diff options
author | H.J. Lu <hjl.tools@gmail.com> | 2018-07-14 05:59:29 -0700 |
---|---|---|
committer | H.J. Lu <hjl.tools@gmail.com> | 2018-07-14 05:59:53 -0700 |
commit | faaee1f07ed25b2779bfd935ffb29f431b80d6d3 (patch) | |
tree | 3c85f88e2312c67e0f0e54be10b0bec833c7541f /sysdeps/i386 | |
parent | ebff9c5cfae62e84dbd0456d564bd882818dc15f (diff) | |
download | glibc-faaee1f07ed25b2779bfd935ffb29f431b80d6d3.tar glibc-faaee1f07ed25b2779bfd935ffb29f431b80d6d3.tar.gz glibc-faaee1f07ed25b2779bfd935ffb29f431b80d6d3.tar.bz2 glibc-faaee1f07ed25b2779bfd935ffb29f431b80d6d3.zip |
x86: Support shadow stack pointer in setjmp/longjmp
Save and restore shadow stack pointer in setjmp and longjmp to support
shadow stack in Intel CET. Use feature_1 in tcbhead_t to check if
shadow stack is enabled before saving and restoring shadow stack pointer.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
* sysdeps/i386/__longjmp.S: Include <jmp_buf-ssp.h>.
(__longjmp): Restore shadow stack pointer if shadow stack is
enabled, SHADOW_STACK_POINTER_OFFSET is defined and __longjmp
isn't defined for __longjmp_cancel.
* sysdeps/i386/bsd-_setjmp.S: Include <jmp_buf-ssp.h>.
(_setjmp): Save shadow stack pointer if shadow stack is enabled
and SHADOW_STACK_POINTER_OFFSET is defined.
* sysdeps/i386/bsd-setjmp.S: Include <jmp_buf-ssp.h>.
(setjmp): Save shadow stack pointer if shadow stack is enabled
and SHADOW_STACK_POINTER_OFFSET is defined.
* sysdeps/i386/setjmp.S: Include <jmp_buf-ssp.h>.
(__sigsetjmp): Save shadow stack pointer if shadow stack is
enabled and SHADOW_STACK_POINTER_OFFSET is defined.
* sysdeps/unix/sysv/linux/i386/____longjmp_chk.S: Include
<jmp_buf-ssp.h>.
(____longjmp_chk): Restore shadow stack pointer if shadow stack
is enabled and SHADOW_STACK_POINTER_OFFSET is defined.
* sysdeps/unix/sysv/linux/x86/Makefile (gen-as-const-headers):
Remove jmp_buf-ssp.sym.
* sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S: Include
<jmp_buf-ssp.h>.
(____longjmp_chk): Restore shadow stack pointer if shadow stack
is enabled and SHADOW_STACK_POINTER_OFFSET is defined.
* sysdeps/x86/Makefile (gen-as-const-headers): Add
jmp_buf-ssp.sym.
* sysdeps/x86/jmp_buf-ssp.sym: New dummy file.
* sysdeps/x86_64/__longjmp.S: Include <jmp_buf-ssp.h>.
(__longjmp): Restore shadow stack pointer if shadow stack is
enabled, SHADOW_STACK_POINTER_OFFSET is defined and __longjmp
isn't defined for __longjmp_cancel.
* sysdeps/x86_64/setjmp.S: Include <jmp_buf-ssp.h>.
(__sigsetjmp): Save shadow stack pointer if shadow stack is
enabled and SHADOW_STACK_POINTER_OFFSET is defined.
Diffstat (limited to 'sysdeps/i386')
-rw-r--r-- | sysdeps/i386/__longjmp.S | 73 | ||||
-rw-r--r-- | sysdeps/i386/bsd-_setjmp.S | 21 | ||||
-rw-r--r-- | sysdeps/i386/bsd-setjmp.S | 21 | ||||
-rw-r--r-- | sysdeps/i386/setjmp.S | 21 |
4 files changed, 136 insertions, 0 deletions
diff --git a/sysdeps/i386/__longjmp.S b/sysdeps/i386/__longjmp.S index b38333bead..6e98ed538d 100644 --- a/sysdeps/i386/__longjmp.S +++ b/sysdeps/i386/__longjmp.S @@ -18,14 +18,55 @@ #include <sysdep.h> #include <jmpbuf-offsets.h> +#include <jmp_buf-ssp.h> #include <asm-syntax.h> #include <stap-probe.h> +/* Don't restore shadow stack register if + 1. Shadow stack isn't enabled. Or + 2. __longjmp is defined for __longjmp_cancel. + */ +#if !SHSTK_ENABLED || defined __longjmp +# undef SHADOW_STACK_POINTER_OFFSET +#endif + .text ENTRY (__longjmp) #ifdef PTR_DEMANGLE movl 4(%esp), %eax /* User's jmp_buf in %eax. */ +# ifdef SHADOW_STACK_POINTER_OFFSET +# if IS_IN (libc) && defined SHARED && defined FEATURE_1_OFFSET + /* Check if Shadow Stack is enabled. */ + testl $X86_FEATURE_1_SHSTK, %gs:FEATURE_1_OFFSET + jz L(skip_ssp) +# else + xorl %edx, %edx +# endif + /* Check and adjust the Shadow-Stack-Pointer. */ + rdsspd %edx + /* And compare it with the saved ssp value. */ + subl SHADOW_STACK_POINTER_OFFSET(%eax), %edx + je L(skip_ssp) + /* Count the number of frames to adjust and adjust it + with incssp instruction. The instruction can adjust + the ssp by [0..255] value only thus use a loop if + the number of frames is bigger than 255. */ + negl %edx + shrl $2, %edx + /* NB: We saved Shadow-Stack-Pointer of setjmp. Since we are + restoring Shadow-Stack-Pointer of setjmp's caller, we + need to unwind shadow stack by one more frame. */ + addl $1, %edx + movl $255, %ebx +L(loop): + cmpl %ebx, %edx + cmovb %edx, %ebx + incsspd %ebx + subl %ebx, %edx + ja L(loop) +L(skip_ssp): +# endif /* Save the return address now. */ movl (JB_PC*4)(%eax), %edx /* Get the stack pointer. */ @@ -56,6 +97,38 @@ ENTRY (__longjmp) #else movl 4(%esp), %ecx /* User's jmp_buf in %ecx. */ movl 8(%esp), %eax /* Second argument is return value. */ +# ifdef SHADOW_STACK_POINTER_OFFSET +# if IS_IN (libc) && defined SHARED + /* Check if Shadow Stack is enabled. */ + testl $X86_FEATURE_1_SHSTK, %gs:FEATURE_1_OFFSET + jz L(skip_ssp) +# endif + /* Check and adjust the Shadow-Stack-Pointer. */ + xorl %edx, %edx + /* Get the current ssp. */ + rdsspd %edx + /* And compare it with the saved ssp value. */ + subl SHADOW_STACK_POINTER_OFFSET(%ecx), %edx + je L(skip_ssp) + /* Count the number of frames to adjust and adjust it + with incssp instruction. The instruction can adjust + the ssp by [0..255] value only thus use a loop if + the number of frames is bigger than 255. */ + negl %edx + shrl $2, %edx + /* NB: We saved Shadow-Stack-Pointer of setjmp. Since we are + restoring Shadow-Stack-Pointer of setjmp's caller, we + need to unwind shadow stack by one more frame. */ + addl $1, %edx + movl $255, %ebx +L(loop): + cmpl %ebx, %edx + cmovb %edx, %ebx + incsspd %ebx + subl %ebx, %edx + ja L(loop) +L(skip_ssp): +# endif /* Save the return address now. */ movl (JB_PC*4)(%ecx), %edx LIBC_PROBE (longjmp, 3, 4@%ecx, -4@%eax, 4@%edx) diff --git a/sysdeps/i386/bsd-_setjmp.S b/sysdeps/i386/bsd-_setjmp.S index a626cc6d22..db47df0ba1 100644 --- a/sysdeps/i386/bsd-_setjmp.S +++ b/sysdeps/i386/bsd-_setjmp.S @@ -22,12 +22,18 @@ #include <sysdep.h> #include <jmpbuf-offsets.h> +#include <jmp_buf-ssp.h> #include <stap-probe.h> #define PARMS 4 /* no space for saved regs */ #define JMPBUF PARMS #define SIGMSK JMPBUF+4 +/* Don't save shadow stack register if shadow stack isn't enabled. */ +#if !SHSTK_ENABLED +# undef SHADOW_STACK_POINTER_OFFSET +#endif + ENTRY (_setjmp) xorl %eax, %eax @@ -51,6 +57,21 @@ ENTRY (_setjmp) movl %ebp, (JB_BP*4)(%edx) /* Save caller's frame pointer. */ movl %eax, JB_SIZE(%edx) /* No signal mask set. */ +#ifdef SHADOW_STACK_POINTER_OFFSET +# if IS_IN (libc) && defined SHARED && defined FEATURE_1_OFFSET + /* Check if Shadow Stack is enabled. */ + testl $X86_FEATURE_1_SHSTK, %gs:FEATURE_1_OFFSET + jz L(skip_ssp) +# else + xorl %ecx, %ecx +# endif + /* Get the current Shadow-Stack-Pointer and save it. */ + rdsspd %ecx + movl %ecx, SHADOW_STACK_POINTER_OFFSET(%edx) +# if IS_IN (libc) && defined SHARED && defined FEATURE_1_OFFSET +L(skip_ssp): +# endif +#endif ret END (_setjmp) libc_hidden_def (_setjmp) diff --git a/sysdeps/i386/bsd-setjmp.S b/sysdeps/i386/bsd-setjmp.S index 2da8b73c49..1290d0d82b 100644 --- a/sysdeps/i386/bsd-setjmp.S +++ b/sysdeps/i386/bsd-setjmp.S @@ -22,12 +22,18 @@ #include <sysdep.h> #include <jmpbuf-offsets.h> +#include <jmp_buf-ssp.h> #include <stap-probe.h> #define PARMS 4 /* no space for saved regs */ #define JMPBUF PARMS #define SIGMSK JMPBUF+4 +/* Don't save shadow stack register if shadow stack isn't enabled. */ +#if !SHSTK_ENABLED +# undef SHADOW_STACK_POINTER_OFFSET +#endif + ENTRY (setjmp) /* Note that we have to use a non-exported symbol in the next jump since otherwise gas will emit it as a jump through the @@ -51,6 +57,21 @@ ENTRY (setjmp) #endif movl %ecx, (JB_PC*4)(%eax) movl %ebp, (JB_BP*4)(%eax) /* Save caller's frame pointer. */ +#ifdef SHADOW_STACK_POINTER_OFFSET +# if IS_IN (libc) && defined SHARED && defined FEATURE_1_OFFSET + /* Check if Shadow Stack is enabled. */ + testl $X86_FEATURE_1_SHSTK, %gs:FEATURE_1_OFFSET + jz L(skip_ssp) +# else + xorl %ecx, %ecx +# endif + /* Get the current Shadow-Stack-Pointer and save it. */ + rdsspd %ecx + movl %ecx, SHADOW_STACK_POINTER_OFFSET(%eax) +# if IS_IN (libc) && defined SHARED && defined FEATURE_1_OFFSET +L(skip_ssp): +# endif +#endif /* Call __sigjmp_save. */ pushl $1 diff --git a/sysdeps/i386/setjmp.S b/sysdeps/i386/setjmp.S index 6a08701717..889337b8ae 100644 --- a/sysdeps/i386/setjmp.S +++ b/sysdeps/i386/setjmp.S @@ -18,6 +18,7 @@ #include <sysdep.h> #include <jmpbuf-offsets.h> +#include <jmp_buf-ssp.h> #include <asm-syntax.h> #include <stap-probe.h> @@ -25,6 +26,11 @@ #define JMPBUF PARMS #define SIGMSK JMPBUF+4 +/* Don't save shadow stack register if shadow stack isn't enabled. */ +#if !SHSTK_ENABLED +# undef SHADOW_STACK_POINTER_OFFSET +#endif + ENTRY (__sigsetjmp) movl JMPBUF(%esp), %eax @@ -46,6 +52,21 @@ ENTRY (__sigsetjmp) movl %ecx, (JB_PC*4)(%eax) movl %ebp, (JB_BP*4)(%eax) /* Save caller's frame pointer. */ +#ifdef SHADOW_STACK_POINTER_OFFSET +# if IS_IN (libc) && defined SHARED && defined FEATURE_1_OFFSET + /* Check if Shadow Stack is enabled. */ + testl $X86_FEATURE_1_SHSTK, %gs:FEATURE_1_OFFSET + jz L(skip_ssp) +# else + xorl %ecx, %ecx +# endif + /* Get the current Shadow-Stack-Pointer and save it. */ + rdsspd %ecx + movl %ecx, SHADOW_STACK_POINTER_OFFSET(%eax) +# if IS_IN (libc) && defined SHARED && defined FEATURE_1_OFFSET +L(skip_ssp): +# endif +#endif #if IS_IN (rtld) /* In ld.so we never save the signal mask. */ xorl %eax, %eax |