*** Changes since GDB 16
+* Debugging Linux programs that use x86-64 or x86-64 with 32-bit pointer
+ size (X32) Shadow Stacks are now supported.
+
* Support for the shadow stack pointer register on x86-64 or x86-64 with
32-bit pointer size (X32) GNU/Linux.
possible. */
static std::optional<CORE_ADDR>
-amd64_linux_get_shadow_stack_pointer (gdbarch *gdbarch, regcache *regcache)
+amd64_linux_get_shadow_stack_pointer (gdbarch *gdbarch, regcache *regcache,
+ bool &shadow_stack_enabled)
{
+ shadow_stack_enabled = false;
const i386_gdbarch_tdep *tdep = gdbarch_tdep<i386_gdbarch_tdep> (gdbarch);
if (tdep->ssp_regnum < 0)
if (ssp == 0x0)
return {};
+ /* In case there is a shadow stack pointer available which is non-null,
+ the shadow stack feature is enabled. */
+ shadow_stack_enabled = true;
return ssp;
}
amd64_linux_shadow_stack_push (gdbarch *gdbarch, CORE_ADDR new_addr,
regcache *regcache)
{
+ bool shadow_stack_enabled;
std::optional<CORE_ADDR> ssp
- = amd64_linux_get_shadow_stack_pointer (gdbarch, regcache);
+ = amd64_linux_get_shadow_stack_pointer (gdbarch, regcache,
+ shadow_stack_enabled);
+
+ /* For amd64/Linux, if SSP has a value that means shadow stack is
+ enabled. */
if (!ssp.has_value ())
return;
+ else
+ gdb_assert (shadow_stack_enabled);
/* The shadow stack grows downwards. To push addresses to the stack,
we need to decrement SSP. */
(gdbarch, amd64_linux_remove_non_address_bits_watchpoint);
set_gdbarch_shadow_stack_push (gdbarch, amd64_linux_shadow_stack_push);
+ set_gdbarch_get_shadow_stack_pointer (gdbarch,
+ amd64_linux_get_shadow_stack_pointer);
dwarf2_frame_set_init_reg (gdbarch, amd64_init_reg);
}
displaced_debug_printf ("relocated return addr at %s to %s",
paddress (gdbarch, rsp),
paddress (gdbarch, retaddr));
+
+ /* If shadow stack is enabled, we need to correct the return address
+ on the shadow stack too. */
+ bool shadow_stack_enabled;
+ std::optional<CORE_ADDR> ssp
+ = gdbarch_get_shadow_stack_pointer (gdbarch, regs,
+ shadow_stack_enabled);
+ if (shadow_stack_enabled)
+ {
+ gdb_assert (ssp.has_value ());
+ write_memory_unsigned_integer (*ssp, retaddr_len, byte_order,
+ retaddr);
+ displaced_debug_printf ("relocated shadow stack return addr at %s "
+ "to %s", paddress (gdbarch, *ssp),
+ paddress (gdbarch, retaddr));
+ }
}
}
the state machine returns to the IDLE state.
@end itemize
-Impact on Call/Print:
+Impact on @value{GDBN} commands:
+@itemize @bullet
+@item Call/Print:
Inferior calls in @value{GDBN} reset the current PC to the beginning of the
function that is called. No call instruction is executed, but the @code{RET}
instruction actually is. To avoid a control protection exception due to the
missing return address on the shadow stack, @value{GDBN} pushes the new return
address to the shadow stack and updates the shadow stack pointer.
+@item Step:
+With displaced stepping, @value{GDBN} may run an out of line copy of a call
+instruction. In this case, the wrong return address is pushed to the shadow
+stack. @value{GDBN} corrects this value to avoid a control protection
+exception. For more details on displaced stepping, see @ref{displaced-stepping}.
+@end itemize
@node Alpha
@subsection Alpha
@cindex out-of-line single-stepping
@item set displaced-stepping
@itemx show displaced-stepping
+@anchor{displaced-stepping}
Control whether or not @value{GDBN} will do @dfn{displaced stepping}
if the target supports it. Displaced stepping is a way to single-step
over breakpoints without removing them from the inferior, by executing
displaced_debug_printf ("relocated return addr at %s to %s",
paddress (gdbarch, esp),
paddress (gdbarch, retaddr));
+
+ /* If shadow stack is enabled, we need to correct the return address
+ on the shadow stack too. */
+ bool shadow_stack_enabled;
+ std::optional<CORE_ADDR> ssp
+ = gdbarch_get_shadow_stack_pointer (gdbarch, regs,
+ shadow_stack_enabled);
+ if (shadow_stack_enabled)
+ {
+ gdb_assert (ssp.has_value ());
+ write_memory_unsigned_integer (*ssp, retaddr_len, byte_order,
+ retaddr);
+ displaced_debug_printf ("relocated shadow stack return addr at %s "
+ "to %s", paddress (gdbarch, *ssp),
+ paddress (gdbarch, retaddr));
+ }
}
}
--- /dev/null
+# Copyright 2025 Free Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Test continue from call instructions with shadow stack and displaced
+# stepping being enabled.
+
+require allow_ssp_tests support_displaced_stepping
+
+standard_testfile amd64-shadow-stack.c
+
+save_vars { ::env(GLIBC_TUNABLES) } {
+
+ append_environment GLIBC_TUNABLES "glibc.cpu.hwcaps" "SHSTK"
+
+ if { [prepare_for_testing "failed to prepare" ${testfile} ${srcfile} \
+ additional_flags="-fcf-protection=return"] } {
+ return
+ }
+
+ # Enable displaced stepping.
+ gdb_test_no_output "set displaced-stepping on"
+ gdb_test "show displaced-stepping" ".* displaced stepping .* is on.*"
+
+ if { ![runto_main] } {
+ return
+ }
+
+ # Get the address of the call to the call1 function.
+ set call1_addr -1
+ gdb_test_multiple "disassemble main" "" {
+ -re -wrap "($hex) <\\+($decimal)>:\\s*call\\s*0x.*<call1>.*" {
+ set call1_addr $expect_out(1,string)
+ pass $gdb_test_name
+ }
+ }
+
+ if { $call1_addr == -1 } {
+ return
+ }
+
+ # Get the address of the call to the call2 function.
+ set call2_addr -1
+ gdb_test_multiple "disassemble call1" "" {
+ -re -wrap "($hex) <\\+($decimal)>:\\s*call\\s*0x.*<call2>.*" {
+ set call2_addr $expect_out(1,string)
+ pass $gdb_test_name
+ }
+ }
+
+ if { $call2_addr == -1 } {
+ return
+ }
+
+ gdb_test "break *$call1_addr" \
+ "Breakpoint $decimal at $hex.*" \
+ "break at the address of the call1 instruction"
+
+ gdb_test "break *$call2_addr" \
+ "Breakpoint $decimal at $hex.*" \
+ "break at the address of the call2 instruction"
+
+ gdb_test "continue" \
+ "Breakpoint $decimal, $call1_addr in main ().*" \
+ "continue until call1 instruction"
+
+ # Test continue from breakpoint at call1 and call2 instructions.
+ gdb_test "continue" \
+ "Breakpoint $decimal, $call2_addr in call1 ().*" \
+ "continue from call1 instruction"
+
+ gdb_continue_to_end "continue from call2 instruction"
+}
int
main ()
{
+ /* Depending on instruction generation we might end up in the call
+ instruction of call1 function after "runto_main". Avoid this by
+ adding a nop instruction, to simplify the testing in
+ amd64-shadow-stack-disp-step.exp. */
+ asm ("nop");
call1 (); /* break main. */
return 0;
}
projects / thirdparty / binutils-gdb.git / commitdiff
