V3 [PATCH] i386: Enable CET support in ucontext functions

["H.J. Lu" <hjl.tools@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 1548 bytes --]

On Wed, Jan 8, 2020 at 8:15 AM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> 1. getcontext and swapcontext are updated to save the caller's shadow
> stack pointer and return address.
> 2. setcontext and swapcontext are updated to restore shadow stack and
> jump to new context directly.
> 3. makecontext is updated to allocate a new shadow stack and set the
> caller's return address to the helper code, L(exitcode).
>
> Since makecontext allocates a new shadow stack when making a new
> context and kernel allocates a new shadow stack for clone/fork/vfork
> syscalls, we track the current shadow stack base.  In setcontext and
> swapcontext, if the target shadow stack base is the same as the current
> shadow stack base, we unwind the shadow stack.  Otherwise it is a stack
> switch and we look for a restore token.
>
> We enable shadow stack at run-time only if program and all used shared
> objects, including dlopened ones, are shadow stack enabled, which means
> that they must be compiled with GCC 8 or above and glibc 2.28 or above.
> We need to save and restore shadow stack only if shadow stack is enabled.
> When caller of getcontext, setcontext, swapcontext and makecontext is
> compiled with smaller ucontext_t, shadow stack won't be enabled at
> run-time.  We check if shadow stack is enabled before accessing the
> extended field in ucontext_t.
>

This is the updated patch.  The only change is to use

+oSCRATCH1 mreg (EAX)
+oSCRATCH2 mreg (ECX)
+oSCRATCH3 mreg (EDX)

to replace oEAX, oECX and -oEDX.

OK for master?

Thanks.

-- 
H.J.

[-- Attachment #2: 0001-i386-Enable-CET-support-in-ucontext-functions.patch --]
[-- Type: application/x-patch, Size: 16299 bytes --]