From patchwork Tue Jul 24 22:32:26 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hjl.tools@gmail.com>
X-Patchwork-Id: 28596
Received: (qmail 64209 invoked by alias); 24 Jul 2018 22:32:30 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 64198 invoked by uid 89); 24 Jul 2018 22:32:30 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-25.4 required=5.0 tests=AWL, BAYES_00,
	FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2,
	GIT_PATCH_3,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.2 spammy=
X-HELO: mail-oi0-f66.google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=mime-version:from:date:message-id:subject:to:cc;
	bh=TbWFNGPRZEmK3keMVegbiZn6H7OmsD/a6AQyN+qPnYg=;
	b=Blr0WIh6yyftEUPEoOoTM2Tdv1KnhcUEZfeHLepEwVeYdHKfLZXTIcpaSywGAbaH67
	5tPu5RtQUJ6OoSHV6fCDviTDvJSHtfRSZ0cT5fZ5xrMDNYhfORT6IJHzG09f18jwMKQR
	lSa82s55lfFPIOTVU7QC+2DtwgQLHa9N0gbbjH2/hvMH47FyEfJSaiphAg8Mf7lntxPC
	XwWEUzpwK8mUgcGbmXhb5vwxRahuC14NEekwLnrC1WsxjPuY+1N1kRmT6C5y3Bu6MVTi
	LXbDjzgyLr0K0hl/rJNYYa0KRMF9rJeWcIgm/nbqnfWb/Uh0p0pd1A95mFDc606/wfzS
	S7cg==
MIME-Version: 1.0
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 24 Jul 2018 15:32:26 -0700
Message-ID: 
 <CAMe9rOoWz9Stxh3CznmLS4sF3Uzu_AKv42ZwHw1_4amFAb8M7w@mail.gmail.com>
Subject: [PATCH 1/2] x86-64: Add shadow stack base and limit to tcbhead_t
To: "Carlos O'Donell" <carlos@redhat.com>
Cc: GNU C Library <libc-alpha@sourceware.org>

On Tue, Jul 24, 2018 at 1:49 PM, Carlos O'Donell <carlos@redhat.com> wrote:
> On 07/21/2018 10:20 AM, H.J. Lu wrote:
>> This will be used to implement shadow stack switching by getcontext,
>> makecontext, setcontext and swapcontext.
>>
>>       * sysdeps/i386/nptl/tcb-offsets.sym (SSP_BASE_OFFSET): New.
>>       * sysdeps/i386/nptl/tls.h (tcbhead_t): Replace __glibc_reserved2
>>       with ssp_base.
>>       * sysdeps/x86_64/nptl/tcb-offsets.sym (SSP_BASE_OFFSET): New.
>>       * sysdeps/x86_64/nptl/tls.h (tcbhead_t): Replace __glibc_reserved2
>>       with ssp_base.
>
> Looks good to me.
>
> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
>

We find a testcase where setcontext failed when there are gaps above
and below the newly allocated shadow stack.  Here is the updated patch
to add shadow stack base and limit to tcbhead_t.

We need to find room for shadow stack base and upper limit in i386
tcbhead_t.  I have some ideas.   For now, I'd like to get x86-64 working
first.

OK for master branch?

Thanks.
Reviewed-by: Carlos O'Donell

From ca6aa515a501e40c73a0c8a0feb15a8659520bdb Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 11 Jul 2018 11:54:28 -0700
Subject: [PATCH 1/2] x86-64: Add shadow stack base and limit to tcbhead_t

Add shadow stack base and upper limit to tcbhead_t.  They will be
used to implement shadow stack switching by getcontext, makecontext,
setcontext and swapcontext.

Note: We need to find room for shadow stack base and upper limit in
i386 tcbhead_t.

	* sysdeps/x86_64/nptl/tcb-offsets.sym (SSP_BASE_OFFSET): New.
	(SSP_LIMIT_OFFSET): Likewise.
	* sysdeps/x86_64/nptl/tls.h (tcbhead_t): Change __padding to
	union with shadow stack base and upper limit.
---
 sysdeps/x86_64/nptl/tcb-offsets.sym |  2 ++
 sysdeps/x86_64/nptl/tls.h           | 12 +++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/sysdeps/x86_64/nptl/tcb-offsets.sym b/sysdeps/x86_64/nptl/tcb-offsets.sym
index 387621e88c..da50f249a7 100644
--- a/sysdeps/x86_64/nptl/tcb-offsets.sym
+++ b/sysdeps/x86_64/nptl/tcb-offsets.sym
@@ -13,6 +13,8 @@ MULTIPLE_THREADS_OFFSET	offsetof (tcbhead_t, multiple_threads)
 POINTER_GUARD		offsetof (tcbhead_t, pointer_guard)
 VGETCPU_CACHE_OFFSET	offsetof (tcbhead_t, vgetcpu_cache)
 FEATURE_1_OFFSET	offsetof (tcbhead_t, feature_1)
+SSP_BASE_OFFSET		offsetof (tcbhead_t, ssp.base)
+SSP_LIMIT_OFFSET	offsetof (tcbhead_t, ssp.limit)
 
 -- Not strictly offsets, but these values are also used in the TCB.
 TCB_CANCELSTATE_BITMASK	 CANCELSTATE_BITMASK
diff --git a/sysdeps/x86_64/nptl/tls.h b/sysdeps/x86_64/nptl/tls.h
index f042a0250a..0b2fc9166e 100644
--- a/sysdeps/x86_64/nptl/tls.h
+++ b/sysdeps/x86_64/nptl/tls.h
@@ -65,7 +65,17 @@ typedef struct
      like AddressSanitizer, depend on the size of tcbhead_t.  */
   __128bits __glibc_unused2[8][4] __attribute__ ((aligned (32)));
 
-  void *__padding[8];
+  union
+    {
+      void *__padding[8];
+      struct
+	{
+	  /* The lowest address of the current shadow stack,  */
+	  unsigned long long base;
+	  /* The upper limit of the current shadow stack,  */
+	  unsigned long long limit;
+	} ssp;
+    };
 } tcbhead_t;
 
 # ifdef __ILP32__
-- 
2.17.1