This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH 1/2] x86-64: Add shadow stack base and limit to tcbhead_t
- From: "H.J. Lu" <hjl dot tools at gmail dot com>
- To: "Carlos O'Donell" <carlos at redhat dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Tue, 24 Jul 2018 15:32:26 -0700
- Subject: [PATCH 1/2] x86-64: Add shadow stack base and limit to tcbhead_t
On Tue, Jul 24, 2018 at 1:49 PM, Carlos O'Donell <carlos@redhat.com> wrote:
> On 07/21/2018 10:20 AM, H.J. Lu wrote:
>> This will be used to implement shadow stack switching by getcontext,
>> makecontext, setcontext and swapcontext.
>>
>> * sysdeps/i386/nptl/tcb-offsets.sym (SSP_BASE_OFFSET): New.
>> * sysdeps/i386/nptl/tls.h (tcbhead_t): Replace __glibc_reserved2
>> with ssp_base.
>> * sysdeps/x86_64/nptl/tcb-offsets.sym (SSP_BASE_OFFSET): New.
>> * sysdeps/x86_64/nptl/tls.h (tcbhead_t): Replace __glibc_reserved2
>> with ssp_base.
>
> Looks good to me.
>
> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
>
We find a testcase where setcontext failed when there are gaps above
and below the newly allocated shadow stack. Here is the updated patch
to add shadow stack base and limit to tcbhead_t.
We need to find room for shadow stack base and upper limit in i386
tcbhead_t. I have some ideas. For now, I'd like to get x86-64 working
first.
OK for master branch?
Thanks.
--
H.J.
From ca6aa515a501e40c73a0c8a0feb15a8659520bdb Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 11 Jul 2018 11:54:28 -0700
Subject: [PATCH 1/2] x86-64: Add shadow stack base and limit to tcbhead_t
Add shadow stack base and upper limit to tcbhead_t. They will be
used to implement shadow stack switching by getcontext, makecontext,
setcontext and swapcontext.
Note: We need to find room for shadow stack base and upper limit in
i386 tcbhead_t.
* sysdeps/x86_64/nptl/tcb-offsets.sym (SSP_BASE_OFFSET): New.
(SSP_LIMIT_OFFSET): Likewise.
* sysdeps/x86_64/nptl/tls.h (tcbhead_t): Change __padding to
union with shadow stack base and upper limit.
---
sysdeps/x86_64/nptl/tcb-offsets.sym | 2 ++
sysdeps/x86_64/nptl/tls.h | 12 +++++++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/sysdeps/x86_64/nptl/tcb-offsets.sym b/sysdeps/x86_64/nptl/tcb-offsets.sym
index 387621e88c..da50f249a7 100644
--- a/sysdeps/x86_64/nptl/tcb-offsets.sym
+++ b/sysdeps/x86_64/nptl/tcb-offsets.sym
@@ -13,6 +13,8 @@ MULTIPLE_THREADS_OFFSET offsetof (tcbhead_t, multiple_threads)
POINTER_GUARD offsetof (tcbhead_t, pointer_guard)
VGETCPU_CACHE_OFFSET offsetof (tcbhead_t, vgetcpu_cache)
FEATURE_1_OFFSET offsetof (tcbhead_t, feature_1)
+SSP_BASE_OFFSET offsetof (tcbhead_t, ssp.base)
+SSP_LIMIT_OFFSET offsetof (tcbhead_t, ssp.limit)
-- Not strictly offsets, but these values are also used in the TCB.
TCB_CANCELSTATE_BITMASK CANCELSTATE_BITMASK
diff --git a/sysdeps/x86_64/nptl/tls.h b/sysdeps/x86_64/nptl/tls.h
index f042a0250a..0b2fc9166e 100644
--- a/sysdeps/x86_64/nptl/tls.h
+++ b/sysdeps/x86_64/nptl/tls.h
@@ -65,7 +65,17 @@ typedef struct
like AddressSanitizer, depend on the size of tcbhead_t. */
__128bits __glibc_unused2[8][4] __attribute__ ((aligned (32)));
- void *__padding[8];
+ union
+ {
+ void *__padding[8];
+ struct
+ {
+ /* The lowest address of the current shadow stack, */
+ unsigned long long base;
+ /* The upper limit of the current shadow stack, */
+ unsigned long long limit;
+ } ssp;
+ };
} tcbhead_t;
# ifdef __ILP32__
--
2.17.1