This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: RFC: Shadow Stack support in glibc

From: "H.J. Lu" <hjl dot tools at gmail dot com>
To: Szabolcs Nagy <szabolcs dot nagy at arm dot com>
Cc: nd <nd at arm dot com>, Florian Weimer <fweimer at redhat dot com>, Yu-cheng Yu <yu-cheng dot yu at intel dot com>, GNU C Library <libc-alpha at sourceware dot org>, Igor Tsimbalist <tigor dot tools at gmail dot com>, "Shanbhogue, Vedvyas" <vedvyas dot shanbhogue at intel dot com>
Date: Fri, 9 Jun 2017 07:48:30 -0700
Subject: Re: RFC: Shadow Stack support in glibc
Authentication-results: sourceware.org; auth=none
References: <CAMe9rOqN7oNWWmbw_NmaP=TpBDY7jh=MNbJQNaiOR901Rs7bcw@mail.gmail.com> <451a71c6-7eb7-983d-f808-86cf50fc0dca@redhat.com> <1496876422.12598.31.camel@test-lenovo> <59390EEB.4020409@arm.com> <1496951188.15627.51.camel@test-lenovo> <593A64CC.60100@arm.com> <CAMe9rOoPyXrBfbDTx-dQwm1tPXMHp89eiAMpWwsOgJMyi_LQ2w@mail.gmail.com> <593A834A.7050301@arm.com> <593A84D6.40007@arm.com> <CAMe9rOoEdb5OHMZKTcaWyyc-OMtJJh+vtUCZMeTkV2zfc3QCgQ@mail.gmail.com> <9f339124-dd5d-d677-0272-b8bba161e382@redhat.com> <CAMe9rOq_SdTGTMgipAdqZWCGk8-ti8otwsKqe8idr1DXz71_SA@mail.gmail.com> <593A8A26.3090800@arm.com> <CAMe9rOpweY_eehpFoBTBxtJXKcvs5Gvcxin7SnrU=1DqYVjk=w@mail.gmail.com> <593A9B29.2060103@arm.com> <CAMe9rOo6iTYUcc6KBnHvodj6Rj4xnHUjHp4QNHsLgaSV3BhZyA@mail.gmail.com> <593AA581.9080804@arm.com>

On Fri, Jun 9, 2017 at 6:41 AM, Szabolcs Nagy <szabolcs.nagy@arm.com> wrote:
> On 09/06/17 14:06, H.J. Lu wrote:
>> On Fri, Jun 9, 2017 at 5:57 AM, Szabolcs Nagy <szabolcs.nagy@arm.com> wrote:
>>> On 09/06/17 12:45, H.J. Lu wrote:
>>>> On Fri, Jun 9, 2017 at 4:44 AM, Szabolcs Nagy <szabolcs.nagy@arm.com> wrote:
>>>>> On 09/06/17 12:40, H.J. Lu wrote:
>>>>>> On Fri, Jun 9, 2017 at 4:32 AM, Florian Weimer <fweimer@redhat.com> wrote:
>>>>>>> On 06/09/2017 01:28 PM, H.J. Lu wrote:
>>>>>>>> Yes,  99% of codes just need to recompile.  If context functions
>>>>>>>> are used or jmpbuf is used independently of setjmp/longjmp,
>>>>>>>> enabling is needed.
>>>>>>>
>>>>>>> Would you please clarify if the size of the type jmp_buf changes in the
>>>>>>> new compilation mode?
>>>>>>>
>>>>>>
>>>>>> jmp_buf size will be increased unconditionally in glibc whose <setjmp.h>
>>>>>> has
>>>>>>
>>>
>>> note that there is a large unused space in jmp_buf
>>> on linux because of the hurd sigset (__saved_mask member),
>>> if that space can be used in target specific ways then
>>> the abi complications may be possible to avoid.
>>
>> On x86, we have
>>
>> # if __WORDSIZE == 64
>> typedef long int __jmp_buf[8];
>> # elif defined  __x86_64__
>> __extension__ typedef long long int __jmp_buf[8];
>> # else
>> typedef int __jmp_buf[6];
>> # endif
>>
>> We need to grow it for shadow stack.
>>
>
> that's just the first part of the jmp_buf struct,
> what matters is the size of jmp_buf which is
>
> struct __jmp_buf_tag
>   {
>     /* NOTE: The machine-dependent definitions of `__sigsetjmp'
>        assume that a `jmp_buf' begins with a `__jmp_buf' and that
>        `__mask_was_saved' follows it.  Do not move these members
>        or add others before it.  */
>     __jmp_buf __jmpbuf;         /* Calling environment.  */
>     int __mask_was_saved;       /* Saved the signal mask?  */
>     __sigset_t __saved_mask;    /* Saved signal mask.  */
>   };
>
> typedef struct __jmp_buf_tag jmp_buf[1];
>
> and only the first few bytes of __saved_mask is used on linux,
> there is lot of free space there, it's just not setup for
> target specific tinkering currently.
>
>

We can use the unused space for SSP.

-- 
H.J.

Follow-Ups:
- Re: RFC: Shadow Stack support in glibc
  - From: Florian Weimer

References:
- RFC: Shadow Stack support in glibc
  - From: H.J. Lu
- Re: RFC: Shadow Stack support in glibc
  - From: Florian Weimer
- Re: RFC: Shadow Stack support in glibc
  - From: Yu-cheng Yu
- Re: RFC: Shadow Stack support in glibc
  - From: Szabolcs Nagy
- Re: RFC: Shadow Stack support in glibc
  - From: Yu-cheng Yu
- Re: RFC: Shadow Stack support in glibc
  - From: Szabolcs Nagy
- Re: RFC: Shadow Stack support in glibc
  - From: H.J. Lu
- Re: RFC: Shadow Stack support in glibc
  - From: Szabolcs Nagy
- Re: RFC: Shadow Stack support in glibc
  - From: Szabolcs Nagy
- Re: RFC: Shadow Stack support in glibc
  - From: H.J. Lu
- Re: RFC: Shadow Stack support in glibc
  - From: Florian Weimer
- Re: RFC: Shadow Stack support in glibc
  - From: H.J. Lu
- Re: RFC: Shadow Stack support in glibc
  - From: Szabolcs Nagy
- Re: RFC: Shadow Stack support in glibc
  - From: H.J. Lu
- Re: RFC: Shadow Stack support in glibc
  - From: Szabolcs Nagy
- Re: RFC: Shadow Stack support in glibc
  - From: H.J. Lu
- Re: RFC: Shadow Stack support in glibc
  - From: Szabolcs Nagy

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]