Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Runtime enable info for Intel CET shadow stack #563

Merged
merged 1 commit into from
Sep 5, 2024

Conversation

gulmezmerve
Copy link
Contributor

No description provided.

@@ -726,6 +726,10 @@ There are performance implications but they are typically mild due to hardware a

---

#### Additional Considerations

Intel CET shadow stack requires Linux Kernel version 6.6 or higher and Glibc version 2.39 or higher. Shadow stack can be enabled by setting the environment variable at runtime with `export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: the guide uses all lowercase for "Glibc" → "glibc" and hyphenates "runtime" → "run-time"

The second sentence could be made clearer by explicitly adding a reference to the Glibc Tunables:

Shadow stack support must in addition be enabled at run-time by setting the corresponding hardware capability tunable for glibc via the GLIBC_TUNABLES environmental variable 1: export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK.

Footnotes

  1. GNU C Library team, Tunables, GNU C Library (glibc) manual, 2023-07-31.

Copy link
Contributor

@thomasnyman thomasnyman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@@ -726,6 +726,12 @@ There are performance implications but they are typically mild due to hardware a

---

#### Additional Considerations

Intel CET shadow stack requires Linux Kernel version 6.6 or higher and glibc version 2.39 or higher. Shadow stack support must, in addition, be enabled at run-time by setting the corresponding hardware capability tunable for glibc via the `GLIBC_TUNABLES` environmental variable [^glibc-tunables]: `export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Took a look at this, verified that the versions and details listed are correct:

Would recommend adding the glibc patch where disabled was set to be the default since it's non-obvious behavior: https://sourceware.org/git/?p=glibc.git;a=commit;h=55d63e731253de82e96ed4ddca2e294076cd0bc5

As for IBT, that's a separate feature so I would propose we make it its own issue. I'm also unclear whether that's supported in userland on Linux (per https://docs.kernel.org/next/arch/x86/shstk.html , it appears to be kernel only, see also golang/go#66054 ).

@@ -726,6 +726,12 @@ There are performance implications but they are typically mild due to hardware a

---

#### Additional Considerations

Intel CET shadow stack requires Linux Kernel version 6.6 or higher and glibc version 2.39 or higher. Shadow stack support must, in addition, be enabled at run-time by setting the corresponding hardware capability tunable for glibc via the `GLIBC_TUNABLES` environmental variable [^glibc-tunables]: `export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Took a look at this, verified that the versions and details listed are correct:

Would recommend adding the glibc patch where disabled was set to be the default since it's non-obvious behavior: https://sourceware.org/git/?p=glibc.git;a=commit;h=55d63e731253de82e96ed4ddca2e294076cd0bc5

As for IBT, that's a separate feature so I would propose we make it its own issue. I'm also unclear whether that's supported in userland on Linux (per https://docs.kernel.org/next/arch/x86/shstk.html , it appears to be kernel only, see also golang/go#66054 ).


Intel CET shadow stack requires Linux Kernel version 6.6 or higher and glibc version 2.39 or higher. Shadow stack support must, in addition, be enabled at run-time by setting the corresponding hardware capability tunable for glibc via the `GLIBC_TUNABLES` environmental variable [^glibc-tunables]: `export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK`.

[^glibc-tunables]: GNU C Library team, [Tunables](https://www.gnu.org/software/libc/manual/html_node/Tunables.html), GNU C Library (glibc) manual, 2023-07-31.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this date stamp correct? It looks to me that glibc 2.39 was released 2024-01-31, but I must confess I don't know how the versioning of the documentation differs from the library.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are quite right. This is probably my oversight since I think I copied an existing citation to the glibc manual in my comment. The online glibc manual currently shows it was last updated July 22nd, 2024. Maybe we can use that date. I've usually given the last updated date at the time writing and not worried too much about going back and updating references unless the content has changed significantly.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with creating a separate issue for the IBT. I tested the shadow stack with the mentioned version of kernel and libc. When we can test IBT in userspace, we can also include IBT.

@thomasnyman thomasnyman merged commit 460ff87 into ossf:main Sep 5, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants