From: "H.J. Lu" <hjl.tools@gmail.com>
To: "Carlos O'Donell" <carlos@redhat.com>
Cc: Florian Weimer <fw@deneb.enyo.de>,
GNU C Library <libc-alpha@sourceware.org>
Subject: Re: [PATCH 0/2] nptl: Update struct pthread_unwind_buf
Date: Sat, 24 Feb 2018 15:46:00 -0000 [thread overview]
Message-ID: <CAMe9rOoRWr+bmgdyhiHb9z1jRMgBBovoMd0JeLS0HYpm_RFocQ@mail.gmail.com> (raw)
In-Reply-To: <90d3ee18-c292-117f-a0c1-7822e340ca02@redhat.com>
On Fri, Feb 23, 2018 at 9:46 PM, Carlos O'Donell <carlos@redhat.com> wrote:
> On 02/09/2018 04:34 AM, H.J. Lu wrote:
>> On Fri, Feb 9, 2018 at 4:11 AM, Florian Weimer <fw@deneb.enyo.de> wrote:
>>> * H. J. Lu:
>>>
>>>>> My proposal is still rather hackish, but so is the existing code (the
>>>>
>>>> A pointer to a buffer in user program is passed to libpthread.
>>>> There is a jmp buf in the buffer followed by other fields. Since
>>>> the size of jmp buf is increased in glibc 2.28, we need to know the
>>>> offset of other fields. Otherwise libpthread may write beyond the
>>>> buffer in user program. I don't see how symbol versioning can help
>>>> us here since the INTERNAL libpthread functions don't know the
>>>> layout of __pthread_unwind_buf_t of USER programs.
>>>
>>> I suggest *not* to increase the size of the jump buffer.
>>
>> Where do we save shadow stack pointer?
>
> typedef struct
> {
> struct
> {
> __jmp_buf __cancel_jmp_buf;
> int __mask_was_saved;
> } __cancel_jmp_buf[1];
>
>
> void *__pad[4];
> ^^^^^^^^^^^^^^^ Save the shadow stack pointer here.
>
>
> } __pthread_unwind_buf_t __attribute__ ((__aligned__));
>
> Save the shadow stack pointer to __pad[4] by making the
> internal sigset_t smaller and moving it down.
>
> The key aspect of Florian's recommendation is a realization
> that a pthread_cleanup_pop can only restore you to the *same*
> function e.g. the earlier pthread_cleanup_push, and therefore
> does not need to change the shadow stack pointer.
PLEASE take a closer look:
Yes, there are
void *__pad[4];
But the name is misleading. It isn't real padding. This is
an opaque array:
/* Private data in the cleanup buffer. */
union pthread_unwind_buf_data
{
/* This is the placeholder of the public version. */
void *pad[4];
struct
{
/* Pointer to the previous cleanup buffer. */
struct pthread_unwind_buf *prev;
/* Backward compatibility: state of the old-style cleanup
handler at the time of the previous new-style cleanup handler
installment. */
struct _pthread_cleanup_buffer *cleanup;
/* Cancellation type before the push call. */
int canceltype;
} data;
};
Only the last element in __pad[4] is unused. There is
---
Note: There is an unused pointer space in pthread_unwind_buf_data. But
it isn't suitable for saving and restoring shadow stack register since
x32 is a 64-bit process with 32-bit software pointer and kernel may
place x32 shadow stack above 4GB. We need to save and restore 64-bit
shadow stack register for x32.
---
in my commit log to explain why it isn't suitable for shadow stack.
--
H.J.
next prev parent reply other threads:[~2018-02-24 15:19 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-01 20:58 H.J. Lu
2018-02-01 20:58 ` [PATCH 1/2] Revert "Revert Intel CET changes to __jmp_buf_tag (Bug 22743)" H.J. Lu
2018-02-01 20:58 ` [PATCH 2/2] nptl: Update struct pthread_unwind_buf [BZ #22743] H.J. Lu
2018-02-08 11:40 ` [PATCH 0/2] nptl: Update struct pthread_unwind_buf Carlos O'Donell
2018-02-08 13:27 ` Florian Weimer
2018-02-09 10:08 ` Carlos O'Donell
2018-02-09 11:13 ` Florian Weimer
2018-02-09 12:34 ` H.J. Lu
2018-02-09 12:42 ` Florian Weimer
2018-02-09 13:07 ` H.J. Lu
2018-02-09 14:33 ` H.J. Lu
2018-02-09 14:56 ` Florian Weimer
2018-02-09 16:39 ` H.J. Lu
2018-02-24 5:54 ` Carlos O'Donell
2018-02-24 15:46 ` H.J. Lu [this message]
2018-02-25 9:26 ` Florian Weimer
2018-02-25 11:37 ` H.J. Lu
2018-02-25 12:21 ` Florian Weimer
2018-02-25 12:53 ` H.J. Lu
2018-02-25 12:55 ` Florian Weimer
2018-02-25 12:58 ` H.J. Lu
2018-02-25 13:23 ` H.J. Lu
2018-02-25 13:31 ` Florian Weimer
2018-02-25 13:36 ` H.J. Lu
2018-02-25 13:49 ` Florian Weimer
2018-02-25 13:49 ` H.J. Lu
2018-02-25 14:00 ` H.J. Lu
2018-02-25 14:13 ` Florian Weimer
2018-02-25 15:15 ` H.J. Lu
2018-02-26 1:06 ` Florian Weimer
2018-02-26 12:28 ` H.J. Lu
[not found] ` <3764b0a1-9f26-6f5f-1bc5-d374f2672f3a@redhat.com>
2018-03-07 11:56 ` H.J. Lu
2018-03-07 17:34 ` Carlos O'Donell
2018-03-07 19:47 ` H.J. Lu
2018-03-07 20:14 ` H.J. Lu
2018-03-07 22:07 ` H.J. Lu
2018-03-08 12:24 ` Tsimbalist, Igor V
2018-03-08 12:48 ` H.J. Lu
2018-03-09 0:47 ` Carlos O'Donell
2018-03-09 5:24 ` H.J. Lu
2018-03-15 4:21 ` Carlos O'Donell
2018-02-24 15:20 ` Carlos O'Donell
2018-02-08 17:47 ` H.J. Lu
2018-02-09 10:49 ` Carlos O'Donell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAMe9rOoRWr+bmgdyhiHb9z1jRMgBBovoMd0JeLS0HYpm_RFocQ@mail.gmail.com \
--to=hjl.tools@gmail.com \
--cc=carlos@redhat.com \
--cc=fw@deneb.enyo.de \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).