]>
Commit | Line | Data |
---|---|---|
04277e02 | 1 | /* Copyright (C) 2001-2019 Free Software Foundation, Inc. |
da97dfdc UD |
2 | This file is part of the GNU C Library. |
3 | ||
4 | The GNU C Library is free software; you can redistribute it and/or | |
5 | modify it under the terms of the GNU Lesser General Public | |
6 | License as published by the Free Software Foundation; either | |
7 | version 2.1 of the License, or (at your option) any later version. | |
8 | ||
9 | The GNU C Library is distributed in the hope that it will be useful, | |
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
12 | Lesser General Public License for more details. | |
13 | ||
14 | You should have received a copy of the GNU Lesser General Public | |
59ba27a6 | 15 | License along with the GNU C Library; if not, see |
5a82c748 | 16 | <https://www.gnu.org/licenses/>. */ |
da97dfdc UD |
17 | |
18 | #include <sysdep.h> | |
19 | #include <jmpbuf-offsets.h> | |
faaee1f0 | 20 | #include <jmp_buf-ssp.h> |
da97dfdc | 21 | #include <asm-syntax.h> |
8422c9a5 | 22 | #include <stap-probe.h> |
da97dfdc | 23 | |
faaee1f0 L |
24 | /* Don't restore shadow stack register if shadow stack isn't enabled. */ |
25 | #if !SHSTK_ENABLED | |
26 | # undef SHADOW_STACK_POINTER_OFFSET | |
27 | #endif | |
da97dfdc UD |
28 | |
29 | .section .rodata.str1.1,"aMS",@progbits,1 | |
30 | .type longjmp_msg,@object | |
31 | longjmp_msg: | |
32 | .string "longjmp causes uninitialized stack frame" | |
33 | .size longjmp_msg, .-longjmp_msg | |
34 | ||
35 | ||
36 | #ifdef PIC | |
37 | # define CALL_FAIL movl %ebx, %ecx; \ | |
38 | cfi_register(%ebx,%ecx); \ | |
39 | LOAD_PIC_REG (bx); \ | |
40 | leal longjmp_msg@GOTOFF(%ebx), %eax; \ | |
1b0bfc69 | 41 | movl %eax, (%esp); \ |
b402e91a | 42 | call HIDDEN_JUMPTARGET(__fortify_fail) |
da97dfdc UD |
43 | #else |
44 | # define CALL_FAIL movl $longjmp_msg, %eax; \ | |
1b0bfc69 | 45 | movl %eax, (%esp); \ |
b402e91a | 46 | call HIDDEN_JUMPTARGET(__fortify_fail) |
da97dfdc UD |
47 | #endif |
48 | ||
da97dfdc UD |
49 | |
50 | .text | |
51 | ENTRY (____longjmp_chk) | |
52 | movl 4(%esp), %ecx /* User's jmp_buf in %ecx. */ | |
53 | ||
faaee1f0 L |
54 | #ifdef SHADOW_STACK_POINTER_OFFSET |
55 | # if IS_IN (libc) && defined SHARED && defined FEATURE_1_OFFSET | |
56 | /* Check if Shadow Stack is enabled. */ | |
57 | testl $X86_FEATURE_1_SHSTK, %gs:FEATURE_1_OFFSET | |
58 | jz L(skip_ssp) | |
59 | # else | |
60 | xorl %edx, %edx | |
61 | # endif | |
62 | /* Check and adjust the Shadow-Stack-Pointer. */ | |
63 | rdsspd %edx | |
64 | /* And compare it with the saved ssp value. */ | |
65 | subl SHADOW_STACK_POINTER_OFFSET(%ecx), %edx | |
66 | je L(skip_ssp) | |
67 | /* Count the number of frames to adjust and adjust it | |
68 | with incssp instruction. The instruction can adjust | |
69 | the ssp by [0..255] value only thus use a loop if | |
70 | the number of frames is bigger than 255. */ | |
71 | negl %edx | |
72 | shrl $2, %edx | |
73 | /* NB: We saved Shadow-Stack-Pointer of setjmp. Since we are | |
74 | restoring Shadow-Stack-Pointer of setjmp's caller, we | |
75 | need to unwind shadow stack by one more frame. */ | |
76 | addl $1, %edx | |
77 | movl $255, %ebx | |
78 | L(loop): | |
79 | cmpl %ebx, %edx | |
80 | cmovb %edx, %ebx | |
81 | incsspd %ebx | |
82 | subl %ebx, %edx | |
83 | ja L(loop) | |
84 | L(skip_ssp): | |
85 | #endif | |
da97dfdc UD |
86 | /* Save the return address now. */ |
87 | movl (JB_PC*4)(%ecx), %edx | |
88 | /* Get the stack pointer. */ | |
89 | movl (JB_SP*4)(%ecx), %edi | |
90 | cfi_undefined(%edi) | |
91 | PTR_DEMANGLE (%edx) | |
92 | PTR_DEMANGLE (%edi) | |
93 | ||
da97dfdc UD |
94 | cmpl %edi, %esp |
95 | jbe .Lok | |
96 | ||
97 | subl $12, %esp | |
98 | cfi_adjust_cfa_offset(12) | |
99 | xorl %ebx, %ebx | |
100 | movl %esp, %ecx | |
101 | movl $__NR_sigaltstack, %eax | |
102 | ENTER_KERNEL | |
e4143e7a UD |
103 | /* Without working sigaltstack we cannot perform the test. */ |
104 | test %eax, %eax | |
105 | jne .Lok2 | |
106 | testl $1, 4(%esp) | |
107 | jz .Lfail | |
108 | ||
109 | movl (%esp), %eax | |
110 | addl 8(%esp), %eax | |
111 | subl %edi, %eax | |
112 | cmpl 8(%esp), %eax | |
113 | jae .Lok2 | |
114 | ||
115 | .Lfail: CALL_FAIL | |
116 | ||
117 | .Lok2: addl $12, %esp | |
da97dfdc | 118 | cfi_adjust_cfa_offset(-12) |
e4143e7a UD |
119 | movl 4(%esp), %ecx |
120 | ||
8422c9a5 RM |
121 | .Lok: |
122 | LIBC_PROBE (longjmp, 3, 4@%ecx, -4@8(%esp), 4@%edx) | |
123 | /* We add unwind information for the target here. */ | |
da97dfdc UD |
124 | cfi_def_cfa(%ecx, 0) |
125 | cfi_register(%eip, %edx) | |
126 | cfi_register(%esp, %edi) | |
127 | cfi_offset(%ebx, JB_BX*4) | |
128 | cfi_offset(%esi, JB_SI*4) | |
129 | cfi_offset(%edi, JB_DI*4) | |
130 | cfi_offset(%ebp, JB_BP*4) | |
131 | ||
e4143e7a UD |
132 | movl 8(%esp), %eax /* Second argument is return value. */ |
133 | movl %edi, %esp | |
da97dfdc | 134 | |
57dbdb9f | 135 | /* Restore registers. */ |
e4143e7a | 136 | movl (JB_BX*4)(%ecx), %ebx |
da97dfdc UD |
137 | movl (JB_SI*4)(%ecx), %esi |
138 | movl (JB_DI*4)(%ecx), %edi | |
139 | movl (JB_BP*4)(%ecx), %ebp | |
140 | cfi_restore(%ebx) | |
141 | cfi_restore(%esi) | |
142 | cfi_restore(%edi) | |
143 | cfi_restore(%ebp) | |
144 | ||
145 | /* Jump to saved PC. */ | |
8422c9a5 | 146 | LIBC_PROBE (longjmp_target, 3, 4@%ecx, -4@%eax, 4@%edx) |
57dbdb9f | 147 | jmp *%edx |
da97dfdc | 148 | END (____longjmp_chk) |