This is the mail archive of the
mailing list for the glibc project.
Re: V2: [PATCH 02/24] x86: Support shadow stack pointer in setjmp/longjmp
On Sat, Jul 14, 2018 at 4:15 PM, H.J. Lu <firstname.lastname@example.org> wrote:
> On Sat, Jul 14, 2018 at 4:07 PM, Florian Weimer <email@example.com> wrote:
>> * H. J. Lu:
>>> On Sat, Jul 14, 2018 at 12:57 PM, Florian Weimer <firstname.lastname@example.org> wrote:
>>>> * H. J. Lu:
>>>>> + /* Get the current ssp. */
>>>>> + rdsspd %edx
>>>> This moves the required binutils version past current Debian's 2.28.
>>>> I know we recently increased the minimum make version recently, but
>>>> binutils 2.28 is still quite new, I think.
>>>> Could we list the bytes for the instruction explicitly instead?
>>> The next patch:
>>> has sysdeps/x86/configure.ac:
>> We currently have this (as of commit
>> ==> sysdeps/unix/sysv/linux/x86/jmp_buf-ssp.sym <==
>> #include <setjmpP.h>
>> #undef __saved_mask
>> SHADOW_STACK_POINTER_OFFSET offsetof(struct __jmp_buf_tag, __saved_mask.__saved.__shadow_stack_pointer)
>> ==> sysdeps/x86/jmp_buf-ssp.sym <==
>> -- FIXME: Define SHADOW_STACK_POINTER_OFFSET to support shadow stack.
>> So SHADOW_STACK_POINTER_OFFSET is defined unconditionally. I don't
>> see how the quoted patch changes that.
>> Making sure that rdssp is only assembled with --enable-cet looks like
>> the right solution, but you need something like #if ENABLE_CET, and
>> not depend on SHADOW_STACK_POINTER_OFFSET being defined.
> Take sysdeps/x86_64/setjmp.S as example:
> /* Don't save shadow stack register if shadow stack isn't enabled. */
> #if !SHSTK_ENABLED
> # undef SHADOW_STACK_POINTER_OFFSET
> Shadow stack pointer is saved/restored only if --enable-cet is used to
> configure glibc. If you compile glibc with -fcf-protection, but without
> configuring glibc with --enable-cet, result is undefined.
BTW, it passed build-many-glibcs.py.