This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

RFC: Shadow Stack support in glibc

From: "H.J. Lu" <hjl dot tools at gmail dot com>
To: GNU C Library <libc-alpha at sourceware dot org>
Cc: Igor Tsimbalist <tigor dot tools at gmail dot com>, vedvyas dot shanbhogue at intel dot com, yu-cheng dot yu at intel dot com
Date: Mon, 5 Jun 2017 14:36:14 -0700
Subject: RFC: Shadow Stack support in glibc
Authentication-results: sourceware.org; auth=none

To support Shadow Stack in Intel Control-flow Enforcement Technology (CET)
instructions:

https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf

Most of glibc functions are compatible with Shadow Stack, except for

1. setjmp/longjmp need to be extended to support Shadow Stack.
2. getcontext/setcontext may be extended to support Shadow Stack.
3. makecontext/swapcontext are hard to support Shadow Stack.

To enable Shadow Stack in glibc, there are 2 approaches:

1. Only support Shadow Stack in getcontext/setcontext and disallow
makecontext/swapcontext when Shadow Stack is used.
2. Disallow getcontext/setcontext/makecontext/swapcontext when
when Shadow Stack is used.

If we decide to disallow getcontext/setcontext/makecontext/swapcontext
when Shadow Stack is used, should we add a new set of functions
compatible with Shadow Stack to manipulate user context?


-- 
H.J.

Follow-Ups:
- Re: RFC: Shadow Stack support in glibc
  - From: Paul Eggert
- Re: RFC: Shadow Stack support in glibc
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]