This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: RFC: Shadow Stack support in glibc
On Fri, Jun 9, 2017 at 4:15 AM, Szabolcs Nagy <szabolcs.nagy@arm.com> wrote:
> On 09/06/17 12:13, H.J. Lu wrote:
>> On Fri, Jun 9, 2017 at 2:05 AM, Szabolcs Nagy <szabolcs.nagy@arm.com> wrote:
>>>
>>> fixing setjmp/longjmp is non-trivial since jmpbuf size is abi,
>>> it may be possible to do without saving ssp into jmpbuf though.
>>>
>>
>> Shadow stack is enabled at run-time only if all sources are compiled
>> with shadow stack enabled compiler against shadow stack enabled
>> glibc. setjmp/longjmp are implemented with IFUNC, which uses
>> the old setjmp/longjmp if shadow stack is off and uses the new
>> setjmp/longjmp if shadow stack is on.
>>
>
> that is not enough.
>
> jmpbuf may be used in user code independently of setjmp/longjmp.
>
If that piece of code isn't shadow stack enabled, shadow stack won't
be enabled for the whole program and old setjmp/long will be used.
--
H.J.