diff options
author | Igor Zamyatin <igor.zamyatin@intel.com> | 2015-07-09 06:50:12 -0700 |
---|---|---|
committer | H.J. Lu <hjl.tools@gmail.com> | 2015-07-09 06:50:12 -0700 |
commit | 14c5cbabc2d11004ab223ae5eae761ddf83ef99e (patch) | |
tree | ee8516f9bb7f2e9435d05641dfa415e795f7b65e /sysdeps/i386/dl-trampoline.S | |
parent | 632b3db8e2ba1f454872f7ebe1335966f8161c43 (diff) | |
download | glibc-14c5cbabc2d11004ab223ae5eae761ddf83ef99e.tar.gz glibc-14c5cbabc2d11004ab223ae5eae761ddf83ef99e.tar.xz glibc-14c5cbabc2d11004ab223ae5eae761ddf83ef99e.zip |
Preserve bound registers for pointer pass/return
We need to save/restore bound registers and add a BND prefix before branches in _dl_runtime_profile so that bound registers for pointer pass and return are preserved when LD_AUDIT is used. [BZ #18134] * sysdeps/i386/configure.ac: Set HAVE_MPX_SUPPORT. * sysdeps/i386/configure: Regenerated. * sysdeps/i386/dl-trampoline.S (PRESERVE_BND_REGS_PREFIX): New. (_dl_runtime_profile): Save and restore Intel MPX return bound registers when calling _dl_call_pltexit. Add PRESERVE_BND_REGS_PREFIX before return. * sysdeps/i386/link-defines.sym (LRV_BND0_OFFSET): New. (LRV_BND1_OFFSET): Likewise. * sysdeps/x86/bits/link.h (La_i86_retval): Add lrv_bnd0 and lrv_bnd1. * sysdeps/x86_64/dl-trampoline.S (_dl_runtime_profile): Fix typo in bndmov encoding. * sysdeps/x86_64/dl-trampoline.h: Properly save and restore Intel MPX bound registers. Add PRESERVE_BND_REGS_PREFIX before branch instructions to preserve bounds.
Diffstat (limited to 'sysdeps/i386/dl-trampoline.S')
-rw-r--r-- | sysdeps/i386/dl-trampoline.S | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/sysdeps/i386/dl-trampoline.S b/sysdeps/i386/dl-trampoline.S index 7c72b03b19..8a2fd8ddd6 100644 --- a/sysdeps/i386/dl-trampoline.S +++ b/sysdeps/i386/dl-trampoline.S @@ -19,6 +19,12 @@ #include <sysdep.h> #include <link-defines.h> +#ifdef HAVE_MPX_SUPPORT +# define PRESERVE_BND_REGS_PREFIX bnd +#else +# define PRESERVE_BND_REGS_PREFIX .byte 0xf2 +#endif + .text .globl _dl_runtime_resolve .type _dl_runtime_resolve, @function @@ -172,6 +178,13 @@ _dl_runtime_profile: movl %edx, LRV_EDX_OFFSET(%esp) fstpt LRV_ST0_OFFSET(%esp) fstpt LRV_ST1_OFFSET(%esp) +#ifdef HAVE_MPX_SUPPORT + bndmov %bnd0, LRV_BND0_OFFSET(%esp) + bndmov %bnd1, LRV_BND1_OFFSET(%esp) +#else + .byte 0x66,0x0f,0x1b,0x44,0x24,LRV_BND0_OFFSET + .byte 0x66,0x0f,0x1b,0x4c,0x24,LRV_BND1_OFFSET +#endif pushl %esp cfi_adjust_cfa_offset (4) # Address of La_i86_regs area. @@ -185,9 +198,17 @@ _dl_runtime_profile: movl LRV_EDX_OFFSET(%esp), %edx fldt LRV_ST1_OFFSET(%esp) fldt LRV_ST0_OFFSET(%esp) +#ifdef HAVE_MPX_SUPPORT + bndmov LRV_BND0_OFFSET(%esp), %bnd0 + bndmov LRV_BND1_OFFSET(%esp), %bnd1 +#else + .byte 0x66,0x0f,0x1a,0x44,0x24,LRV_BND0_OFFSET + .byte 0x66,0x0f,0x1a,0x4c,0x24,LRV_BND1_OFFSET +#endif # Restore stack before return. addl $(LRV_SIZE + 4 + LR_SIZE + 4), %esp cfi_adjust_cfa_offset (-(LRV_SIZE + 4 + LR_SIZE + 4)) + PRESERVE_BND_REGS_PREFIX ret cfi_endproc .size _dl_runtime_profile, .-_dl_runtime_profile |