Hi Rick,

On 2023-02-18 at 13:13:52 -0800, Rick Edgecombe wrote:
> Hi,
> 
...
> 
> I left tested-by tags in place per discussion with testers. Testers, please
> retest.
> 

1. Tested kself-test from user space shstk on ADL-S, TGL-U without Glibc shstk
support in CentOS 8 stream OS:

// From the test_shadow_stack code in this patch series:
# ./test_shadow_stack
[INFO]  new_ssp = 7f014ac2dff8, *new_ssp = 7f014ac2e001
[INFO]  changing ssp from 7f014a1ffff0 to 7f014ac2dff8
[INFO]  ssp is now 7f014ac2e000
[OK]    Shadow stack pivot
[OK]    Shadow stack faults
[INFO]  Corrupting shadow stack
[INFO]  Generated shadow stack violation successfully
[OK]    Shadow stack violation test
[INFO]  Gup read -> shstk access success
[INFO]  Gup write -> shstk access success
[INFO]  Violation from normal write
[INFO]  Gup read -> write access success
[INFO]  Violation from normal write
[INFO]  Gup write -> write access success
[INFO]  Cow gup write -> write access success
[OK]    Shadow gup test
[INFO]  Violation from shstk access
[OK]    mprotect() test
[OK]    Userfaultfd test
[OK]    32 bit test

// shstk violation without SHSTK glibc support
// Code link: https://github.com/intel/lkvs/blob/main/cet/shstk_cp.c
# ./shstk_cp
[PASS]  Enable SHSTK successfully
[PASS]  Disabling shadow stack successfully
[PASS]  Re-enable shadow stack successfully
[PASS]  SHSTK enabled, ssp:7fa3bfe00000
[INFO]  do_hack() change address for return:
[INFO]  Before,ssp:7fa3bfdffff8,*ssp:40133f,rbp:0x7ffc23b5b440,*rbp:7ffc23b5b480,*(rbp+1):40133f
[INFO]  After, ssp:7fa3bfdffff8,*ssp:40133f,rbp:0x7ffc23b5b440,*rbp:7ffc23b5b480,*(rbp+1):401146
Segmentation fault (core dumped)

Dmesg:
[1117184.518588] shstk_cp[1523882] control protection ip:40122c sp:7ffc23b5b448 ssp:7fa3bfdffff8 error:1(near ret) in shstk_cp[401000+1000]

// shstk ARCH_SHSTK_STATUS read/set test without SHSTK Glibc support
// Code link: https://github.com/intel/lkvs/blob/main/cet/shstk_unlock_test.c
# ./shstk_unlock_test
[PASS]  Parent process enable SHSTK.
[PASS]  Parent pid:1522040, ssp:0x7f57fc400000
[INFO]  pid:1522040, ssp:0x7f57fc3ffff8, *ssp:401799
[PASS]  Unlock CET successfully for pid:1522041
[PASS]  GET CET REG ret:0, err:0, ssp:7f57fc3ffff8
[PASS]  SET CET REG ret:0, err:0, ssp:7f57fc3ffff8
[PASS]  SET ssp -1 failed(expected) ret:-1, errno:22
[PASS]  GET xstate successfully ret:0
[PASS]  SHSTK is enabled in child process
[INFO]  Child:1522041 origin ssp:0x7f57fc400000
[INFO]  Child:1522041, ssp:0x7f57fc400000, bp,0x7ffcf32ba0f0, *bp:401dc0, *(bp+1):7f57fc43ad85
[PASS]  Disabling shadow stack succesfully
[PASS]  SHSTK_STATUS ok, feature:0 is 0, ret:0
[PASS]  Child process re-enable ssp
[PASS]  SHSTK_STATUS ok, feature:1 1st bit is 1, ret:0
[PASS]  Child process enabled wrss
[PASS]  SHSTK_STATUS ok, feature:3 2nd bit is 1, ret:0
[INFO]  Child:1522041, ssp:0x7f57fc400000, bp,0x7ffcf32ba0f0, *bp:401dc0, *(bp+1):7f57fc43ad85
[INFO]  ssp addr:0x7f57fc400000 is same as ssp_verify:0x7f57fc400000
[PASS]  Child process disable shstk successfully.
[PASS]  Parent process disable shadow stack successfully.


2. Tested fedora37 OS + Hongjiu provided user space SHSTK support Glibc:
// shstk with Glibc support:
// Related Glibc support for Fedora37:  http://gnu-4.sc.intel.com/git/?p=hjl/misc.git;a=tree;f=setup/fedora/37;h=63af84a8f28f3d0802f09266e47fb94eb5cdff26;hb=HEAD
# readelf  -n shadow_test_fork | head
readelf: Warning: Gap in build notes detected from 0x4011d7 to 0x4011e4

Displaying notes found in: .note.gnu.property
  Owner                Data size        Description
    GNU                  0x00000040       NT_GNU_PROPERTY_TYPE_0
          Properties: x86 feature: IBT, SHSTK
...
// shadow_test_fork code is in attached
// gcc -fcf-protection=full -mshstk -O0 -fno-stack-check -fno-stack-protector    shadow_test_fork.c   -o shadow_test_fork
# ./shadow_test_fork s2
[INFO]  s2: stack rbp + 1
[INFO]  do_hack() change address for return:
[INFO]  After change, rbp+1 to hacked:0x401296
Segmentation fault (core dumped)

Dmesg:
[418653.591014] shadow_test_for[16529] control protection ip:401367 sp:7fff6ed0a728 ssp:7f661265bfe0 error:1(near ret) in shadow_test_fork[401000+1000]

All above user space SHSTK tests are passed.

Many thanks Rick and all!

Thanks!
BR.
Pengfei

> -- 
> 2.17.1
>