From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2178) id 97B003870912; Fri, 31 May 2024 20:49:50 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 97B003870912 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1717188590; bh=wfF7PfYfJXLZvUYiPx1A/hyiHmXgG3qVwaFlZqtDYbQ=; h=From:To:Subject:Date:From; b=xgn9ZZdZVUBXSSfUfA/Ofr8ooTPvFKHXidkm6AoKv5rUUBNfrcJOambBINSNoQ3Te MJhI59uEL+Ef5MJCOcd3tLT1AB5Sbj13QmpfqEI3TgNV0xUOJndeVfPMLF1sHALH8u zdynTFgMSBpLKF2TXkrMvjv0aZeOqcEz0qmyky3k= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Florian Weimer To: glibc-cvs@sourceware.org Subject: [glibc/fw/x86-shstk-backtrace] x86_64: Use shadow stack for backtrace implementation X-Act-Checkin: glibc X-Git-Author: Florian Weimer X-Git-Refname: refs/heads/fw/x86-shstk-backtrace X-Git-Oldrev: 90ee0d87302810f1670a1fbcf9455b883309b1de X-Git-Newrev: c5f7f4fc8bb857cbe07972ff1e29970b101e9995 Message-Id: <20240531204950.97B003870912@sourceware.org> Date: Fri, 31 May 2024 20:49:50 +0000 (GMT) List-Id: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c5f7f4fc8bb857cbe07972ff1e29970b101e9995 commit c5f7f4fc8bb857cbe07972ff1e29970b101e9995 Author: Florian Weimer Date: Fri May 31 12:26:43 2024 +0200 x86_64: Use shadow stack for backtrace implementation Test failures: FAIL: debug/tst-backtrace4 FAIL: misc/tst-sigcontext-get_pc The return address of signal handlers is not on the shadow stack. Diff: --- debug/backtrace.c | 13 +++++- sysdeps/generic/arch_backtrace.h | 25 ++++++++++ sysdeps/unix/sysv/linux/tst-sigcontext-get_pc.c | 4 +- sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c | 1 + sysdeps/x86/cpu-features.c | 2 +- sysdeps/x86_64/arch_backtrace.h | 62 +++++++++++++++++++++++++ sysdeps/x86_64/dl-cet.c | 4 +- 7 files changed, 106 insertions(+), 5 deletions(-) diff --git a/debug/backtrace.c b/debug/backtrace.c index 969d699bd1..2ed0112cb8 100644 --- a/debug/backtrace.c +++ b/debug/backtrace.c @@ -20,6 +20,7 @@ #include #include #include +#include struct trace_arg { @@ -63,6 +64,16 @@ backtrace_helper (struct _Unwind_Context *ctx, void *a) int __backtrace (void **array, int size) { + if (size <= 0) + return 0; + + /* Try the architecture-specific implementation first. */ + { + int result = __arch_backtrace (array, size); + if (result >= 0) + return result; + } + struct trace_arg arg = { .array = array, @@ -72,7 +83,7 @@ __backtrace (void **array, int size) .cnt = -1 }; - if (size <= 0 || arg.unwind_link == NULL) + if (arg.unwind_link == NULL) return 0; UNWIND_LINK_PTR (arg.unwind_link, _Unwind_Backtrace) diff --git a/sysdeps/generic/arch_backtrace.h b/sysdeps/generic/arch_backtrace.h new file mode 100644 index 0000000000..ebdffd7cb7 --- /dev/null +++ b/sysdeps/generic/arch_backtrace.h @@ -0,0 +1,25 @@ +/* Architecture-specific backtrace implementation. Generic version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* The generic implementation always uses falls back to the libgcc + unwinder. */ +static inline __always_inline int +__arch_backtrace (void **array, int size) +{ + return -1; +} diff --git a/sysdeps/unix/sysv/linux/tst-sigcontext-get_pc.c b/sysdeps/unix/sysv/linux/tst-sigcontext-get_pc.c index ea375f97d9..df1c9c43df 100644 --- a/sysdeps/unix/sysv/linux/tst-sigcontext-get_pc.c +++ b/sysdeps/unix/sysv/linux/tst-sigcontext-get_pc.c @@ -38,8 +38,10 @@ handler (int signal, siginfo_t *info, void *ctx) uintptr_t pc = sigcontext_get_pc (ctx); printf ("info: address in signal handler: 0x%" PRIxPTR "\n", pc); + printf ("info: siginfo_t address: %p\n", info); + printf ("info: ucontext_t address: %p\n", ctx); - void *callstack[10]; + void *callstack[20]; int callstack_count = backtrace (callstack, array_length (callstack)); TEST_VERIFY_EXIT (callstack_count > 0); TEST_VERIFY_EXIT (callstack_count <= array_length (callstack)); diff --git a/sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c b/sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c index b39812f81d..bb41cf1047 100644 --- a/sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c +++ b/sysdeps/unix/sysv/linux/x86_64/libc_sigaction.c @@ -76,6 +76,7 @@ asm \ ".align 16\n" \ ".LSTART_" #name ":\n" \ " .type __" #name ",@function\n" \ + " .globl __" #name "\n" \ "__" #name ":\n" \ " movq $" #syscall ", %rax\n" \ " syscall\n" \ diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c index 3d7c2819d7..459844dd20 100644 --- a/sysdeps/x86/cpu-features.c +++ b/sysdeps/x86/cpu-features.c @@ -147,7 +147,7 @@ update_active (struct cpu_features *cpu_features) if (!CPU_FEATURES_CPU_P (cpu_features, RTM_ALWAYS_ABORT)) CPU_FEATURE_SET_ACTIVE (cpu_features, RTM); -#if CET_ENABLED && 0 +#if CET_ENABLED CPU_FEATURE_SET_ACTIVE (cpu_features, IBT); CPU_FEATURE_SET_ACTIVE (cpu_features, SHSTK); #endif diff --git a/sysdeps/x86_64/arch_backtrace.h b/sysdeps/x86_64/arch_backtrace.h new file mode 100644 index 0000000000..64f173f734 --- /dev/null +++ b/sysdeps/x86_64/arch_backtrace.h @@ -0,0 +1,62 @@ +/* Architecture-specific backtrace implementation. x86-64 version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include + +/* From libc_sigaction.c. */ +extern void restore_rt (void) asm ("__restore_rt") attribute_hidden; + +/* Copy addresses from the shadow stack if available. */ +static inline __always_inline int +__arch_backtrace (void **array, int size) +{ +#if CET_ENABLED + void **ssp; + asm ("rdsspq %0" + : "=r" (ssp) + : "0" (0)); + if (ssp == NULL) + return -1; + + void **ssp_base = (void **) THREAD_GETMEM (THREAD_SELF, header.ssp_base); + if (ssp_base < ssp) + /* Covers the NULL case. */ + return 0; + + long int limit = ssp_base - ssp; + if (limit > size) + limit = size; + +#if 1 + __builtin_memcpy (array, ssp, limit * sizeof (*array)); + return limit; +#else + /* We cannot use memcpy because we need to filter out signal + frames. */ + int count = 0; + for (unsigned int i = 0; i < limit; ++i) + if (ssp[i] != restore_rt) + array[count++] = ssp[i]; + return count; +#endif + +#else /* !CET_ENABLED */ + return -1; +#endif +} diff --git a/sysdeps/x86_64/dl-cet.c b/sysdeps/x86_64/dl-cet.c index d21854924d..25fa6e30b6 100644 --- a/sysdeps/x86_64/dl-cet.c +++ b/sysdeps/x86_64/dl-cet.c @@ -338,8 +338,8 @@ _dl_cet_setup_features (unsigned int cet_feature) : "=r" (ssp) : "0" (0)); if (ssp != NULL) - /* The caller is the top-most frame, hence the + 8. */ - THREAD_SETMEM (THREAD_SELF, header.ssp_base, ssp + 8); + /* The caller is the top-most frame, hence the + 1. */ + THREAD_SETMEM (THREAD_SELF, header.ssp_base, ssp + 1); cet_feature = dl_cet_get_cet_status (); if (cet_feature != 0)