From: "H.J. Lu" <hjl.tools@gmail.com>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: "Carlos O'Donell" <carlos@redhat.com>,
GNU C Library <libc-alpha@sourceware.org>
Subject: Re: V2: [PATCH 02/24] x86: Support shadow stack pointer in setjmp/longjmp
Date: Sat, 14 Jul 2018 23:16:00 -0000 [thread overview]
Message-ID: <CAMe9rOpCHBK1bDmC6mVEB7rGhfEdp6Ka=juBNN3pzZsKnNSocg@mail.gmail.com> (raw)
In-Reply-To: <87wotxifg7.fsf@mid.deneb.enyo.de>
On Sat, Jul 14, 2018 at 4:07 PM, Florian Weimer <fw@deneb.enyo.de> wrote:
> * H. J. Lu:
>
>> On Sat, Jul 14, 2018 at 12:57 PM, Florian Weimer <fw@deneb.enyo.de> wrote:
>>> * H. J. Lu:
>>>
>>>> + /* Get the current ssp. */
>>>> + rdsspd %edx
>>>
>>> This moves the required binutils version past current Debian's 2.28.
>>>
>>> I know we recently increased the minimum make version recently, but
>>> binutils 2.28 is still quite new, I think.
>>>
>>> Could we list the bytes for the instruction explicitly instead?
>>
>> The next patch:
>>
>> https://sourceware.org/ml/libc-alpha/2018-07/msg00266.html
>>
>> has sysdeps/x86/configure.ac:
>
> We currently have this (as of commit
> faaee1f07ed25b2779bfd935ffb29f431b80d6d3):
>
> ==> sysdeps/unix/sysv/linux/x86/jmp_buf-ssp.sym <==
> #include <setjmpP.h>
> #undef __saved_mask
>
> --
> SHADOW_STACK_POINTER_OFFSET offsetof(struct __jmp_buf_tag, __saved_mask.__saved.__shadow_stack_pointer)
>
> ==> sysdeps/x86/jmp_buf-ssp.sym <==
> -- FIXME: Define SHADOW_STACK_POINTER_OFFSET to support shadow stack.
>
> So SHADOW_STACK_POINTER_OFFSET is defined unconditionally. I don't
> see how the quoted patch changes that.
>
> Making sure that rdssp is only assembled with --enable-cet looks like
> the right solution, but you need something like #if ENABLE_CET, and
> not depend on SHADOW_STACK_POINTER_OFFSET being defined.
Take sysdeps/x86_64/setjmp.S as example:
/* Don't save shadow stack register if shadow stack isn't enabled. */
#if !SHSTK_ENABLED
# undef SHADOW_STACK_POINTER_OFFSET
#endif
.....
Shadow stack pointer is saved/restored only if --enable-cet is used to
configure glibc. If you compile glibc with -fcf-protection, but without
configuring glibc with --enable-cet, result is undefined.
--
H.J.
next prev parent reply other threads:[~2018-07-14 23:16 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-13 15:32 [PATCH-V2: 00/24] CET: Prepare for CET enabling H.J. Lu
2018-06-13 15:32 ` [PATCH 07/24] i386: Add _CET_ENDBR to indirect jump targets in add_n.S/sub_n.S H.J. Lu
2018-07-06 14:50 ` Carlos O'Donell
2018-06-13 15:32 ` [PATCH 18/24] i386: Use _CET_NOTRACK in memcpy-ssse3-rep.S H.J. Lu
2018-06-13 15:32 ` [PATCH 12/24] x86-64: Use _CET_NOTRACK in memcpy-ssse3-back.S H.J. Lu
2018-06-13 15:32 ` [PATCH 05/24] x86: Add _CET_ENDBR to functions in dl-tlsdesc.S H.J. Lu
2018-07-06 14:50 ` Carlos O'Donell
2018-06-13 15:32 ` [PATCH 15/24] i386: Use _CET_NOTRACK in i686/memcmp.S H.J. Lu
2018-06-13 15:32 ` [PATCH 16/24] i386: Use _CET_NOTRACK in memset-sse2.S H.J. Lu
2018-06-13 15:32 ` [PATCH 01/24] x86: Rename __glibc_reserved1 to feature_1 in tcbhead_t [BZ #22563] H.J. Lu
2018-07-13 13:19 ` V2: " H.J. Lu
2018-07-13 18:51 ` Carlos O'Donell
2018-07-13 18:55 ` Jeff Law
2018-07-13 19:05 ` Carlos O'Donell
2018-07-13 19:11 ` Jeff Law
2018-07-13 19:22 ` Florian Weimer
2018-07-13 20:21 ` Carlos O'Donell
2018-06-13 15:32 ` [PATCH 10/24] x86-64: Use _CET_NOTRACK in strcpy-sse2-unaligned.S H.J. Lu
2018-06-13 15:32 ` [PATCH 21/24] i386: Use _CET_NOTRACK in strcat-sse2.S H.J. Lu
2018-06-13 15:32 ` [PATCH 02/24] x86: Support shadow stack pointer in setjmp/longjmp H.J. Lu
2018-07-12 18:13 ` Carlos O'Donell
2018-07-13 13:23 ` V2: " H.J. Lu
2018-07-13 18:49 ` Carlos O'Donell
2018-07-14 19:57 ` Florian Weimer
2018-07-14 21:03 ` H.J. Lu
2018-07-14 23:07 ` Florian Weimer
2018-07-14 23:16 ` H.J. Lu [this message]
2018-07-14 23:16 ` H.J. Lu
2018-07-15 8:07 ` Florian Weimer
2018-07-15 13:54 ` H.J. Lu
2018-07-15 20:20 ` Florian Weimer
2018-07-15 22:01 ` H.J. Lu
2018-06-13 15:32 ` [PATCH 04/24] x86: Add _CET_ENDBR to functions in crti.S H.J. Lu
2018-07-06 14:50 ` Carlos O'Donell
2018-07-06 17:01 ` H.J. Lu
2018-07-06 18:48 ` Carlos O'Donell
2018-06-13 15:32 ` [PATCH 17/24] i386: Use _CET_NOTRACK in memcmp-sse4.S H.J. Lu
2018-06-13 15:32 ` [PATCH 13/24] x86-64: " H.J. Lu
2018-06-13 15:32 ` [PATCH 23/24] x86-64: Add endbr64 to tst-quadmod[12].S H.J. Lu
2018-06-13 15:32 ` [PATCH 06/24] x86-64: Add _CET_ENDBR to STRCMP_SSE42 H.J. Lu
2018-07-06 14:50 ` Carlos O'Donell
2018-06-13 15:32 ` [PATCH 20/24] i386: Use _CET_NOTRACK in strcpy-sse2.S H.J. Lu
2018-06-13 15:32 ` [PATCH 11/24] x86-64: Use _CET_NOTRACK in strcmp-sse42.S H.J. Lu
2018-06-13 15:32 ` [PATCH 03/24] x86: Support IBT and SHSTK in Intel CET [BZ #21598] H.J. Lu
2018-07-06 19:47 ` Carlos O'Donell
2018-07-07 20:02 ` V2 " H.J. Lu
2018-06-13 15:32 ` [PATCH 08/24] x86: Update vfork to pop shadow stack H.J. Lu
2018-06-13 15:32 ` [PATCH 19/24] i386: Use _CET_NOTRACK in memcpy-ssse3.S H.J. Lu
2018-06-13 15:32 ` [PATCH 09/24] x86_64: Use _CET_NOTRACK in strcmp.S H.J. Lu
2018-07-18 3:17 ` H.J. Lu
2018-06-13 15:32 ` [PATCH 24/24] Intel CET: Document --enable-cet H.J. Lu
2018-06-13 15:32 ` [PATCH 14/24] x86-64: Use _CET_NOTRACK in memcpy-ssse3.S H.J. Lu
2018-06-13 15:32 ` [PATCH 22/24] i386: Use _CET_NOTRACK in memset-sse2-rep.S H.J. Lu
2018-07-02 14:54 ` [PATCH-V2: 00/24] CET: Prepare for CET enabling H.J. Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMe9rOpCHBK1bDmC6mVEB7rGhfEdp6Ka=juBNN3pzZsKnNSocg@mail.gmail.com' \
--to=hjl.tools@gmail.com \
--cc=carlos@redhat.com \
--cc=fw@deneb.enyo.de \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).