From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: "H.J. Lu" Newsgroups: gmane.comp.lib.glibc.alpha Subject: Re: [PATCH 0/2] nptl: Update struct pthread_unwind_buf Date: Thu, 8 Mar 2018 04:48:10 -0800 Message-ID: References: <20180201205757.51911-1-hjl.tools@gmail.com> <87a7vyjsqv.fsf@mid.deneb.enyo.de> <87vaelbetu.fsf@mid.deneb.enyo.de> <87fu5pb7ql.fsf@mid.deneb.enyo.de> <877er1b4zp.fsf@mid.deneb.enyo.de> <87371pb3ga.fsf@mid.deneb.enyo.de> <87tvu59o21.fsf@mid.deneb.enyo.de> <87po4t9mxt.fsf@mid.deneb.enyo.de> <3764b0a1-9f26-6f5f-1bc5-d374f2672f3a@redhat.com> <86d5d5ba-2b53-1904-dada-3efe2b3ad501@redhat.com> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Trace: blaine.gmane.org 1520513206 29591 195.159.176.226 (8 Mar 2018 12:46:46 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Thu, 8 Mar 2018 12:46:46 +0000 (UTC) Cc: "Carlos O'Donell" , Florian Weimer , GNU C Library To: "Tsimbalist, Igor V" Original-X-From: libc-alpha-return-90900-glibc-alpha=m.gmane.org@sourceware.org Thu Mar 08 13:46:41 2018 Return-path: Envelope-to: glibc-alpha@blaine.gmane.org DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; q=dns; s=default; b=cjgC PaNDz9+E/epCuAvtUizOl4hOHfRE8zuXW4qMO9FlCJSV4zNWuXn9RTQLvK1OLbRz tIM1JNavZ8avS/nHBbXMeRfjgRIA7A1J4OwDIFb309VZiEqLSYrv8B7sOfz7qecw ws84tS0RJW9hX57ML4ogKl21ZLDlK+s6i8dQGpE= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; s=default; bh=6Cy6NGE463 fPEn9k/EuKO5bKTaI=; b=Sznyi6+2VqQ41IA7p9MOFOBvenKAFJgOuhnVaqfgmf tScIQXSqbR/zgum+SGdDBloayo8RAtdQSjEssx931XuLdow304/1ZfqD30HgvJc9 vDG+2nTD77cZMA7c64OneOSfOq72dUs71hUxZrlBSOXiuH0aCsOTV3HozCA8e3NU U= Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Original-Sender: libc-alpha-owner@sourceware.org Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,SPF_PASS,TIME_LIMIT_EXCEEDED autolearn=unavailable version=3.3.2 spammy= X-HELO: mail-oi0-f66.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=PWDfTtFqcNVBmV7u0dCF2zZMB46w9L9JdYJTiXlyQUQ=; b=etbGpG2MnKgR/sQSQB7UK0YKnhvZ6Izev7Alw6wsW5hzOfGRbCUPyffqp5MCLigQD3 geQIZ2KIeXuLheiOlrSjQa+RJ77E5OofOZAAg2WIH9DdruQtYC3wXec5om1jpP4O6NJA 0KNpZnEdJOQNLxD0IZEfJxCizl3z3UD8mtGjLd6yvqaEeTfat7hNajT4B7LQL9vwbTW0 sAokqYyudw9xRkSci1P8r1C8vl4o+dWw0dYk9rfCz4sUsgzZ+ckSKs58wmjLKAWXEHme lDVGEml+6w1qSL3/1h/4cgHsn/xUNPmcKyI1JTjMNGwK3m6aPdfvmD+tvcTcRq6SkHZD Xm3Q== X-Gm-Message-State: AElRT7FIfWMqIDo/OhE+k15lMZsLqlXKbnalPfVem87ecxMpAolVylkP e2LOmujY+Om5FM1sfgYx+6LNiow8Hj8L/SapXw0= X-Google-Smtp-Source: AG47ELtmVUJDQ9WBNh3LgZldowert6Zdof7Q972jARbX8pM/1pN5gF2J0FgrqdPyX4+CiM5BL/hlWaH2esRvNWpLa8w= X-Received: by 10.202.214.1 with SMTP id n1mr17132187oig.279.1520513291221; Thu, 08 Mar 2018 04:48:11 -0800 (PST) In-Reply-To: Xref: news.gmane.org gmane.comp.lib.glibc.alpha:83243 Archived-At: Received: from server1.sourceware.org ([209.132.180.131] helo=sourceware.org) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1etuwT-0007bD-Gj for glibc-alpha@blaine.gmane.org; Thu, 08 Mar 2018 13:46:41 +0100 Received: (qmail 89980 invoked by alias); 8 Mar 2018 12:48:43 -0000 Received: (qmail 82536 invoked by uid 89); 8 Mar 2018 12:48:28 -0000 On Thu, Mar 8, 2018 at 4:24 AM, Tsimbalist, Igor V wrote: >> -----Original Message----- >> From: H.J. Lu [mailto:hjl.tools@gmail.com] >> Sent: Wednesday, March 7, 2018 11:07 PM >> To: Carlos O'Donell ; Tsimbalist, Igor V >> >> Cc: Florian Weimer ; GNU C Library > alpha@sourceware.org> >> Subject: Re: [PATCH 0/2] nptl: Update struct pthread_unwind_buf >> >> On Wed, Mar 7, 2018 at 12:14 PM, H.J. Lu wrote: >> > On Wed, Mar 7, 2018 at 11:47 AM, H.J. Lu wrote: >> >> On Wed, Mar 7, 2018 at 9:34 AM, Carlos O'Donell >> wrote: >> >>> On 03/07/2018 03:56 AM, H.J. Lu wrote: >> >>>>>> 1. I have to add __setjmp_cancel and __sigsetjmp_cancel which >> won't >> >>>>>> save and restore shadow stack register. >> >>>> >> >>>> I have been testing this. I ran into one issue. GCC knows that setjmp >> will >> >>>> return via longjmp and inserts ENDBR after it. But it doesn't know >> >>>> __setjmp_cancel and __sigsetjmp_cancel. We can either add them to >> GCC >> >>>> or add NOTRACK prefix to the corresponding longjmps. >> >>> >> >>> I would rather GCC did not know about these implementation details. >> >>> >> >>> I have no objection to the NOTRACK prefix in the corresponding >> longjmps. >> >>> >> >>> What would be a downside to this choice? >> >>> >> >> >> >> NOTRACK prefix is typically generated by compiler for switch table. >> Compiler >> >> knows each indirect jump target is valid and pointer load for indirect >> jump is >> >> generated by compiler in read-only section. This is pretty safe since there >> is >> >> very little chance for malicious codes to temper the pointer value. >> However, >> >> in case of longjmp, the indirect jump target is in jmpbuf. There is >> >> a possilibty >> >> for malicious codes to change the indirect jump target such that longjmp >> wil >> >> jump to the wrong place. Use NOTRACK prefix here defeats the purpose >> of >> >> indirect branch tracking in CET. >> >> >> > >> > Also GCC needs to know that __setjmp_cancel and __sigsetjmp_cancel may >> > return twice, similar to setjmp. >> > >> >> Here is the GCC patch: >> >> >> diff --git a/gcc/calls.c b/gcc/calls.c >> index 19c95b8455b..d1f436dfa91 100644 >> --- a/gcc/calls.c >> +++ b/gcc/calls.c >> @@ -604,7 +604,7 @@ special_function_p (const_tree fndecl, int flags) >> name_decl = DECL_NAME (cgraph_node::get (fndecl)->orig_decl); >> >> if (fndecl && name_decl >> - && IDENTIFIER_LENGTH (name_decl) <= 11 >> + && IDENTIFIER_LENGTH (name_decl) <= 18 >> /* Exclude functions not at the file scope, or not `extern', >> since they are not the magic functions we would otherwise >> think they are. >> @@ -637,8 +637,8 @@ special_function_p (const_tree fndecl, int flags) >> } >> >> /* ECF_RETURNS_TWICE is safe even for -ffreestanding. */ >> - if (! strcmp (tname, "setjmp") >> - || ! strcmp (tname, "sigsetjmp") >> + if (! strncmp (tname, "setjmp", 6) >> + || ! strncmp (tname, "sigsetjmp", 9) >> || ! strcmp (name, "savectx") >> || ! strcmp (name, "vfork") >> || ! strcmp (name, "getcontext")) > > Should it be compared with the whole function name (__setjmp_cancel and > __sigsetjmp_cancel) as something like setjmp_my_func will be also detected? True. This is the patch I have tested: https://github.com/hjl-tools/gcc/commit/e98087865405f051e93d5f35588789ef9686db4a > Also there was an error in detection of __getcontext, which is 12 bytes, but it > will be fixed by this patch. -- H.J.