mirror of
git://sourceware.org/git/glibc.git
synced 2025-02-17 13:00:43 +08:00
f33632ccd1
To support Shadow Stack (SHSTK) in Intel Control-flow Enforcement
Technology (CET) in setjmp/longjmp, we need to save shadow stack
pointer in jmp_buf. The __saved_mask field in jmp_buf has type
of __sigset_t. On Linux, __sigset_t is defined as
#define _SIGSET_NWORDS (1024 / (8 * sizeof (unsigned long int)))
typedef struct
{
unsigned long int __val[_SIGSET_NWORDS];
} __sigset_t;
which is much bigger than expected by the __sigprocmask system call,
which has
typedef struct {
unsigned long sig[_NSIG_WORDS];
} sigset_t;
For Linux/x86, we can shrink __sigset_t used by __saved_mask in jmp_buf
to add paddings for shadow stack pointer. As long as the new __sigset_t
is not smaller than sigset_t expected by the __sigprocmask system call,
it should work correctly.
This patch adds an internal header file, <setjmpP.h>, to define
__jmp_buf_sigset_t for __saved_mask in jmp_buf for Linux/x86 with a
space to store shadow stack pointer. It verifies __jmp_buf_sigset_t has
the suitable size for the __sigprocmask system call. A run-time test,
tst-saved_mask-1.c, is added to verify that size of __jmp_buf_sigset_t
is sufficient. If its size is too small, the test fails with
rt_sigprocmask(SIG_SETMASK, strace: umoven: short read (4 < 8) @0x7fa8aa28effc
0x7fa8aa28effc, NULL, 8) = -1 EFAULT (Bad address)
rt_sigprocmask(SIG_SETMASK, strace: umoven: short read (4 < 8) @0x7fa8aa28effc
0x7fa8aa28effc, NULL, 8) = -1 EFAULT (Bad address)
rt_sigprocmask(SIG_SETMASK, NULL, 0x7fa8aa28effc, 8) = -1 EFAULT (Bad address)
exit_group(1) = ?
Tested with build-many-glibcs.py.
* debug/longjmp_chk.c: Include <setjmpP.h> instead of
<setjmp.h>.
* setjmp/longjmp.c: Include <setjmpP.h> instead of <setjmp.h>.
(__libc_siglongjmp): Cast &env[0].__saved_mask to "sigset_t *".
* setjmp/sigjmp.c: Include <setjmpP.h> instead of <setjmp.h>.
(__sigjmp_save): Cast &env[0].__saved_mask to "sigset_t *".
* sysdeps/generic/setjmpP.h: New file.
* sysdeps/unix/sysv/linux/x86/jmp_buf-ssp.sym: Likewise.
* sysdeps/unix/sysv/linux/x86/setjmpP.h: Likewise.
* sysdeps/unix/sysv/linux/x86/tst-saved_mask-1.c: Likewise.
* sysdeps/unix/sysv/linux/x86/Makefile (gen-as-const-headers):
Add jmp_buf-ssp.sym.
(tests): Add tst-saved_mask-1.
|
||
|---|---|---|
| .. | ||
| net | ||
| netinet | ||
| nfs | ||
| sys | ||
| _G_config.h | ||
| _itoa.h | ||
| a.out.h | ||
| abort-instr.h | ||
| aio_misc.h | ||
| allocalim.h | ||
| asm-syntax.h | ||
| atomic-machine.h | ||
| c++-types.data | ||
| confstr.h | ||
| device-nrs.h | ||
| dirstream.h | ||
| dl-cache.h | ||
| dl-dtprocnum.h | ||
| dl-dtv.h | ||
| dl-fcntl.h | ||
| dl-fileid.h | ||
| dl-fptr.h | ||
| dl-hash.h | ||
| dl-irel.h | ||
| dl-librecon.h | ||
| dl-lookupcfg.h | ||
| dl-machine.h | ||
| dl-mman.h | ||
| dl-osinfo.h | ||
| dl-procinfo.c | ||
| dl-procinfo.h | ||
| dl-procruntime.c | ||
| dl-sysdep.h | ||
| dl-tls.h | ||
| dl-unistd.h | ||
| dwarf2.h | ||
| elide.h | ||
| eloop-threshold.h | ||
| entry.h | ||
| errqueue.h | ||
| exit-thread.h | ||
| fd_to_filename.h | ||
| fips-private.h | ||
| fix-fp-int-compare-invalid.h | ||
| fix-fp-int-convert-overflow.h | ||
| fix-int-fp-convert-zero.h | ||
| float128-abi.h | ||
| fork.h | ||
| fpu_control.h | ||
| frame.h | ||
| framestate.c | ||
| gcc-compat.h | ||
| gccframe.h | ||
| get-rounding-mode.h | ||
| gmp-mparam.h | ||
| hp-timing-common.h | ||
| hp-timing.h | ||
| ifreq.h | ||
| ifunc-init.h | ||
| ifunc-sel.h | ||
| intr-msg.h | ||
| inttypes.h | ||
| ld.abilist | ||
| ldconfig.h | ||
| ldsodefs.h | ||
| libanl.abilist | ||
| libBrokenLocale.abilist | ||
| libc-lock.h | ||
| libc-mmap.h | ||
| libc-start.h | ||
| libc-tsd.h | ||
| libc.abilist | ||
| libcidn.abilist | ||
| libcrypt.abilist | ||
| libdl.abilist | ||
| libm-alias-double.h | ||
| libm-alias-float128.h | ||
| libm-alias-float.h | ||
| libm-alias-ldouble.h | ||
| libm-test-ulps | ||
| libm-test-ulps-name | ||
| libm.abilist | ||
| libnsl.abilist | ||
| libnss_compat.abilist | ||
| libnss_db.abilist | ||
| libnss_dns.abilist | ||
| libnss_files.abilist | ||
| libnss_hesiod.abilist | ||
| libnss_nis.abilist | ||
| libnss_nisplus.abilist | ||
| libpthread.abilist | ||
| libresolv.abilist | ||
| librt.abilist | ||
| libutil.abilist | ||
| link_map.h | ||
| linkmap.h | ||
| local-setxid.h | ||
| localplt.data | ||
| machine-gmon.h | ||
| machine-lock.h | ||
| machine-sp.h | ||
| Makefile | ||
| malloc-alignment.h | ||
| malloc-machine.h | ||
| malloc-sysdep.h | ||
| math_ldbl_opt.h | ||
| math_ldbl.h | ||
| math_private_calls.h | ||
| math_private.h | ||
| math-tests-arch.h | ||
| math-tests.h | ||
| math-type-macros-double.h | ||
| math-type-macros-float128.h | ||
| math-type-macros-float.h | ||
| math-type-macros-ldouble.h | ||
| math-type-macros.h | ||
| memcopy.h | ||
| memusage.h | ||
| nan-high-order-bit.h | ||
| not-cancel.h | ||
| not-errno.h | ||
| nscd-types.h | ||
| pagecopy.h | ||
| paths.h | ||
| profil-counter.h | ||
| pty-private.h | ||
| register-dump.h | ||
| rtld-lowlevel.h | ||
| safe-fatal.h | ||
| setjmpP.h | ||
| sigcontextinfo.h | ||
| siglist.h | ||
| sigset-cvt-mask.h | ||
| sigsetops.h | ||
| stackguard-macros.h | ||
| stackinfo.h | ||
| startup.h | ||
| stdint.h | ||
| stdio-lock.h | ||
| string_private.h | ||
| symbol-hacks.h | ||
| sysdep-cancel.h | ||
| sysdep.h | ||
| thread_state.h | ||
| tininess.h | ||
| tls-macros.h | ||
| tls.h | ||
| tst-audit.h | ||
| tst-stack-align.h | ||
| unsecvars.h | ||
| unwind-dw2-fde-glibc.c | ||
| unwind-dw2-fde.c | ||
| unwind-dw2-fde.h | ||
| unwind-dw2.c | ||
| unwind-pe.c | ||
| unwind-pe.h | ||
| unwind-resume.h | ||
| unwind.h | ||
| utmp-equal.h | ||