This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: RFC: Shadow Stack support in glibc

From: "H.J. Lu" <hjl dot tools at gmail dot com>
To: Szabolcs Nagy <szabolcs dot nagy at arm dot com>
Cc: nd <nd at arm dot com>, Yu-cheng Yu <yu-cheng dot yu at intel dot com>, Florian Weimer <fweimer at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>, Igor Tsimbalist <tigor dot tools at gmail dot com>, "Shanbhogue, Vedvyas" <vedvyas dot shanbhogue at intel dot com>
Date: Fri, 9 Jun 2017 04:28:49 -0700
Subject: Re: RFC: Shadow Stack support in glibc
Authentication-results: sourceware.org; auth=none
References: <CAMe9rOqN7oNWWmbw_NmaP=TpBDY7jh=MNbJQNaiOR901Rs7bcw@mail.gmail.com> <451a71c6-7eb7-983d-f808-86cf50fc0dca@redhat.com> <1496876422.12598.31.camel@test-lenovo> <59390EEB.4020409@arm.com> <1496951188.15627.51.camel@test-lenovo> <593A64CC.60100@arm.com> <CAMe9rOoPyXrBfbDTx-dQwm1tPXMHp89eiAMpWwsOgJMyi_LQ2w@mail.gmail.com> <593A834A.7050301@arm.com> <593A84D6.40007@arm.com>

On Fri, Jun 9, 2017 at 4:21 AM, Szabolcs Nagy <szabolcs.nagy@arm.com> wrote:
> On 09/06/17 12:15, Szabolcs Nagy wrote:
>> On 09/06/17 12:13, H.J. Lu wrote:
>>> On Fri, Jun 9, 2017 at 2:05 AM, Szabolcs Nagy <szabolcs.nagy@arm.com> wrote:
>>>>
>>>> fixing setjmp/longjmp is non-trivial since jmpbuf size is abi,
>>>> it may be possible to do without saving ssp into jmpbuf though.
>>>>
>>>
>>> Shadow stack is enabled at run-time only if all sources are compiled
>>> with shadow stack enabled compiler against shadow stack enabled
>>> glibc.  setjmp/longjmp are implemented with IFUNC, which uses
>>> the old setjmp/longjmp if shadow stack is off and uses the new
>>> setjmp/longjmp if shadow stack is on.
>>>
>>
>> that is not enough.
>>
>> jmpbuf may be used in user code independently of setjmp/longjmp.
>>
>>
>
> oh wait, are you saying shadow stack is a new abi
> and all libraries on the system need to be compiled
> for that abi?
>

Yes,  99% of codes just need to recompile.  If context functions
are used or jmpbuf is used independently of setjmp/longjmp,
enabling is needed.

-- 
H.J.

Follow-Ups:
- Re: RFC: Shadow Stack support in glibc
  - From: Florian Weimer

References:
- RFC: Shadow Stack support in glibc
  - From: H.J. Lu
- Re: RFC: Shadow Stack support in glibc
  - From: Florian Weimer
- Re: RFC: Shadow Stack support in glibc
  - From: Yu-cheng Yu
- Re: RFC: Shadow Stack support in glibc
  - From: Szabolcs Nagy
- Re: RFC: Shadow Stack support in glibc
  - From: Yu-cheng Yu
- Re: RFC: Shadow Stack support in glibc
  - From: Szabolcs Nagy
- Re: RFC: Shadow Stack support in glibc
  - From: H.J. Lu
- Re: RFC: Shadow Stack support in glibc
  - From: Szabolcs Nagy
- Re: RFC: Shadow Stack support in glibc
  - From: Szabolcs Nagy

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]