From patchwork Sun Jun 22 01:18:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thiago Jung Bauermann X-Patchwork-Id: 899055 Delivered-To: patch@linaro.org Received: by 2002:adf:e506:0:b0:3a6:d909:26ce with SMTP id j6csp359413wrm; Sat, 21 Jun 2025 20:11:41 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVXh8kDyTIAGVJh36if7qofE+5gLOdGnFtisq63LIna3f4mjBQ7sPyU32bVs6CrOL63qOT+Lw==@linaro.org X-Google-Smtp-Source: AGHT+IHa5pvpc+b5zq66MpO3i6r113ZtFkMEYmdmPBHooUln05GeHOkvEU2eje4GF+rSGFBHy49L X-Received: by 2002:a05:622a:1826:b0:4a7:14c4:2385 with SMTP id d75a77b69052e-4a77a278f91mr101494131cf.42.1750561900750; Sat, 21 Jun 2025 20:11:40 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1750561900; cv=pass; d=google.com; s=arc-20240605; b=kr6bgQGp4um8BHpUPqSkv5BupqRHD9zB1MEkC+oNt1I4dFvetCNMwan8z1cR0nl17m 2rPJBmJCwTGpdNsG7GR61lIWQHQlyX1oCkxlNNE9FNsPpkPUOzn5SKN3OqIcCaqnb1aP BTQYUfdBBhIZPcsv5LTpyZvv0khddU3mesdTeCgb+6X2oQIn/u+fmlbaUvoh12uJwQCs wS0J1Z2bhZatfjAdHzNhMavkHT8t+J1Q3/br1S7sFBbd2H+P8Lt3vSRKCxyArnLxVwsx b7eK3F3s2/BpLX/rc04FPFxUDlZtiYttr3iFyQHWu2TEvbC6AvK0eSxmvgyXe0QseM8a BdfQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature:dkim-filter:arc-filter:dmarc-filter :delivered-to:dkim-filter; bh=heJraxPPQcX8gQPtjSGrKEPiK7ZZx0Qs98Fe1wvX9jI=; fh=v0Swrqm/HGzmFfs2Lyn4KGEK39u4NVWMm4qGXeDZh/s=; b=cCjnQ3g9a7Lk2BPFqRWDSJsBTIwxvmAP7jREu1r/3EK5KU5J1ur+L2pxlkfGVnC1G5 lf4jiqt4rSd4gUwfX7VxEPBh9T+E+OGazmHOhNJDkRtV5m+6mRaQK52rr/xum4RLarSw WtEMi8itWVE2gYdQph+UGOvcb2UiC+RsPmi745RbAzESp8bi1xdSCSBVvRiip5LiOTQ6 JTUHZQLnMBlP4OKD/yc3KibDLrId4P2QvjGzCxj8ps7+O//Kg2+FWCnXf55I3wGzgQP1 Qm5nRcy/pNIMLrQaqp1g1JV4GiUofrULIizwQt2o/BEIvunzp0/JgjOsvEpBeJqO5wGo TWVQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JBHYVL5J; arc=pass (i=1); spf=pass (google.com: domain of gdb-patches-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="gdb-patches-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from server2.sourceware.org (server2.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id d75a77b69052e-4a7807bc452si39205141cf.265.2025.06.21.20.11.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 21 Jun 2025 20:11:40 -0700 (PDT) Received-SPF: pass (google.com: domain of gdb-patches-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=JBHYVL5J; arc=pass (i=1); spf=pass (google.com: domain of gdb-patches-bounces~patch=linaro.org@sourceware.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="gdb-patches-bounces~patch=linaro.org@sourceware.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C040C39A57EC for ; Sun, 22 Jun 2025 02:33:20 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C040C39A57EC Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=JBHYVL5J X-Original-To: gdb-patches@sourceware.org Delivered-To: gdb-patches@sourceware.org Received: from mail-pl1-x630.google.com (mail-pl1-x630.google.com [IPv6:2607:f8b0:4864:20::630]) by sourceware.org (Postfix) with ESMTPS id DE30B3820433 for ; Sun, 22 Jun 2025 01:18:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org DE30B3820433 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org DE30B3820433 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::630 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1750555101; cv=none; b=Ab8fDAdbO6VFdVh4hAK7QJHesJx8GD2jSkSI4MQfQVqWT8nV7sGGXa3wTaBxHDuZa+patOXc703jf504OTnqXHty9E1RwQhYzE/nkDdx8azF0lvhyso6qinaCMPAGDWnmsw3pRh5ygYmC3MobaAUqRHWEQN9zlOmQ4KYIZVEoKg= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1750555101; c=relaxed/simple; bh=VxKAbPKnlVNZotmMZTer472JCvUF8Vm/7xjEKWtRM7M=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=Q1DFCWu5sKhMHu6Ysn5PUCfp1gZrsg3sw3OsfBt/6qwasLAoGr8N2GzeycZifnOgeMIOMwZYmXKYBl6fIH5w7q9BdQ+3aeciF+F6ZAoWf3NmLBo5nhQKMAqsmij+7tQ8z8CHuAkTzQ+oLzB7LQh62lna4kH4/ZYvot2iPa1fu0M= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DE30B3820433 Received: by mail-pl1-x630.google.com with SMTP id d9443c01a7336-234d366e5f2so40664625ad.1 for ; Sat, 21 Jun 2025 18:18:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1750555100; x=1751159900; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=heJraxPPQcX8gQPtjSGrKEPiK7ZZx0Qs98Fe1wvX9jI=; b=JBHYVL5JjU14pt8lo1rJs7M2WDqkR9QJOsrUGP4Qiqf7WXTHlxrKzB6Y+TruilGeqD fXL2SiRhuVFkUKYRvrNlmq0wIymdrYsMnVrlUQ2of66J+xBFE3xaa7jGTeQi2LRjpAnZ 4LJP0X2CwsskYgXJwYHnQA2hvE9GHWPC/nMy7YOtEh4VG3PN6ZAq4ssqpIil8AlLsuY1 YuEpsRrY1AM1j0c71o7rRLA7e9wOjFO4ffDStV4J7ZixaG5gv49KPU77z3F5w4Q4KyLC yorkzE/p+RllGVloNlBnawPo1scCZK6IGy4S1Ck4wzqGk6ox1t818ozz2nLpKIpuMORX fqHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750555100; x=1751159900; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=heJraxPPQcX8gQPtjSGrKEPiK7ZZx0Qs98Fe1wvX9jI=; b=SPCSDwjbqi5DiuQ22w7WVPrXsB8LQi3Chmh2+eUoiIojmeupxrLE7iInIptgkidDZ2 qXgO7B7EP8KoymCuX4rHF+TvigWUH+CeU5RpMmqstS5SLZ0D6XyA5PR+Zuva8KCXabwg PlmXyIDvgPbgz0g/eMEr4udeVlPw4R3akRs4tTObKzsbAemZJng2qqSe8YsZQrct9Ixd UexA1moJ9BPxk0kmYJM6uCCzkEwFV5Xmn3enEUeFRJdnXU8xbN3wk8D9aj9yDCCrfMBR uC9voN8ikmR5cnnfGRqMEC+tFnJiZ2KXYnHAIwOzkEXTc3HPbkSOcPMDdsVf6M1jGkVW mICg== X-Gm-Message-State: AOJu0YxIYGIqNImAblNgzPUXuzA263d50YPDMbhtqw0Lbgkg2R9Gl0dY T/DQNgxBR9ETMsyBzZHs8OMuWAnIfK5yWBzAplleGDs4O3VA8eMnDRpcAGEglZ/AqfvRw2xrV00 bt9/O X-Gm-Gg: ASbGncvzFRpLdMQyouV4Zg9sQbtI9WsIvA7J9jJOCMz96BvuxCXyM1do7c+nV97jon7 FswM6n0yEAIsJV3Bf8dFiwUS+TDZbtglFUVXPXC4c1PIzt5Fv5GadjDf4u9FIfZkoUGzQvZ22Uj ix9fwd6S9rRUzw9Rn6fRAYcz87ViK96Nt6WQtm5h1nfiKnKvULncDu8ukMstztp0zD25K6T9D/J DKmGMjZPezPN6cj/HsfexXSp7F6WpboKBS/3ixOK0GpJqqPsJUPi0XKqrcG4Z0nX+WY9mvCqovo rQ7rXRRx6CHJmmtctfT30hpQKAvBBgYfPAJE/O4en3GPeCG4vYz3Yo7tgX9WiRW4adr+AuQ6 X-Received: by 2002:a17:903:40ca:b0:235:f4f7:a633 with SMTP id d9443c01a7336-237d9917e38mr126995155ad.28.1750555099739; Sat, 21 Jun 2025 18:18:19 -0700 (PDT) Received: from localhost ([2804:14d:7e39:88d6:79ae:7a30:10f3:dfed]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-237d83cddb0sm50055265ad.58.2025.06.21.18.18.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 21 Jun 2025 18:18:19 -0700 (PDT) From: Thiago Jung Bauermann To: gdb-patches@sourceware.org Cc: Eli Zaretskii , "Schimpe, Christina" , Luis Machado Subject: [PATCH v3 2/9] gdb, gdbarch: Enable inferior calls for shadow stack support. Date: Sat, 21 Jun 2025 22:18:04 -0300 Message-ID: <20250622011811.371949-3-thiago.bauermann@linaro.org> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250622011811.371949-1-thiago.bauermann@linaro.org> References: <20250622011811.371949-1-thiago.bauermann@linaro.org> MIME-Version: 1.0 X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces~patch=linaro.org@sourceware.org From: Christina Schimpe Inferior calls in GDB reset the current PC to the beginning of the function that is called. As no call instruction is executed the new return address needs to be pushed to the shadow stack and the shadow stack pointer needs to be updated. This commit adds a new gdbarch method to push an address on the shadow stack. The method is used to adapt the function 'call_function_by_hand_dummy' for inferior call shadow stack support. Reviewed-by: Thiago Jung Bauermann --- This is exactly: [PATCH v4 08/11] gdb, gdbarch: Enable inferior calls for shadow stack support. https://inbox.sourceware.org/gdb-patches/20250617121147.1956686-9-christina.schimpe@intel.com/ gdb/gdbarch-gen.c | 32 ++++++++++++++++++++++++++++++++ gdb/gdbarch-gen.h | 14 ++++++++++++++ gdb/gdbarch_components.py | 16 ++++++++++++++++ gdb/infcall.c | 14 ++++++++++---- 4 files changed, 72 insertions(+), 4 deletions(-) diff --git a/gdb/gdbarch-gen.c b/gdb/gdbarch-gen.c index 32d16598940b..3ca19c427a31 100644 --- a/gdb/gdbarch-gen.c +++ b/gdb/gdbarch-gen.c @@ -262,6 +262,7 @@ struct gdbarch gdbarch_read_core_file_mappings_ftype *read_core_file_mappings = default_read_core_file_mappings; gdbarch_use_target_description_from_corefile_notes_ftype *use_target_description_from_corefile_notes = default_use_target_description_from_corefile_notes; gdbarch_core_parse_exec_context_ftype *core_parse_exec_context = default_core_parse_exec_context; + gdbarch_shadow_stack_push_ftype *shadow_stack_push = nullptr; }; /* Create a new ``struct gdbarch'' based on information provided by @@ -535,6 +536,7 @@ verify_gdbarch (struct gdbarch *gdbarch) /* Skip verify of read_core_file_mappings, invalid_p == 0. */ /* Skip verify of use_target_description_from_corefile_notes, invalid_p == 0. */ /* Skip verify of core_parse_exec_context, invalid_p == 0. */ + /* Skip verify of shadow_stack_push, has predicate. */ if (!log.empty ()) internal_error (_("verify_gdbarch: the following are invalid ...%s"), log.c_str ()); @@ -1406,6 +1408,12 @@ gdbarch_dump (struct gdbarch *gdbarch, struct ui_file *file) gdb_printf (file, "gdbarch_dump: core_parse_exec_context = <%s>\n", host_address_to_string (gdbarch->core_parse_exec_context)); + gdb_printf (file, + "gdbarch_dump: gdbarch_shadow_stack_push_p() = %d\n", + gdbarch_shadow_stack_push_p (gdbarch)); + gdb_printf (file, + "gdbarch_dump: shadow_stack_push = <%s>\n", + host_address_to_string (gdbarch->shadow_stack_push)); if (gdbarch->dump_tdep != NULL) gdbarch->dump_tdep (gdbarch, file); } @@ -5551,3 +5559,27 @@ set_gdbarch_core_parse_exec_context (struct gdbarch *gdbarch, { gdbarch->core_parse_exec_context = core_parse_exec_context; } + +bool +gdbarch_shadow_stack_push_p (struct gdbarch *gdbarch) +{ + gdb_assert (gdbarch != NULL); + return gdbarch->shadow_stack_push != NULL; +} + +void +gdbarch_shadow_stack_push (struct gdbarch *gdbarch, CORE_ADDR new_addr, regcache *regcache) +{ + gdb_assert (gdbarch != NULL); + gdb_assert (gdbarch->shadow_stack_push != NULL); + if (gdbarch_debug >= 2) + gdb_printf (gdb_stdlog, "gdbarch_shadow_stack_push called\n"); + gdbarch->shadow_stack_push (gdbarch, new_addr, regcache); +} + +void +set_gdbarch_shadow_stack_push (struct gdbarch *gdbarch, + gdbarch_shadow_stack_push_ftype shadow_stack_push) +{ + gdbarch->shadow_stack_push = shadow_stack_push; +} diff --git a/gdb/gdbarch-gen.h b/gdb/gdbarch-gen.h index 313a8f198fdb..c276cd66d716 100644 --- a/gdb/gdbarch-gen.h +++ b/gdb/gdbarch-gen.h @@ -1801,3 +1801,17 @@ extern void set_gdbarch_use_target_description_from_corefile_notes (struct gdbar typedef core_file_exec_context (gdbarch_core_parse_exec_context_ftype) (struct gdbarch *gdbarch, bfd *cbfd); extern core_file_exec_context gdbarch_core_parse_exec_context (struct gdbarch *gdbarch, bfd *cbfd); extern void set_gdbarch_core_parse_exec_context (struct gdbarch *gdbarch, gdbarch_core_parse_exec_context_ftype *core_parse_exec_context); + +/* Some targets support special hardware-assisted control-flow protection + technologies. For example, the Intel Control-Flow Enforcement Technology + (Intel CET) on x86 provides a shadow stack and indirect branch tracking. + To enable inferior calls the function shadow_stack_push has to be provided. + + Push the address NEW_ADDR on the shadow stack and update the shadow stack + pointer. */ + +extern bool gdbarch_shadow_stack_push_p (struct gdbarch *gdbarch); + +typedef void (gdbarch_shadow_stack_push_ftype) (struct gdbarch *gdbarch, CORE_ADDR new_addr, regcache *regcache); +extern void gdbarch_shadow_stack_push (struct gdbarch *gdbarch, CORE_ADDR new_addr, regcache *regcache); +extern void set_gdbarch_shadow_stack_push (struct gdbarch *gdbarch, gdbarch_shadow_stack_push_ftype *shadow_stack_push); diff --git a/gdb/gdbarch_components.py b/gdb/gdbarch_components.py index ec09d9550889..ab685b14ec7d 100644 --- a/gdb/gdbarch_components.py +++ b/gdb/gdbarch_components.py @@ -2848,3 +2848,19 @@ which all assume current_inferior() is the one to read from. predefault="default_core_parse_exec_context", invalid=False, ) + +Method( + comment=""" +Some targets support special hardware-assisted control-flow protection +technologies. For example, the Intel Control-Flow Enforcement Technology +(Intel CET) on x86 provides a shadow stack and indirect branch tracking. +To enable inferior calls the function shadow_stack_push has to be provided. + +Push the address NEW_ADDR on the shadow stack and update the shadow stack +pointer. +""", + type="void", + name="shadow_stack_push", + params=[("CORE_ADDR", "new_addr"), ("regcache *", "regcache")], + predicate=True, +) diff --git a/gdb/infcall.c b/gdb/infcall.c index 098072dfd2aa..a1c80c812380 100644 --- a/gdb/infcall.c +++ b/gdb/infcall.c @@ -1448,10 +1448,16 @@ call_function_by_hand_dummy (struct value *function, /* Create the dummy stack frame. Pass in the call dummy address as, presumably, the ABI code knows where, in the call dummy, the return address should be pointed. */ - sp = gdbarch_push_dummy_call (gdbarch, function, - get_thread_regcache (inferior_thread ()), - bp_addr, args.size (), args.data (), - sp, return_method, struct_addr); + regcache *regcache = get_thread_regcache (inferior_thread ()); + sp = gdbarch_push_dummy_call (gdbarch, function, regcache, bp_addr, + args.size (), args.data (), sp, + return_method, struct_addr); + + /* Push the return address of the inferior (bp_addr) on the shadow stack + and update the shadow stack pointer. As we don't execute a call + instruction to start the inferior we need to handle this manually. */ + if (gdbarch_shadow_stack_push_p (gdbarch)) + gdbarch_shadow_stack_push (gdbarch, bp_addr, regcache); /* Set up a frame ID for the dummy frame so we can pass it to set_momentary_breakpoint. We need to give the breakpoint a frame