This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: V2: [PATCH 02/24] x86: Support shadow stack pointer in setjmp/longjmp
On Sun, Jul 15, 2018 at 1:07 AM, Florian Weimer <fw@deneb.enyo.de> wrote:
> * H. J. Lu:
>
>>> We currently have this (as of commit
>>> faaee1f07ed25b2779bfd935ffb29f431b80d6d3):
>>>
>>> ==> sysdeps/unix/sysv/linux/x86/jmp_buf-ssp.sym <==
>>> #include <setjmpP.h>
>>> #undef __saved_mask
>>>
>>> --
>>> SHADOW_STACK_POINTER_OFFSET offsetof(struct __jmp_buf_tag,
>>> __saved_mask.__saved.__shadow_stack_pointer)
>>>
>>> ==> sysdeps/x86/jmp_buf-ssp.sym <==
>>> -- FIXME: Define SHADOW_STACK_POINTER_OFFSET to support shadow stack.
>>>
>>> So SHADOW_STACK_POINTER_OFFSET is defined unconditionally. I don't
>>> see how the quoted patch changes that.
>>>
>>> Making sure that rdssp is only assembled with --enable-cet looks like
>>> the right solution, but you need something like #if ENABLE_CET, and
>>> not depend on SHADOW_STACK_POINTER_OFFSET being defined.
>>
>> Take sysdeps/x86_64/setjmp.S as example:
>>
>> /* Don't save shadow stack register if shadow stack isn't enabled. */
>> #if !SHSTK_ENABLED
>> # undef SHADOW_STACK_POINTER_OFFSET
>> #endif
>> .....
>>
>> Shadow stack pointer is saved/restored only if --enable-cet is used to
>> configure glibc. If you compile glibc with -fcf-protection, but without
>> configuring glibc with --enable-cet, result is undefined.
>
> That doesn't work because <jmp_buf-ssp.h> is included after the
You are right. sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S checks
SHTSTK_ENABLED after <jmp_buf-ssp.h> is included.
> #undef. I think you can avoid that by using #if SHTSTK_ENABLED
> instead of #ifdef SHADOW_STACK_POINTER_OFFSET, which also expresses
> the intent more accurately.
It is done on purpose. sysdeps/x86_64/__longjmp.S has
/* Don't restore shadow stack register if
1. Shadow stack isn't enabled. Or
2. __longjmp is defined for __longjmp_cancel.
*/
#if !SHSTK_ENABLED || defined __longjmp
# undef SHADOW_STACK_POINTER_OFFSET
#endif
>> BTW, it passed build-many-glibcs.py.
>
> With binutils 2.28?
I am checking in this patch. Tested with build-many-glibcs.py using
binutils 2.28.
--
H.J.
---
>From 338ee814e778c38ca57a02c76056cba978205b95 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Sun, 15 Jul 2018 06:07:52 -0700
Subject: [PATCH] x86_64: Undef SHADOW_STACK_POINTER_OFFSET last
Since SHADOW_STACK_POINTER_OFFSET is defined in jmp_buf-ssp.h, we must
undef SHADOW_STACK_POINTER_OFFSET after including <jmp_buf-ssp.h>.
* sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S: Undef
SHADOW_STACK_POINTER_OFFSET after including <jmp_buf-ssp.h>.
---
sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S
b/sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S
index 7eb26fafca..5d2d275721 100644
--- a/sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S
+++ b/sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S
@@ -19,15 +19,14 @@
#include <jmpbuf-offsets.h>
#include <asm-syntax.h>
#include <stap-probe.h>
+#include <sigaltstack-offsets.h>
+#include <jmp_buf-ssp.h>
/* Don't restore shadow stack register if shadow stack isn't enabled. */
#if !SHSTK_ENABLED
# undef SHADOW_STACK_POINTER_OFFSET
#endif
-#include <sigaltstack-offsets.h>
-#include <jmp_buf-ssp.h>
-
.section .rodata.str1.1,"aMS",@progbits,1
.type longjmp_msg,@object
longjmp_msg:
--
2.17.1