From faaee1f07ed25b2779bfd935ffb29f431b80d6d3 Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Sat, 14 Jul 2018 05:59:29 -0700 Subject: x86: Support shadow stack pointer in setjmp/longjmp Save and restore shadow stack pointer in setjmp and longjmp to support shadow stack in Intel CET. Use feature_1 in tcbhead_t to check if shadow stack is enabled before saving and restoring shadow stack pointer. Reviewed-by: Carlos O'Donell * sysdeps/i386/__longjmp.S: Include . (__longjmp): Restore shadow stack pointer if shadow stack is enabled, SHADOW_STACK_POINTER_OFFSET is defined and __longjmp isn't defined for __longjmp_cancel. * sysdeps/i386/bsd-_setjmp.S: Include . (_setjmp): Save shadow stack pointer if shadow stack is enabled and SHADOW_STACK_POINTER_OFFSET is defined. * sysdeps/i386/bsd-setjmp.S: Include . (setjmp): Save shadow stack pointer if shadow stack is enabled and SHADOW_STACK_POINTER_OFFSET is defined. * sysdeps/i386/setjmp.S: Include . (__sigsetjmp): Save shadow stack pointer if shadow stack is enabled and SHADOW_STACK_POINTER_OFFSET is defined. * sysdeps/unix/sysv/linux/i386/____longjmp_chk.S: Include . (____longjmp_chk): Restore shadow stack pointer if shadow stack is enabled and SHADOW_STACK_POINTER_OFFSET is defined. * sysdeps/unix/sysv/linux/x86/Makefile (gen-as-const-headers): Remove jmp_buf-ssp.sym. * sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S: Include . (____longjmp_chk): Restore shadow stack pointer if shadow stack is enabled and SHADOW_STACK_POINTER_OFFSET is defined. * sysdeps/x86/Makefile (gen-as-const-headers): Add jmp_buf-ssp.sym. * sysdeps/x86/jmp_buf-ssp.sym: New dummy file. * sysdeps/x86_64/__longjmp.S: Include . (__longjmp): Restore shadow stack pointer if shadow stack is enabled, SHADOW_STACK_POINTER_OFFSET is defined and __longjmp isn't defined for __longjmp_cancel. * sysdeps/x86_64/setjmp.S: Include . (__sigsetjmp): Save shadow stack pointer if shadow stack is enabled and SHADOW_STACK_POINTER_OFFSET is defined. --- sysdeps/unix/sysv/linux/i386/____longjmp_chk.S | 37 +++++++++++++++++++++++ sysdeps/unix/sysv/linux/x86/Makefile | 1 - sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S | 38 ++++++++++++++++++++++++ 3 files changed, 75 insertions(+), 1 deletion(-) (limited to 'sysdeps/unix/sysv') diff --git a/sysdeps/unix/sysv/linux/i386/____longjmp_chk.S b/sysdeps/unix/sysv/linux/i386/____longjmp_chk.S index 3452433112..a7640d9892 100644 --- a/sysdeps/unix/sysv/linux/i386/____longjmp_chk.S +++ b/sysdeps/unix/sysv/linux/i386/____longjmp_chk.S @@ -17,9 +17,14 @@ #include #include +#include #include #include +/* Don't restore shadow stack register if shadow stack isn't enabled. */ +#if !SHSTK_ENABLED +# undef SHADOW_STACK_POINTER_OFFSET +#endif .section .rodata.str1.1,"aMS",@progbits,1 .type longjmp_msg,@object @@ -46,6 +51,38 @@ longjmp_msg: ENTRY (____longjmp_chk) movl 4(%esp), %ecx /* User's jmp_buf in %ecx. */ +#ifdef SHADOW_STACK_POINTER_OFFSET +# if IS_IN (libc) && defined SHARED && defined FEATURE_1_OFFSET + /* Check if Shadow Stack is enabled. */ + testl $X86_FEATURE_1_SHSTK, %gs:FEATURE_1_OFFSET + jz L(skip_ssp) +# else + xorl %edx, %edx +# endif + /* Check and adjust the Shadow-Stack-Pointer. */ + rdsspd %edx + /* And compare it with the saved ssp value. */ + subl SHADOW_STACK_POINTER_OFFSET(%ecx), %edx + je L(skip_ssp) + /* Count the number of frames to adjust and adjust it + with incssp instruction. The instruction can adjust + the ssp by [0..255] value only thus use a loop if + the number of frames is bigger than 255. */ + negl %edx + shrl $2, %edx + /* NB: We saved Shadow-Stack-Pointer of setjmp. Since we are + restoring Shadow-Stack-Pointer of setjmp's caller, we + need to unwind shadow stack by one more frame. */ + addl $1, %edx + movl $255, %ebx +L(loop): + cmpl %ebx, %edx + cmovb %edx, %ebx + incsspd %ebx + subl %ebx, %edx + ja L(loop) +L(skip_ssp): +#endif /* Save the return address now. */ movl (JB_PC*4)(%ecx), %edx /* Get the stack pointer. */ diff --git a/sysdeps/unix/sysv/linux/x86/Makefile b/sysdeps/unix/sysv/linux/x86/Makefile index c55a43e58d..111ff9ff58 100644 --- a/sysdeps/unix/sysv/linux/x86/Makefile +++ b/sysdeps/unix/sysv/linux/x86/Makefile @@ -21,6 +21,5 @@ sysdep_routines += dl-vdso endif ifeq ($(subdir),setjmp) -gen-as-const-headers += jmp_buf-ssp.sym tests += tst-saved_mask-1 endif diff --git a/sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S b/sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S index 8a9f2e1a3c..7eb26fafca 100644 --- a/sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S +++ b/sysdeps/unix/sysv/linux/x86_64/____longjmp_chk.S @@ -20,7 +20,13 @@ #include #include +/* Don't restore shadow stack register if shadow stack isn't enabled. */ +#if !SHSTK_ENABLED +# undef SHADOW_STACK_POINTER_OFFSET +#endif + #include +#include .section .rodata.str1.1,"aMS",@progbits,1 .type longjmp_msg,@object @@ -105,6 +111,38 @@ ENTRY(____longjmp_chk) cfi_restore (%rsi) .Lok: +#ifdef SHADOW_STACK_POINTER_OFFSET +# if IS_IN (libc) && defined SHARED && defined FEATURE_1_OFFSET + /* Check if Shadow Stack is enabled. */ + testl $X86_FEATURE_1_SHSTK, %fs:FEATURE_1_OFFSET + jz L(skip_ssp) +# else + xorl %eax, %eax +# endif + /* Check and adjust the Shadow-Stack-Pointer. */ + rdsspq %rax + /* And compare it with the saved ssp value. */ + subq SHADOW_STACK_POINTER_OFFSET(%rdi), %rax + je L(skip_ssp) + /* Count the number of frames to adjust and adjust it + with incssp instruction. The instruction can adjust + the ssp by [0..255] value only thus use a loop if + the number of frames is bigger than 255. */ + negq %rax + shrq $3, %rax + /* NB: We saved Shadow-Stack-Pointer of setjmp. Since we are + restoring Shadow-Stack-Pointer of setjmp's caller, we + need to unwind shadow stack by one more frame. */ + addq $1, %rax + movl $255, %ebx +L(loop): + cmpq %rbx, %rax + cmovb %rax, %rbx + incsspq %rbx + subq %rbx, %rax + ja L(loop) +L(skip_ssp): +#endif LIBC_PROBE (longjmp, 3, LP_SIZE@%RDI_LP, -4@%esi, LP_SIZE@%RDX_LP) /* We add unwind information for the target here. */ cfi_def_cfa(%rdi, 0) -- cgit 1.4.1