From: "H.J. Lu" <hjl.tools@gmail.com>
To: GNU C Library <libc-alpha@sourceware.org>
Subject: V3 [PATCH] i386: Enable CET support in ucontext functions
Date: Sat, 1 Feb 2020 06:09:36 -0800 [thread overview]
Message-ID: <CAMe9rOqNnuUjgYA96ZLO1TyrZ=onRM_sdDYVJh-NwuyWFpP5kg@mail.gmail.com> (raw)
In-Reply-To: <20200108161535.6141-6-hjl.tools@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1548 bytes --]
On Wed, Jan 8, 2020 at 8:15 AM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> 1. getcontext and swapcontext are updated to save the caller's shadow
> stack pointer and return address.
> 2. setcontext and swapcontext are updated to restore shadow stack and
> jump to new context directly.
> 3. makecontext is updated to allocate a new shadow stack and set the
> caller's return address to the helper code, L(exitcode).
>
> Since makecontext allocates a new shadow stack when making a new
> context and kernel allocates a new shadow stack for clone/fork/vfork
> syscalls, we track the current shadow stack base. In setcontext and
> swapcontext, if the target shadow stack base is the same as the current
> shadow stack base, we unwind the shadow stack. Otherwise it is a stack
> switch and we look for a restore token.
>
> We enable shadow stack at run-time only if program and all used shared
> objects, including dlopened ones, are shadow stack enabled, which means
> that they must be compiled with GCC 8 or above and glibc 2.28 or above.
> We need to save and restore shadow stack only if shadow stack is enabled.
> When caller of getcontext, setcontext, swapcontext and makecontext is
> compiled with smaller ucontext_t, shadow stack won't be enabled at
> run-time. We check if shadow stack is enabled before accessing the
> extended field in ucontext_t.
>
This is the updated patch. The only change is to use
+oSCRATCH1 mreg (EAX)
+oSCRATCH2 mreg (ECX)
+oSCRATCH3 mreg (EDX)
to replace oEAX, oECX and -oEDX.
OK for master?
Thanks.
--
H.J.
[-- Attachment #2: 0001-i386-Enable-CET-support-in-ucontext-functions.patch --]
[-- Type: application/x-patch, Size: 16299 bytes --]
next prev parent reply other threads:[~2020-02-01 14:10 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-08 16:15 V2 [PATCH 0/5] i386: Finish CET support H.J. Lu
2020-01-08 16:15 ` V2 [PATCH 1/5] i386: Don't unnecessarily save and restore EAX, ECX and EDX [BZ# 25262] H.J. Lu
2020-01-09 21:13 ` Adhemerval Zanella
2020-01-08 16:15 ` V2 [PATCH 2/5] i386/sub_n.S: Add a missing _CET_ENDBR to indirect jump target H.J. Lu
2020-01-09 21:13 ` Adhemerval Zanella
2020-01-08 16:15 ` V2 [PATCH 3/5] i386: Add _CET_ENDBR to assembly files without ENTRY H.J. Lu
2020-01-09 21:13 ` Adhemerval Zanella
2020-01-08 16:15 ` V2 [PATCH 4/5] i386: Remove _exit.S H.J. Lu
2020-01-09 21:14 ` Adhemerval Zanella
2020-01-08 16:15 ` V2 [PATCH 5/5] i386: Enable CET support in ucontext functions H.J. Lu
2020-02-01 14:09 ` H.J. Lu [this message]
2020-02-13 17:04 ` V4 [PATCH] " H.J. Lu
2020-02-14 22:10 ` V3 " Carlos O'Donell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/libc/involved.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMe9rOqNnuUjgYA96ZLO1TyrZ=onRM_sdDYVJh-NwuyWFpP5kg@mail.gmail.com' \
--to=hjl.tools@gmail.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).