On Sat, Feb 1, 2020 at 6:09 AM H.J. Lu wrote: > > On Wed, Jan 8, 2020 at 8:15 AM H.J. Lu wrote: > > > > 1. getcontext and swapcontext are updated to save the caller's shadow > > stack pointer and return address. > > 2. setcontext and swapcontext are updated to restore shadow stack and > > jump to new context directly. > > 3. makecontext is updated to allocate a new shadow stack and set the > > caller's return address to the helper code, L(exitcode). > > > > Since makecontext allocates a new shadow stack when making a new > > context and kernel allocates a new shadow stack for clone/fork/vfork > > syscalls, we track the current shadow stack base. In setcontext and > > swapcontext, if the target shadow stack base is the same as the current > > shadow stack base, we unwind the shadow stack. Otherwise it is a stack > > switch and we look for a restore token. > > > > We enable shadow stack at run-time only if program and all used shared > > objects, including dlopened ones, are shadow stack enabled, which means > > that they must be compiled with GCC 8 or above and glibc 2.28 or above. > > We need to save and restore shadow stack only if shadow stack is enabled. > > When caller of getcontext, setcontext, swapcontext and makecontext is > > compiled with smaller ucontext_t, shadow stack won't be enabled at > > run-time. We check if shadow stack is enabled before accessing the > > extended field in ucontext_t. > > > > This is the updated patch. The only change is to use > > +oSCRATCH1 mreg (EAX) > +oSCRATCH2 mreg (ECX) > +oSCRATCH3 mreg (EDX) > > to replace oEAX, oECX and -oEDX. > > OK for master? > A small update. The difference between old and new are: --- sysdeps/unix/sysv/linux/i386/setcontext.S 2020-01-22 05:28:24.027273572 -0800 +++ sysdeps/unix/sysv/linux/i386/setcontext.S 2020-02-13 08:48:09.731359073 -0800 @@ -82,11 +82,11 @@ ENTRY(__setcontext) cmpl %gs:SSP_BASE_OFFSET, %ecx je L(unwind_shadow_stack) -L(find_restore_token_loop): /* Align the saved original shadow stack pointer to the next 8 byte aligned boundary. */ andl $-8, %esi +L(find_restore_token_loop): /* Look for a restore token. */ movl -8(%esi), %ebx andl $-8, %ebx --- sysdeps/unix/sysv/linux/i386/swapcontext.S 2020-01-22 05:28:24.028273573 -0800 +++ sysdeps/unix/sysv/linux/i386/swapcontext.S 2020-02-13 08:48:09.731359073 -0800 @@ -135,11 +135,11 @@ L(shadow_stack_bound_recorded): cmpl %gs:SSP_BASE_OFFSET, %ecx je L(unwind_shadow_stack) -L(find_restore_token_loop): /* Align the saved original shadow stack pointer to the next 8 byte aligned boundary. */ andl $-8, %esi +L(find_restore_token_loop): /* Look for a restore token. */ movl -8(%esi), %ebx andl $-8, %ebx We don't need to re-align shadow stack since shadow stack will always be decremented by 8 bytes after initial alignment to 8 bytes. Thanks. -- H.J.