If shadow stack is enabled, when unwinding stack, we count how many stack
frames we pop to reach the landing pad and adjust shadow stack by the same
amount. When counting the stack frame, we compare the return address on
normal stack against the return address on shadow stack. If they don't
match, return _URC_FATAL_PHASE2_ERROR for the corrupted return address on
normal stack. Don't check the return address for
1. Non-catchable exception where exception_class == 0. Process will be
terminated.
2. Zero return address which marks the outermost stack frame.
3. Signal stack frame since kernel puts a restore token on shadow stack.
* unwind-generic.h (_Unwind_Frames_Increment): Add the EXC
argument.
* unwind.inc (_Unwind_RaiseException_Phase2): Pass EXC to
_Unwind_Frames_Increment.
(_Unwind_ForcedUnwind_Phase2): Likewise.
* config/i386/shadow-stack-unwind.h (_Unwind_Frames_Increment):
Take the EXC argument. Return _URC_FATAL_PHASE2_ERROR if the
return address on normal stack doesn't match the return address
on shadow stack.
At the end of the backtrace stream _Unwind_Find_FDE() may not be able
to find the frame unwind info and will later call the backtrace fallback
instead of finishing. This occurs when using an old libc on ppc64 due to
dl_iterate_phdr() not being able to set the fde in the last trace.
When this occurs the cfa of the trace will be behind of context's cfa.
Also, libgo’s probestackmaps() calls the backtrace with a null pointer
and can get to the backchain fallback with the same problem, in this case
we are only interested in find a stack map, we don't need nor can do a
backchain.
_Unwind_ForcedUnwind_Phase2() can hit the same issue as it uses
uw_frame_state_for(), so we need to treat _URC_NORMAL_STOP.
libgcc/ChangeLog:
PR libgcc/103044
* config/rs6000/linux-unwind.h (ppc_backchain_fallback): Check if it's
called with a null argument or at the end of the backtrace and return.
* unwind.inc (_Unwind_ForcedUnwind_Phase2): Treat _URC_NORMAL_STOP.
Without dwarf2 unwind tables available _Unwind_Backtrace() is not
able to return the full backtrace.
This patch adds a fallback function on powerpc to get the backtrace
by doing a backchain, this code was originally at glibc.
libgcc/ChangeLog:
* config/rs6000/linux-unwind.h (struct rt_sigframe): Move it to
outside of get_regs() in order to use it in another function, this
is done twice: for __powerpc64__ and for !__powerpc64__.
(struct trace_arg): New struct.
(struct layout): New struct.
(ppc_backchain_fallback): New function.
* unwind.inc (_Unwind_Backtrace): Look for _URC_NORMAL_STOP code
state and call MD_BACKCHAIN_FALLBACK.
gcc/testsuite/ChangeLog:
* gcc.target/powerpc/unwind-backchain.c: New test.
When -fcf-protection -mcet is used, I got
FAIL: g++.dg/eh/sighandle.C
(gdb) bt
#0 _Unwind_RaiseException (exc=exc@entry=0x416ed0)
at /export/gnu/import/git/sources/gcc/libgcc/unwind.inc:140
#1 0x00007ffff7d9936b in __cxxabiv1::__cxa_throw (obj=<optimized out>,
tinfo=0x403dd0 <typeinfo for int@@CXXABI_1.3>, dest=0x0)
at /export/gnu/import/git/sources/gcc/libstdc++-v3/libsupc++/eh_throw.cc:90
#2 0x0000000000401255 in sighandler (signo=11, si=0x7fffffffd6f8,
uc=0x7fffffffd5c0)
at /export/gnu/import/git/sources/gcc/gcc/testsuite/g++.dg/eh/sighandle.C:9
#3 <signal handler called> <<<< Signal frame which isn't on shadow stack
#4 dosegv ()
at /export/gnu/import/git/sources/gcc/gcc/testsuite/g++.dg/eh/sighandle.C:14
#5 0x00000000004012e3 in main ()
at /export/gnu/import/git/sources/gcc/gcc/testsuite/g++.dg/eh/sighandle.C:30
(gdb) p frames
$6 = 5
(gdb)
frame count should be 4, not 5. This patch skips signal frames when
unwinding shadow stack.
gcc/testsuite/
PR libgcc/85334
* g++.dg/torture/pr85334.C: New test.
libgcc/
PR libgcc/85334
* unwind-generic.h (_Unwind_Frames_Increment): New.
* config/i386/shadow-stack-unwind.h (_Unwind_Frames_Increment):
Likewise.
* unwind.inc (_Unwind_RaiseException_Phase2): Increment frame
count with _Unwind_Frames_Increment.
(_Unwind_ForcedUnwind_Phase2): Likewise.
From-SVN: r259502
Control-flow Enforcement Technology (CET), published by Intel,
introduces the Shadow Stack feature, which ensures a return from a
function is done to exactly the same location from where the function
was called. When EH is present the control-flow transfer may skip some
stack frames and the shadow stack has to be adjusted not to signal a
violation of a control-flow transfer. It's done by counting a number
of skiping frames and adjasting shadow stack pointer by this number.
Having new semantic of the 'ret' instruction if CET is supported in HW
the 'ret' instruction cannot be generated in ix86_expand_epilogue when
we are returning after EH is processed. Added a code in
ix86_expand_epilogue to adjust Shadow Stack pointer and to generate an
indirect jump instead of 'ret'. As sp register is used during this
adjustment thus the argument in pro_epilogue_adjust_stack is changed
to update cfa_reg based on whether control-flow instrumentation is set.
Without updating the cfa_reg field there is an assert later in dwarf2
pass related to mismatch the stack register and cfa_reg value.
gcc/
* config/i386/i386.c (ix86_expand_epilogue): Change simple
return to indirect jump for EH return if control-flow protection
is enabled. Change explicit 'false' argument in
pro_epilogue_adjust_stack with a value of flag_cf_protection.
* config/i386/i386.md (simple_return_indirect_internal): Remove
SImode restriction to support 64-bit.
libgcc/
* config/i386/linux-unwind.h: Include
config/i386/shadow-stack-unwind.h.
* config/i386/shadow-stack-unwind.h: New file.
* unwind-dw2.c: (uw_install_context): Add a frame parameter and
pass it to _Unwind_Frames_Extra.
* unwind-generic.h (_Unwind_Frames_Extra): New.
* unwind.inc (_Unwind_RaiseException_Phase2): Add frames_p
parameter. Add local variable frames to count number of frames.
(_Unwind_ForcedUnwind_Phase2): Likewise.
(_Unwind_RaiseException): Add local variable frames to count
number of frames, pass it to _Unwind_RaiseException_Phase2 and
uw_install_context.
(_Unwind_ForcedUnwind): Likewise.
(_Unwind_Resume): Likewise.
(_Unwind_Resume_or_Rethrow): Likewise.
From-SVN: r254876
