mirror of
https://github.com/bminor/binutils-gdb.git
synced 2025-12-08 08:33:13 +00:00
63b862be76
This patch adds the user mode register PL3_SSP which is part of the
Intel(R) Control-Flow Enforcement Technology (CET) feature for support
of shadow stack.
For now, only native and remote debugging support for shadow stack
userspace on amd64 linux are covered by this patch including 64 bit and
x32 support. 32 bit support is not covered due to missing Linux kernel
support.
This patch requires fixing the test gdb.base/inline-frame-cycle-unwind
which is failing in case the shadow stack pointer is unavailable.
Such a state is possible if shadow stack is disabled for the current thread
but supported by HW.
This test uses the Python unwinder inline-frame-cycle-unwind.py which fakes
the cyclic stack cycle by reading the pending frame's registers and adding
them to the unwinder:
~~~
for reg in pending_frame.architecture().registers("general"):
val = pending_frame.read_register(reg)
unwinder.add_saved_register(reg, val)
return unwinder
~~~
However, in case the python unwinder is used we add a register (pl3_ssp) that is
unavailable. This leads to a NOT_AVAILABLE_ERROR caught in
gdb/frame-unwind.c:frame_unwind_try_unwinder and it is continued with standard
unwinders. This destroys the faked cyclic behavior and the stack is
further unwinded after frame 5.
In the working scenario an error should be triggered:
~~~
bt
0 inline_func () at /tmp/gdb.base/inline-frame-cycle-unwind.c:49^M
1 normal_func () at /tmp/gdb.base/inline-frame-cycle-unwind.c:32^M
2 0x000055555555516e in inline_func () at /tmp/gdb.base/inline-frame-cycle-unwind.c:45^M
3 normal_func () at /tmp/gdb.base/inline-frame-cycle-unwind.c:32^M
4 0x000055555555516e in inline_func () at /tmp/gdb.base/inline-frame-cycle-unwind.c:45^M
5 normal_func () at /tmp/gdb.base/inline-frame-cycle-unwind.c:32^M
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) PASS: gdb.base/inline-frame-cycle-unwind.exp: cycle at level 5: backtrace when the unwind is broken at frame 5
~~~
To fix the Python unwinder, we simply skip the unavailable registers.
Also it makes the test gdb.dap/scopes.exp fail. The shadow stack feature is
disabled by default, so the pl3_ssp register which is added with my CET
shadow stack series will be shown as unavailable and we see a TCL error:
~~
>>> {"seq": 12, "type": "request", "command": "variables", "arguments": {"variablesReference": 2, "count": 85}}
Content-Length: 129^M
^M
{"request_seq": 12, "type": "response", "command": "variables", "success": false, "message": "value is not available", "seq": 25}FAIL: gdb.dap/scopes.exp: fetch all registers success
ERROR: tcl error sourcing /tmp/gdb/testsuite/gdb.dap/scopes.exp.
ERROR: tcl error code TCL LOOKUP DICT body
ERROR: key "body" not known in dictionary
while executing
"dict get $val body variables"
(file "/tmp/gdb/testsuite/gdb.dap/scopes.exp" line 152)
invoked from within
"source /tmp/gdb/testsuite/gdb.dap/scopes.exp"
("uplevel" body line 1)
invoked from within
"uplevel #0 source /tmp/gdb/testsuite/gdb.dap/scopes.exp"
invoked from within
"catch "uplevel #0 source $test_file_name" msg"
UNRESOLVED: gdb.dap/scopes.exp: testcase '/tmp/gdb/testsuite/gdb.dap/scopes.exp' aborted due to Tcl error
~~
I am fixing this by enabling the test for CET shadow stack, in case we
detect that the HW supports it:
~~~
# If x86 shadow stack is supported we need to configure GLIBC_TUNABLES
# such that the feature is enabled and the register pl3_ssp is
# available. Otherwise the reqeust to fetch all registers will fail
# with "message": "value is not available".
if { [allow_ssp_tests] } {
append_environment GLIBC_TUNABLES "glibc.cpu.hwcaps" "SHSTK"
}
~~~
Reviewed-by: Thiago Jung Bauermann <thiago.bauermann@linaro.org>
Reviewed-By: Eli Zaretskii <eliz@gnu.org>
Approved-By: Luis Machado <luis.machado@arm.com>
Approved-By: Andrew Burgess <aburgess@redhat.com>
188 lines
4.7 KiB
C
188 lines
4.7 KiB
C
/* Native-dependent code for GNU/Linux x86 (i386 and x86-64).
|
|
|
|
Copyright (C) 1999-2025 Free Software Foundation, Inc.
|
|
|
|
This file is part of GDB.
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>. */
|
|
|
|
#include "elf/common.h"
|
|
#include "gdbsupport/common-defs.h"
|
|
#include "nat/gdb_ptrace.h"
|
|
#include "nat/linux-ptrace.h"
|
|
#include "nat/x86-cpuid.h"
|
|
#include <sys/uio.h>
|
|
#include "x86-linux.h"
|
|
#include "x86-linux-dregs.h"
|
|
#include "nat/gdb_ptrace.h"
|
|
#include <sys/user.h>
|
|
|
|
/* Per-thread arch-specific data we want to keep. */
|
|
|
|
struct arch_lwp_info
|
|
{
|
|
/* Non-zero if our copy differs from what's recorded in the
|
|
thread. */
|
|
int debug_registers_changed;
|
|
};
|
|
|
|
/* See nat/x86-linux.h. */
|
|
|
|
void
|
|
lwp_set_debug_registers_changed (struct lwp_info *lwp, int value)
|
|
{
|
|
if (lwp_arch_private_info (lwp) == NULL)
|
|
lwp_set_arch_private_info (lwp, XCNEW (struct arch_lwp_info));
|
|
|
|
lwp_arch_private_info (lwp)->debug_registers_changed = value;
|
|
}
|
|
|
|
/* See nat/x86-linux.h. */
|
|
|
|
int
|
|
lwp_debug_registers_changed (struct lwp_info *lwp)
|
|
{
|
|
struct arch_lwp_info *info = lwp_arch_private_info (lwp);
|
|
|
|
/* NULL means either that this is the main thread still going
|
|
through the shell, or that no watchpoint has been set yet.
|
|
The debug registers are unchanged in either case. */
|
|
if (info == NULL)
|
|
return 0;
|
|
|
|
return info->debug_registers_changed;
|
|
}
|
|
|
|
/* See nat/x86-linux.h. */
|
|
|
|
void
|
|
x86_linux_new_thread (struct lwp_info *lwp)
|
|
{
|
|
lwp_set_debug_registers_changed (lwp, 1);
|
|
}
|
|
|
|
/* See nat/x86-linux.h. */
|
|
|
|
void
|
|
x86_linux_delete_thread (struct arch_lwp_info *arch_lwp)
|
|
{
|
|
xfree (arch_lwp);
|
|
}
|
|
|
|
/* See nat/x86-linux.h. */
|
|
|
|
void
|
|
x86_linux_prepare_to_resume (struct lwp_info *lwp)
|
|
{
|
|
x86_linux_update_debug_registers (lwp);
|
|
}
|
|
|
|
#ifdef __x86_64__
|
|
/* Value of CS segment register:
|
|
64bit process: 0x33
|
|
32bit process: 0x23 */
|
|
#define AMD64_LINUX_USER64_CS 0x33
|
|
|
|
/* Value of DS segment register:
|
|
LP64 process: 0x0
|
|
X32 process: 0x2b */
|
|
#define AMD64_LINUX_X32_DS 0x2b
|
|
#endif
|
|
|
|
/* See nat/x86-linux.h. */
|
|
|
|
x86_linux_arch_size
|
|
x86_linux_ptrace_get_arch_size (int tid)
|
|
{
|
|
#ifdef __x86_64__
|
|
unsigned long cs;
|
|
unsigned long ds;
|
|
|
|
/* Get CS register. */
|
|
errno = 0;
|
|
cs = ptrace (PTRACE_PEEKUSER, tid,
|
|
offsetof (struct user_regs_struct, cs), 0);
|
|
if (errno != 0)
|
|
perror_with_name (_("Couldn't get CS register"));
|
|
|
|
bool is_64bit = cs == AMD64_LINUX_USER64_CS;
|
|
|
|
/* Get DS register. */
|
|
errno = 0;
|
|
ds = ptrace (PTRACE_PEEKUSER, tid,
|
|
offsetof (struct user_regs_struct, ds), 0);
|
|
if (errno != 0)
|
|
perror_with_name (_("Couldn't get DS register"));
|
|
|
|
bool is_x32 = ds == AMD64_LINUX_X32_DS;
|
|
|
|
return x86_linux_arch_size (is_64bit, is_x32);
|
|
#else
|
|
return x86_linux_arch_size (false, false);
|
|
#endif
|
|
}
|
|
|
|
/* See nat/x86-linux.h. */
|
|
|
|
bool
|
|
x86_check_ssp_support (const int tid)
|
|
{
|
|
/* It's not enough to check shadow stack support with the ptrace call
|
|
below only, as we cannot distinguish between shadow stack not enabled
|
|
for the current thread and shadow stack is not supported by HW. In
|
|
both scenarios the ptrace call fails with ENODEV. In case shadow
|
|
stack is not enabled for the current thread, we still want to return
|
|
true. */
|
|
unsigned int eax, ebx, ecx, edx;
|
|
eax = ebx = ecx = edx = 0;
|
|
|
|
if (!__get_cpuid_count (7, 0, &eax, &ebx, &ecx, &edx))
|
|
return false;
|
|
|
|
if ((ecx & bit_SHSTK) == 0)
|
|
return false;
|
|
|
|
/* Further check for NT_X86_SHSTK kernel support. */
|
|
uint64_t ssp;
|
|
iovec iov {&ssp, sizeof (ssp) };
|
|
|
|
errno = 0;
|
|
int res = ptrace (PTRACE_GETREGSET, tid, NT_X86_SHSTK, &iov);
|
|
if (res < 0)
|
|
{
|
|
if (errno == EINVAL)
|
|
{
|
|
/* The errno EINVAL for a PTRACE_GETREGSET call indicates that
|
|
kernel support is not available. */
|
|
return false;
|
|
}
|
|
else if (errno == ENODEV)
|
|
{
|
|
/* At this point, since we already checked CPUID, the errno
|
|
ENODEV for a PTRACE_GETREGSET call indicates that shadow
|
|
stack is not enabled for the current thread. As it could be
|
|
enabled later, we still want to return true here. */
|
|
return true;
|
|
}
|
|
else
|
|
{
|
|
warning (_("Unknown ptrace error for NT_X86_SHSTK: %s"),
|
|
safe_strerror (errno));
|
|
return false;
|
|
}
|
|
}
|
|
|
|
return true;
|
|
}
|