| 1 | /* Save current context and install the given one. |
|---|
| 2 | Copyright (C) 2001-2022 Free Software Foundation, Inc. |
|---|
| 3 | This file is part of the GNU C Library. |
|---|
| 4 | |
|---|
| 5 | The GNU C Library is free software; you can redistribute it and/or |
|---|
| 6 | modify it under the terms of the GNU Lesser General Public |
|---|
| 7 | License as published by the Free Software Foundation; either |
|---|
| 8 | version 2.1 of the License, or (at your option) any later version. |
|---|
| 9 | |
|---|
| 10 | The GNU C Library is distributed in the hope that it will be useful, |
|---|
| 11 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| 12 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
|---|
| 13 | Lesser General Public License for more details. |
|---|
| 14 | |
|---|
| 15 | You should have received a copy of the GNU Lesser General Public |
|---|
| 16 | License along with the GNU C Library; if not, see |
|---|
| 17 | <https://www.gnu.org/licenses/>. */ |
|---|
| 18 | |
|---|
| 19 | #include <sysdep.h> |
|---|
| 20 | #include <asm/prctl.h> |
|---|
| 21 | |
|---|
| 22 | #include "ucontext_i.h" |
|---|
| 23 | |
|---|
| 24 | |
|---|
| 25 | ENTRY(__swapcontext) |
|---|
| 26 | /* Load address of the context data structure we save in. */ |
|---|
| 27 | movl 4(%esp), %eax |
|---|
| 28 | |
|---|
| 29 | /* Save the preserved register values and the return address. */ |
|---|
| 30 | movl %edi, oEDI(%eax) |
|---|
| 31 | movl %esi, oESI(%eax) |
|---|
| 32 | movl %ebp, oEBP(%eax) |
|---|
| 33 | movl (%esp), %ecx |
|---|
| 34 | movl %ecx, oEIP(%eax) |
|---|
| 35 | leal 4(%esp), %ecx |
|---|
| 36 | movl %ecx, oESP(%eax) |
|---|
| 37 | movl %ebx, oEBX(%eax) |
|---|
| 38 | |
|---|
| 39 | /* Save the FS segment register. */ |
|---|
| 40 | xorl %edx, %edx |
|---|
| 41 | movw %fs, %dx |
|---|
| 42 | movl %edx, oFS(%eax) |
|---|
| 43 | |
|---|
| 44 | /* We have separate floating-point register content memory on the |
|---|
| 45 | stack. We use the __fpregs_mem block in the context. Set the |
|---|
| 46 | links up correctly. */ |
|---|
| 47 | leal oFPREGSMEM(%eax), %ecx |
|---|
| 48 | movl %ecx, oFPREGS(%eax) |
|---|
| 49 | /* Save the floating-point context. */ |
|---|
| 50 | fnstenv (%ecx) |
|---|
| 51 | |
|---|
| 52 | /* Load address of the context data structure we have to load. */ |
|---|
| 53 | movl 8(%esp), %ecx |
|---|
| 54 | |
|---|
| 55 | /* Save the current signal mask and install the new one. */ |
|---|
| 56 | pushl %ebx |
|---|
| 57 | leal oSIGMASK(%eax), %edx |
|---|
| 58 | leal oSIGMASK(%ecx), %ecx |
|---|
| 59 | movl $SIG_SETMASK, %ebx |
|---|
| 60 | movl $__NR_sigprocmask, %eax |
|---|
| 61 | ENTER_KERNEL |
|---|
| 62 | popl %ebx |
|---|
| 63 | cmpl $-4095, %eax /* Check %eax for error. */ |
|---|
| 64 | jae SYSCALL_ERROR_LABEL /* Jump to error handler if error. */ |
|---|
| 65 | |
|---|
| 66 | /* EAX was modified, reload it. */ |
|---|
| 67 | movl 8(%esp), %eax |
|---|
| 68 | |
|---|
| 69 | /* Restore the floating-point context. Not the registers, only the |
|---|
| 70 | rest. */ |
|---|
| 71 | movl oFPREGS(%eax), %ecx |
|---|
| 72 | fldenv (%ecx) |
|---|
| 73 | |
|---|
| 74 | /* Restore the FS segment register. We don't touch the GS register |
|---|
| 75 | since it is used for threads. */ |
|---|
| 76 | movl oFS(%eax), %edx |
|---|
| 77 | movw %dx, %fs |
|---|
| 78 | |
|---|
| 79 | #if SHSTK_ENABLED |
|---|
| 80 | /* Check if Shadow Stack is enabled. */ |
|---|
| 81 | testl $X86_FEATURE_1_SHSTK, %gs:FEATURE_1_OFFSET |
|---|
| 82 | jz L(no_shstk) |
|---|
| 83 | |
|---|
| 84 | xorl %eax, %eax |
|---|
| 85 | cmpl %gs:SSP_BASE_OFFSET, %eax |
|---|
| 86 | jnz L(shadow_stack_bound_recorded) |
|---|
| 87 | |
|---|
| 88 | /* Get the base address and size of the default shadow stack |
|---|
| 89 | which must be the current shadow stack since nothing has |
|---|
| 90 | been recorded yet. */ |
|---|
| 91 | sub $24, %esp |
|---|
| 92 | mov %esp, %ecx |
|---|
| 93 | movl $ARCH_CET_STATUS, %ebx |
|---|
| 94 | movl $__NR_arch_prctl, %eax |
|---|
| 95 | ENTER_KERNEL |
|---|
| 96 | testl %eax, %eax |
|---|
| 97 | jz L(continue_no_err) |
|---|
| 98 | |
|---|
| 99 | /* This should never happen. */ |
|---|
| 100 | hlt |
|---|
| 101 | |
|---|
| 102 | L(continue_no_err): |
|---|
| 103 | /* Record the base of the current shadow stack. */ |
|---|
| 104 | movl 8(%esp), %eax |
|---|
| 105 | movl %eax, %gs:SSP_BASE_OFFSET |
|---|
| 106 | add $24, %esp |
|---|
| 107 | |
|---|
| 108 | L(shadow_stack_bound_recorded): |
|---|
| 109 | /* Load address of the context data structure we save in. */ |
|---|
| 110 | movl 4(%esp), %eax |
|---|
| 111 | |
|---|
| 112 | /* Load address of the context data structure we swap in */ |
|---|
| 113 | movl 8(%esp), %edx |
|---|
| 114 | |
|---|
| 115 | /* If we unwind the stack, we can't undo stack unwinding. Just |
|---|
| 116 | save the target shadow stack pointer as the current shadow |
|---|
| 117 | stack pointer. */ |
|---|
| 118 | movl oSSP(%edx), %ecx |
|---|
| 119 | movl %ecx, oSSP(%eax) |
|---|
| 120 | |
|---|
| 121 | /* Save the current shadow stack base in ucontext. */ |
|---|
| 122 | movl %gs:SSP_BASE_OFFSET, %ecx |
|---|
| 123 | movl %ecx, (oSSP + 4)(%eax) |
|---|
| 124 | |
|---|
| 125 | /* If the base of the target shadow stack is the same as the |
|---|
| 126 | base of the current shadow stack, we unwind the shadow |
|---|
| 127 | stack. Otherwise it is a stack switch and we look for a |
|---|
| 128 | restore token. */ |
|---|
| 129 | movl oSSP(%edx), %esi |
|---|
| 130 | movl %esi, %edi |
|---|
| 131 | |
|---|
| 132 | /* Get the base of the target shadow stack. */ |
|---|
| 133 | movl (oSSP + 4)(%edx), %ecx |
|---|
| 134 | cmpl %gs:SSP_BASE_OFFSET, %ecx |
|---|
| 135 | je L(unwind_shadow_stack) |
|---|
| 136 | |
|---|
| 137 | /* Align the saved original shadow stack pointer to the next |
|---|
| 138 | 8 byte aligned boundary. */ |
|---|
| 139 | andl $-8, %esi |
|---|
| 140 | |
|---|
| 141 | L(find_restore_token_loop): |
|---|
| 142 | /* Look for a restore token. */ |
|---|
| 143 | movl -8(%esi), %ebx |
|---|
| 144 | andl $-8, %ebx |
|---|
| 145 | cmpl %esi, %ebx |
|---|
| 146 | je L(restore_shadow_stack) |
|---|
| 147 | |
|---|
| 148 | /* Try the next slot. */ |
|---|
| 149 | subl $8, %esi |
|---|
| 150 | jmp L(find_restore_token_loop) |
|---|
| 151 | |
|---|
| 152 | L(restore_shadow_stack): |
|---|
| 153 | /* The target shadow stack will be restored. Save the current |
|---|
| 154 | shadow stack pointer. */ |
|---|
| 155 | rdsspd %ecx |
|---|
| 156 | movl %ecx, oSSP(%eax) |
|---|
| 157 | |
|---|
| 158 | /* Use the restore stoken to restore the target shadow stack. */ |
|---|
| 159 | rstorssp -8(%esi) |
|---|
| 160 | |
|---|
| 161 | /* Save the restore token on the old shadow stack. NB: This |
|---|
| 162 | restore token may be checked by setcontext or swapcontext |
|---|
| 163 | later. */ |
|---|
| 164 | saveprevssp |
|---|
| 165 | |
|---|
| 166 | /* Record the new shadow stack base that was switched to. */ |
|---|
| 167 | movl (oSSP + 4)(%edx), %ebx |
|---|
| 168 | movl %ebx, %gs:SSP_BASE_OFFSET |
|---|
| 169 | |
|---|
| 170 | L(unwind_shadow_stack): |
|---|
| 171 | rdsspd %ebx |
|---|
| 172 | subl %edi, %ebx |
|---|
| 173 | je L(skip_unwind_shadow_stack) |
|---|
| 174 | negl %ebx |
|---|
| 175 | shrl $2, %ebx |
|---|
| 176 | movl $255, %esi |
|---|
| 177 | L(loop): |
|---|
| 178 | cmpl %esi, %ebx |
|---|
| 179 | cmovb %ebx, %esi |
|---|
| 180 | incsspd %esi |
|---|
| 181 | subl %esi, %ebx |
|---|
| 182 | ja L(loop) |
|---|
| 183 | |
|---|
| 184 | L(skip_unwind_shadow_stack): |
|---|
| 185 | |
|---|
| 186 | /* Load the new stack pointer. */ |
|---|
| 187 | movl oESP(%edx), %esp |
|---|
| 188 | |
|---|
| 189 | /* Load the values of all the preserved registers (except ESP). */ |
|---|
| 190 | movl oEDI(%edx), %edi |
|---|
| 191 | movl oESI(%edx), %esi |
|---|
| 192 | movl oEBP(%edx), %ebp |
|---|
| 193 | movl oEBX(%edx), %ebx |
|---|
| 194 | |
|---|
| 195 | /* Get the return address set with getcontext. */ |
|---|
| 196 | movl oEIP(%edx), %ecx |
|---|
| 197 | |
|---|
| 198 | /* Check if return address is valid for the case when setcontext |
|---|
| 199 | is invoked from L(exitcode) with linked context. */ |
|---|
| 200 | rdsspd %eax |
|---|
| 201 | cmpl (%eax), %ecx |
|---|
| 202 | /* Clear EAX to indicate success. NB: Don't use xorl to keep |
|---|
| 203 | EFLAGS for jne. */ |
|---|
| 204 | movl $0, %eax |
|---|
| 205 | jne L(jmp) |
|---|
| 206 | /* Return to the new context if return address valid. */ |
|---|
| 207 | pushl %ecx |
|---|
| 208 | ret |
|---|
| 209 | |
|---|
| 210 | L(jmp): |
|---|
| 211 | /* Jump to the new context directly. */ |
|---|
| 212 | jmp *%ecx |
|---|
| 213 | |
|---|
| 214 | L(no_shstk): |
|---|
| 215 | #endif |
|---|
| 216 | |
|---|
| 217 | /* Fetch the address to return to. */ |
|---|
| 218 | movl oEIP(%eax), %ecx |
|---|
| 219 | |
|---|
| 220 | /* Load the new stack pointer. */ |
|---|
| 221 | movl oESP(%eax), %esp |
|---|
| 222 | |
|---|
| 223 | /* Push the return address on the new stack so we can return there. */ |
|---|
| 224 | pushl %ecx |
|---|
| 225 | |
|---|
| 226 | /* Load the values of all the preserved registers (except ESP). */ |
|---|
| 227 | movl oEDI(%eax), %edi |
|---|
| 228 | movl oESI(%eax), %esi |
|---|
| 229 | movl oEBP(%eax), %ebp |
|---|
| 230 | movl oEBX(%eax), %ebx |
|---|
| 231 | |
|---|
| 232 | /* All done, return 0 for success. */ |
|---|
| 233 | xorl %eax, %eax |
|---|
| 234 | |
|---|
| 235 | /* The following 'ret' will pop the address of the code and jump |
|---|
| 236 | to it. */ |
|---|
| 237 | ret |
|---|
| 238 | PSEUDO_END(__swapcontext) |
|---|
| 239 | |
|---|
| 240 | weak_alias (__swapcontext, swapcontext) |
|---|
| 241 | |
|---|
