This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/21598] New: i386 _dl_runtime_resolve/_dl_runtime_profile is incompatible with shadow stack
- From: "hjl.tools at gmail dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Wed, 14 Jun 2017 12:14:04 +0000
- Subject: [Bug dynamic-link/21598] New: i386 _dl_runtime_resolve/_dl_runtime_profile is incompatible with shadow stack
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=21598
Bug ID: 21598
Summary: i386 _dl_runtime_resolve/_dl_runtime_profile is
incompatible with shadow stack
Product: glibc
Version: 2.26
Status: NEW
Severity: normal
Priority: P2
Component: dynamic-link
Assignee: unassigned at sourceware dot org
Reporter: hjl.tools at gmail dot com
Target Milestone: ---
Target: i386
Shadow Stack in Intel Control-flow Enforcement Technology (CET) instructions:
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
doesn't support:
movl (%esp), %ecx
movl %eax, (%esp) # Store the function address.
movl 4(%esp), %eax
ret $12 # Jump to function address.
since shadow stack doesn't match. We can use register indirect branch with
ECX as scratch register. It means that functions marked as internal_function
can't be called via PLT. One of such functions is __libc_pthread_init,
which is defined in libc.so.6 and called from libpthread.so.0.
--
You are receiving this mail because:
You are on the CC list for the bug.