From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 77051 invoked by alias); 14 Jul 2018 23:16:56 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Received: (qmail 77037 invoked by uid 89); 14 Jul 2018 23:16:56 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-2.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy= X-HELO: mail-oi0-f66.google.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0qQDbzkTL+cEe7/qvZBHYQMG9stQfpVh4ya4U9heBvg=; b=A0Ygpf7Uu1r4wznLQL63RNf46W7HZj/6a2KHCsHCCvQA34bErgwDGTD6B0i1tnmp9P Jsrfc1B245veHCKMQ3Z9iV6+iiaHEYDNns5uQOC2skbDV/L6/TLdE3qYqIOt0vf/YHWp q77WlIu0+ofqZtUZMUwA0xHB1eZASttOVDa8JBpDXwUFTe9rRDO4ID9oU8E4rUSfsQvl w6HiEMYL7eZnej3oPRqkbiOSAw0B611brq/bT9NkI9G98MnkWDuPN7DT08S5zJoQZn+R 7wtA7NI5BdmBhaQYGeSGfgvazhbmrNTVJlHWwNur5aGBEQs0H5NMrL1DBNfWFtYMR9rd r2Xw== MIME-Version: 1.0 In-Reply-To: References: <20180613153207.57232-1-hjl.tools@gmail.com> <20180613153207.57232-3-hjl.tools@gmail.com> <20180713132252.GC2606@gmail.com> <87fu0lk2tf.fsf@mid.deneb.enyo.de> <87wotxifg7.fsf@mid.deneb.enyo.de> From: "H.J. Lu" Date: Sat, 14 Jul 2018 23:16:00 -0000 Message-ID: Subject: Re: V2: [PATCH 02/24] x86: Support shadow stack pointer in setjmp/longjmp To: Florian Weimer Cc: "Carlos O'Donell" , GNU C Library Content-Type: text/plain; charset="UTF-8" X-SW-Source: 2018-07/txt/msg00413.txt.bz2 On Sat, Jul 14, 2018 at 4:15 PM, H.J. Lu wrote: > On Sat, Jul 14, 2018 at 4:07 PM, Florian Weimer wrote: >> * H. J. Lu: >> >>> On Sat, Jul 14, 2018 at 12:57 PM, Florian Weimer wrote: >>>> * H. J. Lu: >>>> >>>>> + /* Get the current ssp. */ >>>>> + rdsspd %edx >>>> >>>> This moves the required binutils version past current Debian's 2.28. >>>> >>>> I know we recently increased the minimum make version recently, but >>>> binutils 2.28 is still quite new, I think. >>>> >>>> Could we list the bytes for the instruction explicitly instead? >>> >>> The next patch: >>> >>> https://sourceware.org/ml/libc-alpha/2018-07/msg00266.html >>> >>> has sysdeps/x86/configure.ac: >> >> We currently have this (as of commit >> faaee1f07ed25b2779bfd935ffb29f431b80d6d3): >> >> ==> sysdeps/unix/sysv/linux/x86/jmp_buf-ssp.sym <== >> #include >> #undef __saved_mask >> >> -- >> SHADOW_STACK_POINTER_OFFSET offsetof(struct __jmp_buf_tag, __saved_mask.__saved.__shadow_stack_pointer) >> >> ==> sysdeps/x86/jmp_buf-ssp.sym <== >> -- FIXME: Define SHADOW_STACK_POINTER_OFFSET to support shadow stack. >> >> So SHADOW_STACK_POINTER_OFFSET is defined unconditionally. I don't >> see how the quoted patch changes that. >> >> Making sure that rdssp is only assembled with --enable-cet looks like >> the right solution, but you need something like #if ENABLE_CET, and >> not depend on SHADOW_STACK_POINTER_OFFSET being defined. > > Take sysdeps/x86_64/setjmp.S as example: > > /* Don't save shadow stack register if shadow stack isn't enabled. */ > #if !SHSTK_ENABLED > # undef SHADOW_STACK_POINTER_OFFSET > #endif > ..... > > Shadow stack pointer is saved/restored only if --enable-cet is used to > configure glibc. If you compile glibc with -fcf-protection, but without > configuring glibc with --enable-cet, result is undefined. > BTW, it passed build-many-glibcs.py. -- H.J.