+2017-11-17 Igor Tsimbalist <igor.v.tsimbalist@intel.com>
+
+ * config/i386/i386.c (ix86_expand_epilogue): Change simple
+ return to indirect jump for EH return if control-flow
+ protection is enabled. Change explicit 'false' argument in
+ pro_epilogue_adjust_stack with a value of
+ flag_cf_protection.
+ * config/i386/i386.md (simple_return_indirect_internal):
+ Remove SImode restriction to support 64-bit.
+
2017-11-17 Segher Boessenkool <segher@kernel.crashing.org>
* combine.c (added_notes_insn): New.
offset relative to SA, and after this insn we have no
other reasonable register to use for the CFA. We don't
bother resetting the CFA to the SP for the duration of
- the return insn. */
+ the return insn, unless the control flow instrumentation
+ is done. In this case the SP is used later and we have
+ to reset CFA to SP. */
add_reg_note (insn, REG_CFA_DEF_CFA,
plus_constant (Pmode, sa, UNITS_PER_WORD));
ix86_add_queued_cfa_restore_notes (insn);
m->fs.fp_valid = false;
pro_epilogue_adjust_stack (stack_pointer_rtx, sa,
- const0_rtx, style, false);
+ const0_rtx, style,
+ flag_cf_protection);
}
else
{
emit_jump_insn (gen_simple_return_pop_internal (popc));
}
else if (!m->call_ms2sysv || !restore_stub_is_tail)
- emit_jump_insn (gen_simple_return_internal ());
+ {
+ /* In case of return from EH a simple return cannot be used
+ as a return address will be compared with a shadow stack
+ return address. Use indirect jump instead. */
+ if (style == 2 && flag_cf_protection)
+ {
+ /* Register used in indirect jump must be in word_mode. But
+ Pmode may not be the same as word_mode for x32. */
+ rtx ecx = gen_rtx_REG (word_mode, CX_REG);
+ rtx_insn *insn;
+
+ insn = emit_insn (gen_pop (ecx));
+ m->fs.cfa_offset -= UNITS_PER_WORD;
+ m->fs.sp_offset -= UNITS_PER_WORD;
+
+ rtx x = plus_constant (Pmode, stack_pointer_rtx, UNITS_PER_WORD);
+ x = gen_rtx_SET (stack_pointer_rtx, x);
+ add_reg_note (insn, REG_CFA_ADJUST_CFA, x);
+ add_reg_note (insn, REG_CFA_REGISTER, gen_rtx_SET (ecx, pc_rtx));
+ RTX_FRAME_RELATED_P (insn) = 1;
+
+ emit_jump_insn (gen_simple_return_indirect_internal (ecx));
+ }
+ else
+ emit_jump_insn (gen_simple_return_internal ());
+ }
/* Restore the state back to the state from the prologue,
so that it's correct for the next epilogue. */
(define_insn "simple_return_indirect_internal"
[(simple_return)
- (use (match_operand:SI 0 "register_operand" "r"))]
+ (use (match_operand 0 "register_operand" "r"))]
"reload_completed"
"%!jmp\t%A0"
[(set_attr "type" "ibr")
+2017-11-17 Igor Tsimbalist <igor.v.tsimbalist@intel.com>
+
+ * config/i386/linux-unwind.h: Include
+ config/i386/shadow-stack-unwind.h.
+ * config/i386/shadow-stack-unwind.h: New file.
+ * unwind-dw2.c: (uw_install_context): Add a frame parameter and
+ pass it to _Unwind_Frames_Extra.
+ * unwind-generic.h (_Unwind_Frames_Extra): New.
+ * unwind.inc (_Unwind_RaiseException_Phase2): Add frames_p
+ parameter. Add local variable frames to count number of frames.
+ (_Unwind_ForcedUnwind_Phase2): Likewise.
+ (_Unwind_RaiseException): Add local variable frames to count
+ number of frames, pass it to _Unwind_RaiseException_Phase2 and
+ uw_install_context.
+ (_Unwind_ForcedUnwind): Likewise.
+ (_Unwind_Resume): Likewise.
+ (_Unwind_Resume_or_Rethrow): Likewise.
+
2017-11-17 Igor Tsimbalist <igor.v.tsimbalist@intel.com>
* Makefile.in (configure_deps): Add $(srcdir)/../config/cet.m4.
see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
<http://www.gnu.org/licenses/>. */
+/* Unwind shadow stack for -fcf-protection -mshstk. */
+#if defined __SHSTK__ && defined __CET__
+# include "config/i386/shadow-stack-unwind.h"
+#endif
+
/* Do code reading to identify a signal frame, and set the frame
state data appropriately. See unwind-dw2.c for the structs.
Don't use this at all if inhibit_libc is used. */
--- /dev/null
+/* _Unwind_Frames_Extra with shadow stack for x86-64 and x86.
+ Copyright (C) 2017 Free Software Foundation, Inc.
+
+This file is part of GCC.
+
+GCC is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 3, or (at your option)
+any later version.
+
+GCC is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU General Public License for more details.
+
+Under Section 7 of GPL version 3, you are granted additional
+permissions described in the GCC Runtime Library Exception, version
+3.1, as published by the Free Software Foundation.
+
+You should have received a copy of the GNU General Public License and
+a copy of the GCC Runtime Library Exception along with this program;
+see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
+<http://www.gnu.org/licenses/>. */
+
+#ifdef __x86_64__
+# define incssp(x) __builtin_ia32_incsspq ((x))
+# define rdssp(x) __builtin_ia32_rdsspq (x)
+#else
+# define incssp(x) __builtin_ia32_incsspd ((x))
+# define rdssp(x) __builtin_ia32_rdsspd (x)
+#endif
+
+/* Unwind the shadow stack for EH. */
+#undef _Unwind_Frames_Extra
+#define _Unwind_Frames_Extra(x) \
+ do \
+ { \
+ unsigned long ssp = 0; \
+ ssp = rdssp (ssp); \
+ if (ssp != 0) \
+ { \
+ unsigned long tmp = (x); \
+ while (tmp > 255) \
+ { \
+ incssp (tmp); \
+ tmp -= 255; \
+ } \
+ incssp (tmp); \
+ } \
+ } \
+ while (0)
/* Install TARGET into CURRENT so that we can return to it. This is a
macro because __builtin_eh_return must be invoked in the context of
- our caller. */
+ our caller. FRAMES is a number of frames to be unwind.
+ _Unwind_Frames_Extra is a macro to do additional work during unwinding
+ if needed, for example shadow stack pointer adjustment for Intel CET
+ technology. */
-#define uw_install_context(CURRENT, TARGET) \
+#define uw_install_context(CURRENT, TARGET, FRAMES) \
do \
{ \
long offset = uw_install_context_1 ((CURRENT), (TARGET)); \
void *handler = uw_frob_return_addr ((CURRENT), (TARGET)); \
_Unwind_DebugHook ((TARGET)->cfa, handler); \
+ _Unwind_Frames_Extra (FRAMES); \
__builtin_eh_return (offset, handler); \
} \
while (0)
#pragma GCC visibility pop
#endif
+/* Additional actions to unwind number of stack frames. */
+#define _Unwind_Frames_Extra(frames)
+
#endif /* unwind.h */
static _Unwind_Reason_Code
_Unwind_RaiseException_Phase2(struct _Unwind_Exception *exc,
- struct _Unwind_Context *context)
+ struct _Unwind_Context *context,
+ unsigned long *frames_p)
{
_Unwind_Reason_Code code;
+ unsigned long frames = 1;
while (1)
{
gcc_assert (!match_handler);
uw_update_context (context, &fs);
+ frames++;
}
+ *frames_p = frames;
return code;
}
{
struct _Unwind_Context this_context, cur_context;
_Unwind_Reason_Code code;
+ unsigned long frames;
/* Set up this_context to describe the current stack frame. */
uw_init_context (&this_context);
exc->private_2 = uw_identify_context (&cur_context);
cur_context = this_context;
- code = _Unwind_RaiseException_Phase2 (exc, &cur_context);
+ code = _Unwind_RaiseException_Phase2 (exc, &cur_context, &frames);
if (code != _URC_INSTALL_CONTEXT)
return code;
- uw_install_context (&this_context, &cur_context);
+ uw_install_context (&this_context, &cur_context, frames);
}
static _Unwind_Reason_Code
_Unwind_ForcedUnwind_Phase2 (struct _Unwind_Exception *exc,
- struct _Unwind_Context *context)
+ struct _Unwind_Context *context,
+ unsigned long *frames_p)
{
_Unwind_Stop_Fn stop = (_Unwind_Stop_Fn) (_Unwind_Ptr) exc->private_1;
void *stop_argument = (void *) (_Unwind_Ptr) exc->private_2;
_Unwind_Reason_Code code, stop_code;
+ unsigned long frames = 1;
while (1)
{
/* Update cur_context to describe the same frame as fs, and discard
the previous context if necessary. */
uw_advance_context (context, &fs);
+ frames++;
}
+ *frames_p = frames;
return code;
}
{
struct _Unwind_Context this_context, cur_context;
_Unwind_Reason_Code code;
+ unsigned long frames;
uw_init_context (&this_context);
cur_context = this_context;
exc->private_1 = (_Unwind_Ptr) stop;
exc->private_2 = (_Unwind_Ptr) stop_argument;
- code = _Unwind_ForcedUnwind_Phase2 (exc, &cur_context);
+ code = _Unwind_ForcedUnwind_Phase2 (exc, &cur_context, &frames);
if (code != _URC_INSTALL_CONTEXT)
return code;
- uw_install_context (&this_context, &cur_context);
+ uw_install_context (&this_context, &cur_context, frames);
}
{
struct _Unwind_Context this_context, cur_context;
_Unwind_Reason_Code code;
+ unsigned long frames;
uw_init_context (&this_context);
cur_context = this_context;
/* Choose between continuing to process _Unwind_RaiseException
or _Unwind_ForcedUnwind. */
if (exc->private_1 == 0)
- code = _Unwind_RaiseException_Phase2 (exc, &cur_context);
+ code = _Unwind_RaiseException_Phase2 (exc, &cur_context, &frames);
else
- code = _Unwind_ForcedUnwind_Phase2 (exc, &cur_context);
+ code = _Unwind_ForcedUnwind_Phase2 (exc, &cur_context, &frames);
gcc_assert (code == _URC_INSTALL_CONTEXT);
- uw_install_context (&this_context, &cur_context);
+ uw_install_context (&this_context, &cur_context, frames);
}
{
struct _Unwind_Context this_context, cur_context;
_Unwind_Reason_Code code;
+ unsigned long frames;
/* Choose between continuing to process _Unwind_RaiseException
or _Unwind_ForcedUnwind. */
uw_init_context (&this_context);
cur_context = this_context;
- code = _Unwind_ForcedUnwind_Phase2 (exc, &cur_context);
+ code = _Unwind_ForcedUnwind_Phase2 (exc, &cur_context, &frames);
gcc_assert (code == _URC_INSTALL_CONTEXT);
- uw_install_context (&this_context, &cur_context);
+ uw_install_context (&this_context, &cur_context, frames);
}
projects / thirdparty / gcc.git / commitdiff
