aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorH.J. Lu <hjl.tools@gmail.com>2018-07-25 04:39:26 -0700
committerH.J. Lu <hjl.tools@gmail.com>2018-07-25 04:39:39 -0700
commit9aa3113a42d94d7bbf9bb4d50ef0d23b95e66123 (patch)
treefa63d539e751cddd5df0acde94a2ecc808642a0f
parentFix out of bounds access in findidxwc (bug 23442) (diff)
downloadglibc-9aa3113a42d94d7bbf9bb4d50ef0d23b95e66123.tar.gz
glibc-9aa3113a42d94d7bbf9bb4d50ef0d23b95e66123.tar.bz2
glibc-9aa3113a42d94d7bbf9bb4d50ef0d23b95e66123.zip
x86: Rename __glibc_reserved2 to ssp_base in tcbhead_t
This will be used to record the current shadow stack base for shadow stack switching by getcontext, makecontext, setcontext and swapcontext. If the target shadow stack base is the same as the current shadow stack base, we unwind the shadow stack. Otherwise it is a stack switch and we look for a restore token to restore the target shadow stack. * sysdeps/i386/nptl/tcb-offsets.sym (SSP_BASE_OFFSET): New. * sysdeps/i386/nptl/tls.h (tcbhead_t): Replace __glibc_reserved2 with ssp_base. * sysdeps/x86_64/nptl/tcb-offsets.sym (SSP_BASE_OFFSET): New. * sysdeps/x86_64/nptl/tls.h (tcbhead_t): Replace __glibc_reserved2 with ssp_base.
-rw-r--r--ChangeLog9
-rw-r--r--sysdeps/i386/nptl/tcb-offsets.sym1
-rw-r--r--sysdeps/i386/nptl/tls.h3
-rw-r--r--sysdeps/x86_64/nptl/tcb-offsets.sym1
-rw-r--r--sysdeps/x86_64/nptl/tls.h10
5 files changed, 22 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 11632507c0..fb4a45bacc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2018-07-25 H.J. Lu <hongjiu.lu@intel.com>
+
+ * sysdeps/i386/nptl/tcb-offsets.sym (SSP_BASE_OFFSET): New.
+ * sysdeps/i386/nptl/tls.h (tcbhead_t): Replace __glibc_reserved2
+ with ssp_base.
+ * sysdeps/x86_64/nptl/tcb-offsets.sym (SSP_BASE_OFFSET): New.
+ * sysdeps/x86_64/nptl/tls.h (tcbhead_t): Replace __glibc_reserved2
+ with ssp_base.
+
2018-07-25 Andreas Schwab <schwab@suse.de>
[BZ #23442]
diff --git a/sysdeps/i386/nptl/tcb-offsets.sym b/sysdeps/i386/nptl/tcb-offsets.sym
index fbac241c45..2ec9e787c1 100644
--- a/sysdeps/i386/nptl/tcb-offsets.sym
+++ b/sysdeps/i386/nptl/tcb-offsets.sym
@@ -13,3 +13,4 @@ CLEANUP_PREV offsetof (struct _pthread_cleanup_buffer, __prev)
MUTEX_FUTEX offsetof (pthread_mutex_t, __data.__lock)
POINTER_GUARD offsetof (tcbhead_t, pointer_guard)
FEATURE_1_OFFSET offsetof (tcbhead_t, feature_1)
+SSP_BASE_OFFSET offsetof (tcbhead_t, ssp_base)
diff --git a/sysdeps/i386/nptl/tls.h b/sysdeps/i386/nptl/tls.h
index 21e23cd809..12285d3217 100644
--- a/sysdeps/i386/nptl/tls.h
+++ b/sysdeps/i386/nptl/tls.h
@@ -49,7 +49,8 @@ typedef struct
void *__private_tm[3];
/* GCC split stack support. */
void *__private_ss;
- void *__glibc_reserved2;
+ /* The lowest address of shadow stack, */
+ unsigned long ssp_base;
} tcbhead_t;
/* morestack.S in libgcc uses offset 0x30 to access __private_ss, */
diff --git a/sysdeps/x86_64/nptl/tcb-offsets.sym b/sysdeps/x86_64/nptl/tcb-offsets.sym
index 387621e88c..ae8034743b 100644
--- a/sysdeps/x86_64/nptl/tcb-offsets.sym
+++ b/sysdeps/x86_64/nptl/tcb-offsets.sym
@@ -13,6 +13,7 @@ MULTIPLE_THREADS_OFFSET offsetof (tcbhead_t, multiple_threads)
POINTER_GUARD offsetof (tcbhead_t, pointer_guard)
VGETCPU_CACHE_OFFSET offsetof (tcbhead_t, vgetcpu_cache)
FEATURE_1_OFFSET offsetof (tcbhead_t, feature_1)
+SSP_BASE_OFFSET offsetof (tcbhead_t, ssp_base)
-- Not strictly offsets, but these values are also used in the TCB.
TCB_CANCELSTATE_BITMASK CANCELSTATE_BITMASK
diff --git a/sysdeps/x86_64/nptl/tls.h b/sysdeps/x86_64/nptl/tls.h
index f042a0250a..e88561c934 100644
--- a/sysdeps/x86_64/nptl/tls.h
+++ b/sysdeps/x86_64/nptl/tls.h
@@ -60,7 +60,8 @@ typedef struct
void *__private_tm[4];
/* GCC split stack support. */
void *__private_ss;
- long int __glibc_reserved2;
+ /* The lowest address of shadow stack, */
+ unsigned long long int ssp_base;
/* Must be kept even if it is no longer used by glibc since programs,
like AddressSanitizer, depend on the size of tcbhead_t. */
__128bits __glibc_unused2[8][4] __attribute__ ((aligned (32)));
@@ -72,10 +73,17 @@ typedef struct
/* morestack.S in libgcc uses offset 0x40 to access __private_ss, */
_Static_assert (offsetof (tcbhead_t, __private_ss) == 0x40,
"offset of __private_ss != 0x40");
+/* NB: ssp_base used to be "long int __glibc_reserved2", which was
+ changed from 32 bits to 64 bits. Make sure that the offset of the
+ next field, __glibc_unused2, is unchanged. */
+_Static_assert (offsetof (tcbhead_t, __glibc_unused2) == 0x60,
+ "offset of __glibc_unused2 != 0x60");
# else
/* morestack.S in libgcc uses offset 0x70 to access __private_ss, */
_Static_assert (offsetof (tcbhead_t, __private_ss) == 0x70,
"offset of __private_ss != 0x70");
+_Static_assert (offsetof (tcbhead_t, __glibc_unused2) == 0x80,
+ "offset of __glibc_unused2 != 0x80");
# endif
#else /* __ASSEMBLER__ */