[Bug libgcc/85334] Shadow stack isn't unwound properly through signal handler

Mon Feb 10 16:13:00 GMT 2020

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85334

--- Comment #11 from CVS Commits <cvs-commit at gcc dot gnu.org> ---
The releases/gcc-9 branch has been updated by H.J. Lu <hjl@gcc.gnu.org>:

https://gcc.gnu.org/g:3fde3398341ba900ed2e1eaecf00799fda66686a

commit r9-8208-g3fde3398341ba900ed2e1eaecf00799fda66686a
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Mon Feb 10 07:58:45 2020 -0800

    i386: Properly pop restore token in signal frame

    Linux CET kernel places a restore token on shadow stack for signal
    handler to enhance security.  The restore token is 8 byte and aligned
    to 8 bytes.  It is usually transparent to user programs since kernel
    will pop the restore token when signal handler returns.  But when an
    exception is thrown from a signal handler, now we need to pop the
    restore token from shadow stack.  For x86-64, we just need to treat
    the signal frame as normal frame.  For i386, we need to search for
    the restore token to check if the original shadow stack is 8 byte
    aligned.  If the original shadow stack is 8 byte aligned, we just
    need to pop 2 slots, one restore token, from shadow stack.  Otherwise,
    we need to pop 3 slots, one restore token + 4 byte padding, from
    shadow stack.

    This patch also includes 2 tests, one has a restore token with 4 byte
    padding and one without.

    Tested on Linux/x86-64 CET machine with and without -m32.

    libgcc/

        Backport from mainline
        PR libgcc/85334
        * config/i386/shadow-stack-unwind.h (_Unwind_Frames_Increment):
        New.

    gcc/testsuite/

        Backport from mainline
        PR libgcc/85334
        * g++.target/i386/pr85334-1.C: New test.
        * g++.target/i386/pr85334-2.C: Likewise.

    (cherry picked from commit bf6465d0461234ccd45ae34d5e2375a0bee0081d)