The AArch64 fcontext trampolines (jump_fcontext, make_fcontext, ontop_fcontext)
are indirect-entry-points. On BTI-enforcing systems they must begin with a BTI
or the first resume can trap with SIGILL.
Insert `bti c` (hint #34) at each entry under `__ARM_FEATURE_BTI_DEFAULT`, and
emit `GNU_PROPERTY_AARCH64_FEATURE_1_BTI` from each AArch64 assembly file so
linkers map the DSO with PROT_BTI without requiring -z force-bti.
Scope: ELF/GAS AArch64 trampolines only; +4 bytes per entry
Fixes#308
Also mark the non-mangled fcontext asm function symbols
as hidden visibility
These functions should not be exported as dynamic
symbols by boost, only the namespaced C++ symbols
introduced by this patch should.
This implements the required asm functions for sparc64_sysv_elf and
was tested on an OpenBSD/sparc64 system.
Jump_fcontext uses an extra C call frame to store the frame-pointer and
return address. Because of this the code is simply a save (to new reg
window), then forcing a window flush and finally switch stack and restore
from there.
Since jump_fcontext() uses a register window and stack frame, make_fcontext()
reserves two call frames on the stack (one for jump_fcontext() and the other
for the callback function).
OpenBSD/sparc64 uses stackghost which prevents userland from overriding the
return-address on the stack. Because of this make_fcontext() uses an extra
trampoline to implement the _exit(0) call if the callback returns.
All tests pass with this on OpenBSD/sparc64 (also the tests for fiber,
coroutine and coroutine2).
SysV ABI requires a stack alignment of 16 bytes. Currently, for i386
with SysV ABI, the trampoline function is entered with an unaligned
stack. This causes problems for the context-function that is jumped to
as its stack is also unaligned. This causes a crash for our use-case
because the context function contains an SSE instruction which reads
from the stack. The SSE instruction requires the correct alignment.
Fix it by changing the 0x2c offset to 0x30, such that the stack remains
aligned.
Shadow stack is part of Intel's Control-Flow Enforcement Technology.
Whenever a function is called, the return address is pushed onto both
the regular stack and the shadow stack. When that function returns, the
return addresses are popped off both stacks and compared; if they fail
to match, #CP raised.
Backport this commit from https://github.com/php/php-src/pull/9283
With this commit, we create shadow stack with syscall map_shadow_stack
(no.451) for each fiber context and switch the shadow stack accordingly
during fcontext switch.
Signed-off-by: PeterYang12 <yuhan.yang@intel.com>
Signed-off-by: chen-hu-97 <hu1.chen@intel.com>
Indirect Branch Tracking(IBT) is part of Intel's Control-Flow
Enforcement Technology(CET). IBT is hardware based, forward edge
Control-Flow-Integrity mechanism where any indirect CALL/JMP must
target an ENDBR instruction or suffer #CP.
This commit inserts endbr64 instruction in assembly to support IBT.
AIX assembler is a bit more strict than GNU assembler. Thus, adjust
the XCOFF asm files to be able to accept both assembler.
For PPC64 jump and make files, most of the work have already been
made recently, only the functions' header needs to be updated.
For PPC64 ontop and PPC32 files, the algorithms where also wrong.
So the whole files have been reworked.
The PPC32 stack layout is based on AIX documentation:
https://www.ibm.com/docs/en/aix/7.2?topic=overview-runtime-process-stack
For PPC64, as it seems to work fine and is already being used in php,
I've kept the current layout based on PPC64 Linux version.
Tested with boost/context, boost/fiber and boost/coroutine2.
Note that the test_sscanf is still failing in ppc32 because of
float precision. (3.13999 is returned instead of 3.14).
On C++11 static local variables are initialized in thread-safe manner, but even on C++03 it should not be a problem because in our case variables are of trivial types, which means double initialization is not an issue, and they are initialized with the same value in every thread.
