This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug dynamic-link/21598] i386 _dl_runtime_resolve/_dl_runtime_profile is incompatible with shadow stack
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 29 Jun 2017 13:29:43 +0000
- Subject: [Bug dynamic-link/21598] i386 _dl_runtime_resolve/_dl_runtime_profile is incompatible with shadow stack
- Auto-submitted: auto-generated
- References: <bug-21598-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=21598
--- Comment #9 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, hjl/cet/property has been created
at 6f6fc7d97f5db11da720a85619263c9e06b73a47 (commit)
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6f6fc7d97f5db11da720a85619263c9e06b73a47
commit 6f6fc7d97f5db11da720a85619263c9e06b73a47
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed Jun 28 15:16:46 2017 -0700
i386: Add _dl_runtime_resolve_shstk [BZ #21598]
Add a SHSTK compatible symbol resolver to support Shadow Stack in Intel
Control-flow Enforcement Technology (CET) instructions:
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
and replace _dl_runtime_resolve with _dl_runtime_resolve_shstk if SHSTK
is enabled.
[BZ #21598]
* sysdeps/i386/dl-trampoline.S (_dl_runtime_resolve_shstk): New.
* sysdeps/unix/sysv/linux/i386/dl-cet.c: New file.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fa6ceb54dac2477dc263194cf01a59b051de8c2
commit 6fa6ceb54dac2477dc263194cf01a59b051de8c2
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Thu Jun 22 04:15:39 2017 -0700
x86: Add <sys/cet.h> to support Intel CET
To support Intel Control-flow Enforcement Technology (CET) instructions:
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-en
forcement-technology-preview.pdf
include sysdeps/unix/sysv/linux/x86/sys/cet.h for assembly codes so that
ELF program property can be added to relocatable objects generated from
assembly codes if defines__IBT__ or __SHSTK__ is defined. If compiler
defines__IBT__, the IBT bit is turned on in x86 feature. If compiler
defines __SHSTK__, the SHSTK bit is turned on in x86 feature.
* configure.ac: Add --enable-cet.
* configure: Regenerated.
* sysdeps/unix/sysv/linux/x86/Makefile (asm-CPPFLAGS): Add
$(cet_cflags) -include $(..)sysdeps/unix/sysv/linux/x86/sys/cet.h.
(+cflags): Add $(cet_cflags).
* sysdeps/unix/sysv/linux/x86/configure: New file.
* sysdeps/unix/sysv/linux/x86/configure.ac: Likewise.
* sysdeps/unix/sysv/linux/x86/sys/cet.h: Likewise.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1dad1cd9f60eaad9fc09a25a9b1ef597715aec42
commit 1dad1cd9f60eaad9fc09a25a9b1ef597715aec42
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Thu Jun 22 08:51:42 2017 -0700
x86: Add IBT/SHSTK bits to cpu-features
Add IBT/SHSTK bits to cpu-features for Shadow Stack in Intel Control-flow
Enforcement Technology (CET) instructions:
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
* sysdeps/x86/cpu-features.h (bit_cpu_BIT): New.
(bit_cpu_SHSTK): Likewise.
(index_cpu_IBT): Likewise.
(index_cpu_SHSTK): Likewise.
(reg_IBT): Likewise.
(reg_SHSTK): Likewise.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3acbc15679c2ac504611e0baa52dbce2526e298
commit e3acbc15679c2ac504611e0baa52dbce2526e298
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Wed Jun 21 13:07:05 2017 -0700
Add NT_GNU_PROPERTY_TYPE_0 macros
Add macros used in GNU .note.gnu.property notes (NT_GNU_PROPERTY_TYPE_0).
* elf/elf.h (NT_GNU_PROPERTY_TYPE_0): New.
(NOTE_GNU_PROPERTY_SECTION_NAME): Likewise.
(GNU_PROPERTY_STACK_SIZE): Likewie.
(GNU_PROPERTY_NO_COPY_ON_PROTECTED): Likewie.
(GNU_PROPERTY_LOPROC): Likewise.
(GNU_PROPERTY_HIPROC): Likewise.
(GNU_PROPERTY_LOUSER): Likewise.
(GNU_PROPERTY_HIUSER): Likewise.
(GNU_PROPERTY_X86_ISA_1_USED): Likwise.
(GNU_PROPERTY_X86_ISA_1_NEEDED): Likwise.
(GNU_PROPERTY_X86_FEATURE_1_AND): Likwise.
(GNU_PROPERTY_X86_ISA_1_486): Likwise.
(GNU_PROPERTY_X86_ISA_1_586): Likwise.
(GNU_PROPERTY_X86_ISA_1_686): Likwise.
(GNU_PROPERTY_X86_ISA_1_SSE): Likwise.
(GNU_PROPERTY_X86_ISA_1_SSE2): Likwise.
(GNU_PROPERTY_X86_ISA_1_SSE3): Likwise.
(GNU_PROPERTY_X86_ISA_1_SSSE3): Likwise.
(GNU_PROPERTY_X86_ISA_1_SSE4_1): Likwise.
(GNU_PROPERTY_X86_ISA_1_SSE4_2): Likwise.
(GNU_PROPERTY_X86_ISA_1_AVX): Likwise.
(GNU_PROPERTY_X86_ISA_1_AVX2): Likwise.
(GNU_PROPERTY_X86_ISA_1_AVX512F): Likwise.
(GNU_PROPERTY_X86_ISA_1_AVX512CD): Likwise.
(GNU_PROPERTY_X86_ISA_1_AVX512ER): Likwise.
(GNU_PROPERTY_X86_ISA_1_AVX512PF): Likwise.
(GNU_PROPERTY_X86_ISA_1_AVX512VL): Likwise.
(GNU_PROPERTY_X86_ISA_1_AVX512DQ): Likwise.
(GNU_PROPERTY_X86_ISA_1_AVX512BW): Likwise.
(GNU_PROPERTY_X86_FEATURE_1_IBT): Likwise.
(GNU_PROPERTY_X86_FEATURE_1_SHSTK): Likwise.
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a916033bb4af931fd89260fc884932944bb0a3e5
commit a916033bb4af931fd89260fc884932944bb0a3e5
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Fri Jun 16 14:27:02 2017 -0700
Add private_function for private functions within glibc
i386 _dl_runtime_resolve:
movl (%esp), %ecx
movl %eax, (%esp) # Store the function address.
movl 4(%esp), %eax
ret $12 # Jump to function address.
is incompatible with Shadow Stack in Intel Control-flow Enforcement
Technology (CET) instructions:
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
since shadow stack doesn't match return stack. We need to use register
indirect branch via %ecx. That means only 2 parameters can be passed
in registers for external function calls with lazy binding. However,
internal_function, which should be used only with hidden function, is
defined as
# define internal_function __attribute__ ((regparm (3), stdcall))
and used with private function calls between different shared objects of
glibc. We introduce private_function for such purpose:
# define private_function __attribute__ ((regparm (2), stdcall))
so that %ecx can be used by _dl_runtime_resolve as scratch register.
[BZ #21598]
* config.h.in (USE_REGPARMS): Removed.
(internal_function): Undef.
(private_function): New. Undef.
* debug/fortify_fail.c (__fortify_fail): Replace internal_function
with private_function.
* elf/dl-addr.c (_dl_addr): Likewise.
* elf/dl-error-skeleton.c (_dl_signal_error): Likewise.
(_dl_catch_error): Likewise.
* elf/dl-execstack.c (_dl_make_stack_executable): Likewise.
* elf/dl-load.c (_dl_rtld_di_serinfo): Likewise.
* elf/dl-open.c (_dl_find_dso_for_object): Likewise.
* elf/dl-support.c (_dl_make_stack_executable_hook): Likewise.
* elf/dl-sym.c (_dl_vsym): Likewise.
(_dl_sym): Likewise.
* elf/dl-tls.c (_dl_get_tls_static_info): Likewise.
(_dl_allocate_tls_init): Likewise.
(_dl_allocate_tls): Likewise.
(_dl_deallocate_tls): Likewise.
* grp/grp-merge.c (__copy_grp): Likewise.
(__merge_grp): Likewise.
* grp/grp-merge.h (__copy_grp): Likewise.
(__merge_grp): Likewise.
* include/dlfcn.h (_dl_addr): Likewise.
(_dl_sym): Likewise.
(_dl_vsym): Likewise.
* include/rpc/pmap_clnt.h (__libc_rpc_getport): Likewise.
* include/stdio.h (__fortify_fail): Likewise.
* include/stdlib.h (__strtof_nan): Likewise.
(__strtod_nan): Likewise.
(__strtold_nan): Likewise.
(__wcstof_nan): Likewise.
(__wcstod_nan): Likewise.
(__wcstold_nan): Likewise.
(__strtof128_nan): Likewise.
(__wcstof128_nan): Likewise.
* inet/inet6_scopeid_pton.c (__inet6_scopeid_pton): Likewise.
* inet/net-internal.h (__inet6_scopeid_pton): Likewise.
* nptl/allocatestack.c (__make_stacks_executable): Likewise.
* nptl/libc_pthread_init.c (__libc_pthread_init): Likewise.
* nptl/pthreadP.h (__make_stacks_executable): Likewise.
(__libc_pthread_init): Likewise.
* nss/XXX-lookup.c (DB_LOOKUP_FCT): Likewise.
(DB_COMPAT_FCT): Likewise.
* nss/getXXbyYY_r.c (DB_LOOKUP_FCT): Likewise.
* nss/getXXent_r.c (DB_LOOKUP_FCT): Likewise.
* nss/nsswitch.h (db_lookup_function): Likewise.
* resolv/gai_misc.h (__gai_sigqueue): Likewise.
* resolv/gai_sigqueue.c (__gai_sigqueue): Likewise.
* stdlib/strtod_nan_main.c (STRTOD_NAN): Likewise.
* sunrpc/pm_getport.c (__libc_rpc_getport): Likewise.
* sysdeps/generic/ldsodefs.h (_dl_make_stack_executable_hook):
Likewise.
(_dl_make_stack_executable): Likewise.
(_dl_signal_error): Likewise.
(_dl_catch_error): Likewise.
(_dl_rtld_di_serinfo): Likewise.
(_dl_allocate_tls): Likewise.
(_dl_get_tls_static_info): Likewise.
(_dl_allocate_tls_init): Likewise.
(_dl_deallocate_tls): Likewise.
(_dl_find_dso_for_object): Likewise.
* sysdeps/unix/sysv/linux/dl-execstack.c
(_dl_make_stack_executable): Likewise.
* sysdeps/unix/sysv/linux/gai_sigqueue.c (__gai_sigqueue):
Likewise.
* sysdeps/unix/sysv/linux/netlink_assert_response.c
(__netlink_assert_response): Likewise.
* sysdeps/unix/sysv/linux/netlinkaccess.h
(__netlink_assert_response): Likewise.
* include/libc-symbols.h (private_function): New.
* sysdeps/i386/configure.ac (USE_REGPARMS): Removed.
(internal_function): New AC_DEFINE.
(private_function): Likewise.
* sysdeps/i386/configure: Regenerated.
-----------------------------------------------------------------------
--
You are receiving this mail because:
You are on the CC list for the bug.