diff options
Diffstat (limited to 'sysdeps/unix/sysv/linux/i386/____longjmp_chk.S')
-rw-r--r-- | sysdeps/unix/sysv/linux/i386/____longjmp_chk.S | 41 |
1 files changed, 40 insertions, 1 deletions
diff --git a/sysdeps/unix/sysv/linux/i386/____longjmp_chk.S b/sysdeps/unix/sysv/linux/i386/____longjmp_chk.S index 5e13ef749a..a7640d9892 100644 --- a/sysdeps/unix/sysv/linux/i386/____longjmp_chk.S +++ b/sysdeps/unix/sysv/linux/i386/____longjmp_chk.S @@ -1,4 +1,4 @@ -/* Copyright (C) 2001-2016 Free Software Foundation, Inc. +/* Copyright (C) 2001-2018 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -17,9 +17,14 @@ #include <sysdep.h> #include <jmpbuf-offsets.h> +#include <jmp_buf-ssp.h> #include <asm-syntax.h> #include <stap-probe.h> +/* Don't restore shadow stack register if shadow stack isn't enabled. */ +#if !SHSTK_ENABLED +# undef SHADOW_STACK_POINTER_OFFSET +#endif .section .rodata.str1.1,"aMS",@progbits,1 .type longjmp_msg,@object @@ -33,9 +38,11 @@ longjmp_msg: cfi_register(%ebx,%ecx); \ LOAD_PIC_REG (bx); \ leal longjmp_msg@GOTOFF(%ebx), %eax; \ + movl %eax, (%esp); \ call HIDDEN_JUMPTARGET(__fortify_fail) #else # define CALL_FAIL movl $longjmp_msg, %eax; \ + movl %eax, (%esp); \ call HIDDEN_JUMPTARGET(__fortify_fail) #endif @@ -44,6 +51,38 @@ longjmp_msg: ENTRY (____longjmp_chk) movl 4(%esp), %ecx /* User's jmp_buf in %ecx. */ +#ifdef SHADOW_STACK_POINTER_OFFSET +# if IS_IN (libc) && defined SHARED && defined FEATURE_1_OFFSET + /* Check if Shadow Stack is enabled. */ + testl $X86_FEATURE_1_SHSTK, %gs:FEATURE_1_OFFSET + jz L(skip_ssp) +# else + xorl %edx, %edx +# endif + /* Check and adjust the Shadow-Stack-Pointer. */ + rdsspd %edx + /* And compare it with the saved ssp value. */ + subl SHADOW_STACK_POINTER_OFFSET(%ecx), %edx + je L(skip_ssp) + /* Count the number of frames to adjust and adjust it + with incssp instruction. The instruction can adjust + the ssp by [0..255] value only thus use a loop if + the number of frames is bigger than 255. */ + negl %edx + shrl $2, %edx + /* NB: We saved Shadow-Stack-Pointer of setjmp. Since we are + restoring Shadow-Stack-Pointer of setjmp's caller, we + need to unwind shadow stack by one more frame. */ + addl $1, %edx + movl $255, %ebx +L(loop): + cmpl %ebx, %edx + cmovb %edx, %ebx + incsspd %ebx + subl %ebx, %edx + ja L(loop) +L(skip_ssp): +#endif /* Save the return address now. */ movl (JB_PC*4)(%ecx), %edx /* Get the stack pointer. */ |