This is the mail archive of the
mailing list for the glibc project.
Re: RFC: Shadow Stack support in glibc
- From: Paul Eggert <eggert at cs dot ucla dot edu>
- To: "H.J. Lu" <hjl dot tools at gmail dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>, Igor Tsimbalist <tigor dot tools at gmail dot com>, vedvyas dot shanbhogue at intel dot com, yu-cheng dot yu at intel dot com
- Date: Mon, 5 Jun 2017 23:38:34 -0700
- Subject: Re: RFC: Shadow Stack support in glibc
- Authentication-results: sourceware.org; auth=none
- References: <CAMe9rOqN7oNWWmbw_NmaP=TpBDY7jh=MNbJQNaiOR901Rs7bcw@mail.gmail.com> <firstname.lastname@example.org> <CAMe9rOq4m+eZ5f7BWu8RXoVDP5fji8rb4Ufs8RbK6EKV+dG+2A@mail.gmail.com>
H.J. Lu wrote:
#if SHADOW STACK is enabled
It's a compile-time option? (Somehow I expected runtime.)
Does the compiler need to generate special code for it? Can some modules be
compiled with it, and some without? How does that work in the presence of setjmp?
makecontext, getcontext and setcontext are used in libgo.
The libgo developers might be a good source for advice here.
Come to think of it, surely these functions can all be implemented via a
syscall, which could check its arguments at least as well as the hardware checks
ordinary call and return. (Just thinking out loud, admittedly.)