x86_64: Use shadow stack for backtrace implementation fw/x86-shstk-backtrace

Test failures: FAIL: debug/tst-backtrace4 FAIL: misc/tst-sigcontext-get_pc The return address of signal handlers is not on the shadow stack.
author: Florian Weimer <fweimer@redhat.com> 2024-05-31 12:26:43 +0200
committer: Florian Weimer <fweimer@redhat.com> 2024-05-31 22:49:18 +0200
commit: c5f7f4fc8bb857cbe07972ff1e29970b101e9995 (patch)
tree: 3ee7b5b3127b3be0bf34b291dd0537f207b5d679
parent: 90ee0d87302810f1670a1fbcf9455b883309b1de (diff)
download: glibc-c5f7f4fc8bb857cbe07972ff1e29970b101e9995.tar.gz
glibc-c5f7f4fc8bb857cbe07972ff1e29970b101e9995.tar.xz
glibc-c5f7f4fc8bb857cbe07972ff1e29970b101e9995.zip
7 files changed, 106 insertions, 5 deletions
diff --git a/debug/backtrace.c b/debug/backtrace.c
index 969d699bd1..2ed0112cb8 100644
--- a/debug/backtrace.c
+++ b/debug/backtrace.c
@@ -20,6 +20,7 @@
 #include <stdlib.h>
 #include <unwind.h>
 #include <unwind-link.h>
+#include <arch_backtrace.h>
 
 struct trace_arg
 {
@@ -63,6 +64,16 @@ backtrace_helper (struct _Unwind_Context *ctx, void *a)
 int
 __backtrace (void **array, int size)
 {
+  if (size <= 0)
+    return 0;
+
+  /* Try the architecture-specific implementation first.  */
+  {
+    int result = __arch_backtrace (array, size);
+    if (result >= 0)
+      return result;
+  }
+
   struct trace_arg arg =
     {
      .array = array,
@@ -72,7 +83,7 @@ __backtrace (void **array, int size)
      .cnt = -1
     };
 
-  if (size <= 0 || arg.unwind_link == NULL)
+  if (arg.unwind_link == NULL)
     return 0;
 
   UNWIND_LINK_PTR (arg.unwind_link, _Unwind_Backtrace)
diff --git a/sysdeps/generic/arch_backtrace.h b/sysdeps/generic/arch_backtrace.h
new file mode 100644
index 0000000000..ebdffd7cb7
--- /dev/null
+++ b/sysdeps/generic/arch_backtrace.h
@@ -0,0 +1,25 @@
+/* Architecture-specific backtrace implementation.  Generic version.
+   Copyright (C) 2024 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+/* The generic implementation always uses falls back to the libgcc
+   unwinder.  */
+static inline __always_inline int
+__arch_backtrace (void **array, int size)
+{
+  return -1;
+}
diff --git a/sysdeps/unix/sysv/linux/tst-sigcontext-get_pc.c b/sysdeps/unix/sysv/linux/tst-sigcontext-get_pc.c
index ea375f97d9..df1c9c43df 100644
--- a/sysdeps/unix/sysv/linux/tst-sigcontext-get_pc.c
+++ b/sysdeps/unix/sysv/linux/tst-sigcontext-get_pc.c
@@ -38,8 +38,10 @@ handler (int signal, siginfo_t *info, void *ctx)
 
   uintptr_t pc = sigcontext_get_pc (ctx);
   printf ("info: address in signal handler: 0x%" PRIxPTR "\n", pc);
+  printf ("info: siginfo_t address: %p\n", info);
+  printf ("info: ucontext_t address: %p\n", ctx);
 
-  void *callstack[10];
+  void *callstack[20];
   int callstack_count = backtrace (callstack, array_length (callstack));
   TEST_VERIFY_EXIT (callstack_count > 0);
   TEST_VERIFY_EXIT (callstack_count <= array_length (callstack));
diff --git a/sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c b/sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c
index b39812f81d..bb41cf1047 100644
--- a/sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c
+++ b/sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c
@@ -76,6 +76,7 @@ asm									\
    ".align 16\n"							\
    ".LSTART_" #name ":\n"						\
    "	.type __" #name ",@function\n"					\
+   "    .globl __" #name "\n"						\
    "__" #name ":\n"							\
    "	movq $" #syscall ", %rax\n"					\
    "	syscall\n"							\
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
index 3d7c2819d7..459844dd20 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
@@ -147,7 +147,7 @@ update_active (struct cpu_features *cpu_features)
   if (!CPU_FEATURES_CPU_P (cpu_features, RTM_ALWAYS_ABORT))
     CPU_FEATURE_SET_ACTIVE (cpu_features, RTM);
 
-#if CET_ENABLED && 0
+#if CET_ENABLED
   CPU_FEATURE_SET_ACTIVE (cpu_features, IBT);
   CPU_FEATURE_SET_ACTIVE (cpu_features, SHSTK);
 #endif
diff --git a/sysdeps/x86_64/arch_backtrace.h b/sysdeps/x86_64/arch_backtrace.h
new file mode 100644
index 0000000000..64f173f734
--- /dev/null
+++ b/sysdeps/x86_64/arch_backtrace.h
@@ -0,0 +1,62 @@
+/* Architecture-specific backtrace implementation.  x86-64 version.
+   Copyright (C) 2024 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <stdbool.h>
+#include <sysdep.h>
+
+/* From libc_sigaction.c.  */
+extern void restore_rt (void) asm ("__restore_rt") attribute_hidden;
+
+/* Copy addresses from the shadow stack if available.  */
+static inline __always_inline int
+__arch_backtrace (void **array, int size)
+{
+#if CET_ENABLED
+  void **ssp;
+  asm ("rdsspq %0"
+       : "=r" (ssp)
+       : "0" (0));
+  if (ssp == NULL)
+    return -1;
+
+  void **ssp_base = (void **) THREAD_GETMEM (THREAD_SELF, header.ssp_base);
+  if (ssp_base < ssp)
+    /* Covers the NULL case.  */
+    return 0;
+
+  long int limit = ssp_base - ssp;
+  if (limit > size)
+    limit = size;
+
+#if 1
+  __builtin_memcpy (array, ssp, limit * sizeof (*array));
+  return limit;
+#else
+  /* We cannot use memcpy because we need to filter out signal
+     frames.  */
+  int count = 0;
+  for (unsigned int i = 0; i < limit; ++i)
+    if (ssp[i] != restore_rt)
+      array[count++] = ssp[i];
+  return count;
+#endif
+
+#else /* !CET_ENABLED */
+  return -1;
+#endif
+}
diff --git a/sysdeps/x86_64/dl-cet.c b/sysdeps/x86_64/dl-cet.c
index d21854924d..25fa6e30b6 100644
--- a/sysdeps/x86_64/dl-cet.c
+++ b/sysdeps/x86_64/dl-cet.c
@@ -338,8 +338,8 @@ _dl_cet_setup_features (unsigned int cet_feature)
 	   : "=r" (ssp)
 	   : "0" (0));
       if (ssp != NULL)
-	/* The caller is the top-most frame, hence the + 8.  */
-	THREAD_SETMEM (THREAD_SELF, header.ssp_base, ssp + 8);
+	/* The caller is the top-most frame, hence the + 1.  */
+	THREAD_SETMEM (THREAD_SELF, header.ssp_base, ssp + 1);
 
       cet_feature = dl_cet_get_cet_status ();
       if (cet_feature != 0)
author	Florian Weimer <fweimer@redhat.com>	2024-05-31 12:26:43 +0200
committer	Florian Weimer <fweimer@redhat.com>	2024-05-31 22:49:18 +0200
commit	c5f7f4fc8bb857cbe07972ff1e29970b101e9995 (patch)
tree	3ee7b5b3127b3be0bf34b291dd0537f207b5d679
parent	90ee0d87302810f1670a1fbcf9455b883309b1de (diff)
download	glibc-c5f7f4fc8bb857cbe07972ff1e29970b101e9995.tar.gz glibc-c5f7f4fc8bb857cbe07972ff1e29970b101e9995.tar.xz glibc-c5f7f4fc8bb857cbe07972ff1e29970b101e9995.zip