| commit | 5fac20cc8d5f6a7d8dc75aa4e145526d1aa81c1f | |
| author | hjl-tools <hjl.tools@gmail.com> | |
| Fri, 24 Jan 2020 07:14:13 +0000 (23 23:14 -0800) | ||
| committer | Zoltan Herczeg <zherczeg.u-szeged@partner.samsung.com> | |
| Fri, 24 Jan 2020 07:14:13 +0000 (24 08:14 +0100) | ||
| tree | df748795ce79f7513e9549a52f91d2035f520322 | treesnapshot (tar.gz zip) |
| parent | 8e191de3de820c375682ce3c34520932f4d3724b | commitdiff |
x86: Enable shadow stack support (#14)
* Add SLJIT_SKIP_FRAMES_BEFORE_FAST_RETURN
Add SLJIT_SKIP_FRAMES_BEFORE_FAST_RETURN to sljit_emit_op_src to skip
stack frames before fast return. Use it in test67 to skip stack frames
before fast return.
* Add SLJIT_SKIP_FRAMES_BEFORE_RETURN
Add SLJIT_SKIP_FRAMES_BEFORE_RETURN to op0 operations to skip stack
frames before return. Use it in test68 to skip stack frames before
return.
* x86: Enable shadow stack support
Intel Control-flow Enforcement Technology (CET):
https://software.intel.com/en-us/articles/intel-sdm
contains shadow stack (SHSTK). When SHSTK is enabled, return address on
normal stack must match the one on shadow stack. When SHSTK is enabled
at the compile time, this patch updates sljit with:
1. Implement SLJIT_SKIP_FRAMES_BEFORE_RETURN and
SLJIT_SKIP_FRAMES_BEFORE_FAST_RETURN. If shadow stack is enabled, adjust
shadow stack so that the top of show stack matches the top of normal
stack. NB: It is safe since shadow stack is read-only, you can only
skip stack frame, not jump to anywhere else.
2. Hand code unsupported "mov 0x0(%ebp),%ebp" for X86_32 to use TMP_REG1
as scratch register to unwind show stack. NB: ECX is unusable since it
isn't a scratch register for fast return as shown in sljit test:
$ ./bin/sljit_test
Pass -v to enable verbose, -s to disable this hint.
test51 case 2 failed
SLJIT tests: 1 (2%) tests are FAILED on x86 32bit (little endian + unaligned) ABI:fastcall (with fpu)
Tested with
$ CC="gcc -Wl,-z,cet-report=error -fcf-protection -mshstk" make
on x86-32 and x86-64 Linux CET machines.
* Add SLJIT_SKIP_FRAMES_BEFORE_FAST_RETURN
Add SLJIT_SKIP_FRAMES_BEFORE_FAST_RETURN to sljit_emit_op_src to skip
stack frames before fast return. Use it in test67 to skip stack frames
before fast return.
* Add SLJIT_SKIP_FRAMES_BEFORE_RETURN
Add SLJIT_SKIP_FRAMES_BEFORE_RETURN to op0 operations to skip stack
frames before return. Use it in test68 to skip stack frames before
return.
* x86: Enable shadow stack support
Intel Control-flow Enforcement Technology (CET):
https://software.intel.com/en-us/articles/intel-sdm
contains shadow stack (SHSTK). When SHSTK is enabled, return address on
normal stack must match the one on shadow stack. When SHSTK is enabled
at the compile time, this patch updates sljit with:
1. Implement SLJIT_SKIP_FRAMES_BEFORE_RETURN and
SLJIT_SKIP_FRAMES_BEFORE_FAST_RETURN. If shadow stack is enabled, adjust
shadow stack so that the top of show stack matches the top of normal
stack. NB: It is safe since shadow stack is read-only, you can only
skip stack frame, not jump to anywhere else.
2. Hand code unsupported "mov 0x0(%ebp),%ebp" for X86_32 to use TMP_REG1
as scratch register to unwind show stack. NB: ECX is unusable since it
isn't a scratch register for fast return as shown in sljit test:
$ ./bin/sljit_test
Pass -v to enable verbose, -s to disable this hint.
test51 case 2 failed
SLJIT tests: 1 (2%) tests are FAILED on x86 32bit (little endian + unaligned) ABI:fastcall (with fpu)
Tested with
$ CC="gcc -Wl,-z,cet-report=error -fcf-protection -mshstk" make
on x86-32 and x86-64 Linux CET machines.
14 files changed: