This is the mail archive of the
mailing list for the glibc project.
Re: V2: [PATCH 02/24] x86: Support shadow stack pointer in setjmp/longjmp
On Sat, Jul 14, 2018 at 4:07 PM, Florian Weimer <email@example.com> wrote:
> * H. J. Lu:
>> On Sat, Jul 14, 2018 at 12:57 PM, Florian Weimer <firstname.lastname@example.org> wrote:
>>> * H. J. Lu:
>>>> + /* Get the current ssp. */
>>>> + rdsspd %edx
>>> This moves the required binutils version past current Debian's 2.28.
>>> I know we recently increased the minimum make version recently, but
>>> binutils 2.28 is still quite new, I think.
>>> Could we list the bytes for the instruction explicitly instead?
>> The next patch:
>> has sysdeps/x86/configure.ac:
> We currently have this (as of commit
> ==> sysdeps/unix/sysv/linux/x86/jmp_buf-ssp.sym <==
> #include <setjmpP.h>
> #undef __saved_mask
> SHADOW_STACK_POINTER_OFFSET offsetof(struct __jmp_buf_tag, __saved_mask.__saved.__shadow_stack_pointer)
> ==> sysdeps/x86/jmp_buf-ssp.sym <==
> -- FIXME: Define SHADOW_STACK_POINTER_OFFSET to support shadow stack.
> So SHADOW_STACK_POINTER_OFFSET is defined unconditionally. I don't
> see how the quoted patch changes that.
> Making sure that rdssp is only assembled with --enable-cet looks like
> the right solution, but you need something like #if ENABLE_CET, and
> not depend on SHADOW_STACK_POINTER_OFFSET being defined.
Take sysdeps/x86_64/setjmp.S as example:
/* Don't save shadow stack register if shadow stack isn't enabled. */
# undef SHADOW_STACK_POINTER_OFFSET
Shadow stack pointer is saved/restored only if --enable-cet is used to
configure glibc. If you compile glibc with -fcf-protection, but without
configuring glibc with --enable-cet, result is undefined.