[PATCH] D105968: [libunwind][CET] Support exception handling stack unwind in CET environment

xiongji90 via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Wed Jul 14 01:47:25 PDT 2021 

xiongji90 created this revision.
xiongji90 added reviewers: hjl.tools, LuoYuanke.
Herald added subscribers: libcxx-commits, krytarowski, mgorny.
Herald added a project: libunwind.
Herald added a reviewer: libunwind.
xiongji90 requested review of this revision.
Herald added a project: LLVM.
Herald added a subscriber: llvm-commits.

Control-flow Enforcement Technology (CET), published by Intel, introduces shadow stack feature aiming to ensure a return from a function is directed to where the function was called.
In a CET enabled system, each function call will push return address into normal stack and shadow stack, when the function returns, the address stored in shadow stack will be popped and compared with the return address, program will fail if the 2 addresses don't match.
In exception handling, the control flow may skip some stack frames and we must adjust shadow stack to avoid violating CET restriction.
In order to achieve this, we count the number of stack frames skipped and adjust shadow stack by this number before jumping to landing pad.
We have run libcxx, libcxxabi, libunwind tests with this patch in a CET enabled Fedora34 system, no failed tests found.
To build an application with CET enabled. we need to ensure:

1. build the source code with "-fcf-protection=full"
2. all the libraries linked with .o files must be CET enabled too

To run libcxx and libcxxabi tests with libunwind in a CET enabled system, we built libc++ and libc++abi.so with "-fcf-protection". Another patch has been uploaded for review to enable building llvm toolchian with CET enabled: https://reviews.llvm.org/D105603  This patch is not enough to enable all components but it does build libcxx, libcxxabi with CET enabled.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D105968

Files:
  libunwind/CMakeLists.txt
  libunwind/src/CMakeLists.txt
  libunwind/src/Registers.hpp
  libunwind/src/UnwindLevel1.c
  libunwind/src/UnwindRegistersRestore.S
  libunwind/src/UnwindRegistersSave.S
  libunwind/src/assembly.h
  libunwind/src/cet_unwind.h
  libunwind/test/libunwind/test/config.py
  libunwind/test/lit.site.cfg.in

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D105968.358537.patch
Type: text/x-patch
Size: 13139 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20210714/8d26bd3b/attachment.bin>

More information about the llvm-commits mailing list