse_and_eval('(((uint64_t)%s >> 0x11) | ((uint64_t)%s << (64 - 0x11))) ^ (uint64_t)%s' % (val, val, pointer_guard))
total: 1 errors, 3 warnings, 205 lines checked
Patch 1/7 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/7 Checking commit 7329c9d25706 (coroutine: add x86 specific coroutine backend)
WARNING: added, moved or deleted file(s), does MAINTAINERS need updating?
#70:
new file mode 100644
WARNING: architecture specific defines should be avoided
#143: FILE: util/coroutine-x86.c:30:
+#if defined(__SANITIZE_ADDRESS__) || __has_feature(address_sanitizer)
ERROR: code indent should never use tabs
#150: FILE: util/coroutine-x86.c:37:
+#define COROUTINE_SHADOW_STACK_SIZE^I4096$
WARNING: line over 80 characters
#194: FILE: util/coroutine-x86.c:81:
+ * We hardcode all operands to specific registers so that we can write down all the
WARNING: line over 80 characters
#195: FILE: util/coroutine-x86.c:82:
+ * others in the clobber list. Note that action also needs to be hardcoded so that
WARNING: line over 80 characters
#200: FILE: util/coroutine-x86.c:87:
+ * Note that push and call would clobber the red zone. Makefile.objs compiles this
WARNING: line over 80 characters
#201: FILE: util/coroutine-x86.c:88:
+ * file with -mno-red-zone. The alternative is to subtract/add 128 bytes from rsp
WARNING: line over 80 characters
#204: FILE: util/coroutine-x86.c:91:
+#define CO_SWITCH(from, to, action, jump) ({ \
WARNING: line over 80 characters
#205: FILE: util/coroutine-x86.c:92:
+ int action_ = action; \
WARNING: line over 80 characters
#206: FILE: util/coroutine-x86.c:93:
+ void *from_ = from; \
WARNING: line over 80 characters
#207: FILE: util/coroutine-x86.c:94:
+ void *to_ = to; \
WARNING: line over 80 characters
#208: FILE: util/coroutine-x86.c:95:
+ asm volatile( \
WARNING: line over 80 characters
#209: FILE: util/coroutine-x86.c:96:
+ ".cfi_remember_state\n" \
WARNING: line over 80 characters
#210: FILE: util/coroutine-x86.c:97:
+ "pushq %%rbp\n" /* save frame register on source stack */ \
WARNING: Block comments use a leading /* on a separate line
#210: FILE: util/coroutine-x86.c:97:
+ "pushq %%rbp\n" /* save frame register on source stack */ \
WARNING: line over 80 characters
#211: FILE: util/coroutine-x86.c:98:
+ ".cfi_adjust_cfa_offset 8\n" \
WARNING: line over 80 characters
#212: FILE: util/coroutine-x86.c:99:
+ ".cfi_rel_offset %%rbp, 0\n" \
WARNING: line over 80 characters
#213: FILE: util/coroutine-x86.c:100:
+ "call 1f\n" /* switch continues at label 1 */ \
WARNING: Block comments use a leading /* on a separate line
#213: FILE: util/coroutine-x86.c:100:
+ "call 1f\n" /* switch continues at label 1 */ \
WARNING: line over 80 characters
#214: FILE: util/coroutine-x86.c:101:
+ "jmp 2f\n" /* switch back continues at label 2 */ \
WARNING: Block comments use a leading /* on a separate line
#214: FILE: util/coroutine-x86.c:101:
+ "jmp 2f\n" /* switch back continues at label 2 */ \
WARNING: line over 80 characters
#215: FILE: util/coroutine-x86.c:102:
+ \
WARNING: line over 80 characters
#216: FILE: util/coroutine-x86.c:103:
+ "1: .cfi_adjust_cfa_offset 8\n" \
WARNING: line over 80 characters
#217: FILE: util/coroutine-x86.c:104:
+ "movq %%rsp, %c[SP](%[FROM])\n" /* save source SP */ \
WARNING: Block comments use a leading /* on a separate line
#217: FILE: util/coroutine-x86.c:104:
+ "movq %%rsp, %c[SP](%[FROM])\n" /* save source SP */ \
WARNING: line over 80 characters
#218: FILE: util/coroutine-x86.c:105:
+ "movq %c[SP](%[TO]), %%rsp\n" /* load destination SP */ \
WARNING: Block comments use a leading /* on a separate line
#218: FILE: util/coroutine-x86.c:105:
+ "movq %c[SP](%[TO]), %%rsp\n" /* load destination SP */ \
WARNING: line over 80 characters
#219: FILE: util/coroutine-x86.c:106:
+ jump "\n" /* coroutine switch */ \
WARNING: Block comments use a leading /* on a separate line
#219: FILE: util/coroutine-x86.c:106:
+ jump "\n" /* coroutine switch */ \
WARNING: line over 80 characters
#220: FILE: util/coroutine-x86.c:107:
+ \
WARNING: line over 80 characters
#221: FILE: util/coroutine-x86.c:108:
+ "2: .cfi_adjust_cfa_offset -8\n" \
WARNING: line over 80 characters
#222: FILE: util/coroutine-x86.c:109:
+ "popq %%rbp\n" \
WARNING: line over 80 characters
#223: FILE: util/coroutine-x86.c:110:
+ ".cfi_adjust_cfa_offset -8\n" \
WARNING: line over 80 characters
#224: FILE: util/coroutine-x86.c:111:
+ ".cfi_restore_state\n" \
WARNING: line over 80 characters
#225: FILE: util/coroutine-x86.c:112:
+ : "+a" (action_), [FROM] "+b" (from_), [TO] "+D" (to_) \
WARNING: line over 80 characters
#226: FILE: util/coroutine-x86.c:113:
+ : [SP] "i" (offsetof(CoroutineX86, sp)) \
WARNING: line over 80 characters
#227: FILE: util/coroutine-x86.c:114:
+ : "rcx", "rdx", "rsi", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15", \
WARNING: line over 80 characters
#228: FILE: util/coroutine-x86.c:115:
+ "memory"); \
WARNING: line over 80 characters
#229: FILE: util/coroutine-x86.c:116:
+ action_; \
WARNING: line over 80 characters
#258: FILE: util/coroutine-x86.c:145:
+ /* Immediately enter the coroutine once to pass it its address as the argument */
WARNING: architecture specific defines should be avoided
#269: FILE: util/coroutine-x86.c:156:
+#if defined(CONFIG_PRAGMA_DIAGNOSTIC_AVAILABLE) && !defined(__clang__)
WARNING: architecture specific defines should be avoided
#278: FILE: util/coroutine-x86.c:165:
+#if defined(CONFIG_PRAGMA_DIAGNOSTIC_AVAILABLE) && !defined(__clang__)
total: 1 errors, 41 warnings, 287 lines checked
Patch 2/7 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
3/7 Checking commit 3d024eed3b55 (configure: add CET support)
4/7 Checking commit 0dcf5666a8ea (tcg: add tcg_out_start)
5/7 Checking commit 557440b557ed (tcg/i386: add support for IBT)
WARNING: architecture specific defines should be avoided
#72: FILE: tcg/i386/tcg-target.inc.c:813:
+#if defined __CET__ && (__CET__ & 1)
WARNING: architecture specific defines should be avoided
#73: FILE: tcg/i386/tcg-target.inc.c:814:
+#ifdef __x86_64__
total: 0 errors, 2 warnings, 75 lines checked
Patch 5/7 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
6/7 Checking commit d6b4a66daef9 (linux-user: add IBT support to x86 safe-syscall.S)
7/7 Checking commit 02c0a893987a (coroutine-x86: add CET shadow stack support)
ERROR: externs should be avoided in .c files
#63: FILE: util/coroutine-x86.c:30:
+int arch_prctl(int code, unsigned long addr);
WARNING: line over 80 characters
#122: FILE: util/coroutine-x86.c:129:
+ * The RSTORSSP and SAVEPREVSSP instructions are intricate. In a nutshell they are:
WARNING: line over 80 characters
#129: FILE: util/coroutine-x86.c:136:
+ * *(oldSSP - 8) = oldSSP # "push" to old shadow stack
WARNING: line over 80 characters
#138: FILE: util/coroutine-x86.c:145:
+ * the RSTORSSP+SAVEPREVSSP sequence, points to the top actual entry of the shadow
WARNING: line over 80 characters
#149: FILE: util/coroutine-x86.c:162:
+ "xor %%rbp, %%rbp\n" /* use old frame pointer as scratch reg */ \
WARNING: Block comments use a leading /* on a separate line
#149: FILE: util/coroutine-x86.c:162:
+ "xor %%rbp, %%rbp\n" /* use old frame pointer as scratch reg */ \
WARNING: line over 80 characters
#150: FILE: util/coroutine-x86.c:163:
+ "rdsspq %%rbp\n" \
WARNING: line over 80 characters
#151: FILE: util/coroutine-x86.c:164:
+ "test %%rbp, %%rbp\n" /* if CET is on... */ \
WARNING: Block comments use a leading /* on a separate line
#151: FILE: util/coroutine-x86.c:164:
+ "test %%rbp, %%rbp\n" /* if CET is on... */ \
WARNING: line over 80 characters
#152: FILE: util/coroutine-x86.c:165:
+ "jz 9f\n" \
WARNING: line over 80 characters
#153: FILE: util/coroutine-x86.c:166:
+ "movq %%rbp, %c[SSP](%[FROM])\n" /* ... save source shadow SP, */ \
WARNING: Block comments use a leading /* on a separate line
#153: FILE: util/coroutine-x86.c:166:
+ "movq %%rbp, %c[SSP](%[FROM])\n" /* ... save source shadow SP, */ \
WARNING: line over 80 characters
#154: FILE: util/coroutine-x86.c:167:
+ "movq %c[SSP](%[TO]), %%rbp\n" /* restore destination shadow stack, */ \
WARNING: Block comments use a leading /* on a separate line
#154: FILE: util/coroutine-x86.c:167:
+ "movq %c[SSP](%[TO]), %%rbp\n" /* restore destination shadow stack, */ \
WARNING: line over 80 characters
#155: FILE: util/coroutine-x86.c:168:
+ "rstorssp -8(%%rbp)\n" \
WARNING: line over 80 characters
#156: FILE: util/coroutine-x86.c:169:
+ "saveprevssp\n" /* and save source shadow SP token */ \
WARNING: Block comments use a leading /* on a separate line
#156: FILE: util/coroutine-x86.c:169:
+ "saveprevssp\n" /* and save source shadow SP token */ \
WARNING: line over 80 characters
#157: FILE: util/coroutine-x86.c:170:
+ "9: movq %%rsp, %c[SP](%[FROM])\n" /* save source SP */ \
WARNING: Block comments use a leading /* on a separate line
#157: FILE: util/coroutine-x86.c:170:
+ "9: movq %%rsp, %c[SP](%[FROM])\n" /* save source SP */ \
WARNING: line over 80 characters
#166: FILE: util/coroutine-x86.c:179:
+ : [SP] "i" (offsetof(CoroutineX86, sp)), \
WARNING: line over 80 characters
#167: FILE: util/coroutine-x86.c:180:
+ [SSP] "i" (offsetof(CoroutineX86, ssp)) \
total: 1 errors, 20 warnings, 159 lines checked
Patch 7/7 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===
Test command exited with code: 1
The full log is available at
http://patchew.org/logs/20190313124042.12855-1-pbonzini@redhat.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
© 2016 - 2025 Red Hat, Inc.