From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id cZYiHV4sc2neDhEAWB0awg (envelope-from ) for ; Fri, 23 Jan 2026 03:07:58 -0500 Authentication-Results: simark.ca; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256 header.s=Intel header.b=Sw/HYqEb; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id 720501E08D; Fri, 23 Jan 2026 03:07:58 -0500 (EST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-2.1 required=5.0 tests=ARC_SIGNED,ARC_VALID,BAYES_00, DKIM_INVALID,DKIM_SIGNED,HTML_MESSAGE,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED, RCVD_IN_VALIDITY_RPBL_BLOCKED,RCVD_IN_VALIDITY_SAFE_BLOCKED autolearn=ham autolearn_force=no version=4.0.1 Received: from vm01.sourceware.org (vm01.sourceware.org [38.145.34.32]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id CA6561E08D for ; Fri, 23 Jan 2026 03:07:57 -0500 (EST) Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id 7354E4BC89BE for ; Fri, 23 Jan 2026 08:07:57 +0000 (GMT) Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.12]) by sourceware.org (Postfix) with ESMTPS id E81494BCA404 for ; Fri, 23 Jan 2026 08:06:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E81494BCA404 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=intel.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=intel.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E81494BCA404 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=198.175.65.12 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1769155601; cv=none; b=U56W1ODHBuJG2u0Y2Nw0xEsiXdVSo4KoB89zO7oOAvlhn2OQ5IQVbrAK/LBG39JqQA7dyaEiTJ/OgQHKBA9ladE9MtO+UGpSXoZPwBCw5WLr78pCjHxSvXWJ8iwCGKtO28Xm3w6j5G7CXLD4k4Yijl5sZZddI2k61ceQqldU2/E= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1769155601; c=relaxed/simple; bh=dRJFcOMzFX/0B3BJN4xAPUXRIDX/Rl5BnNYXcgcVvD4=; h=DKIM-Signature:MIME-Version:From:To:Subject:Date:Message-Id: MIME-Version; b=dfzxXllHR3/2f3slm9NxeZDo/gPHx6QD1GWqSVqbDrCXQRxXznN67zyak8nZVp/6UtVSeP1n2JvSbOyNnCNdPyXuPWih276ji1adh+rarS8VW9DNDJ9QBowqbIROv5upycVan11IzdqMJTj62y/eR9Fm7s9xh11Gmb1FOzJ3CQI= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1769155601; x=1800691601; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=dRJFcOMzFX/0B3BJN4xAPUXRIDX/Rl5BnNYXcgcVvD4=; b=Sw/HYqEbQ/A04KMfmJZMfLborB6U/hqEoWvR0NqfyvLfu/XgXlnTtNqh WiBJohBUrT6nUn8eimEmEVj9oY9h58IkXyJSSVRBnvmMep4KyYbJgD7rL m96xP1Hv1y05F704DZawGBCWpCnuvVZjKPgBE1bLfZSM/BBnLo5sJxOfz vjn9g+/9VhfRiiTGsL8C5O60PEB/rHYyuQJMOYlMFRBvCNt1/+//0R1f6 I6teldgfxRETzrmtmNRV3IxF/QSF9N2+GuNqXP3iRUC78ZPLfgPTfW94k j0jw9a+ARLRioqpcYfgCSgySfkXxy7n5m2g0ahYpGpvAf2LnYZvvROhdA g==; X-CSE-ConnectionGUID: aO9x8zNWR4299ZM7DvMjWA== X-CSE-MsgGUID: GwdPaDrSSMW+hGYHV+K5CA== X-IronPort-AV: E=McAfee;i="6800,10657,11679"; a="81848820" X-IronPort-AV: E=Sophos;i="6.21,248,1763452800"; d="scan'208";a="81848820" Content-Type: multipart/mixed; boundary="===============4677828738574758157==" MIME-Version: 1.0 Received: from orviesa003.jf.intel.com ([10.64.159.143]) by orvoesa104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2026 00:06:27 -0800 X-CSE-ConnectionGUID: GqyLKzRgTPmYbSUVSsbzGg== X-CSE-MsgGUID: QFWOpSetQM61BzrJu9yF7Q== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.21,248,1763452800"; d="scan'208";a="211088433" Received: from gkldtt-dev-004.igk.intel.com (HELO localhost) ([10.123.221.202]) by ORVIESA003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Jan 2026 00:06:25 -0800 From: Christina Schimpe To: gdb-patches@sourceware.org Cc: thiago.bauermann@linaro.org Subject: [PATCH v2 8/9] gdb: Implement the hook 'is_no_return_shadow_stack_address' for amd64 linux. Date: Fri, 23 Jan 2026 08:05:30 +0000 Message-Id: <20260123080532.878738-9-christina.schimpe@intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20260123080532.878738-1-christina.schimpe@intel.com> References: <20260123080532.878738-1-christina.schimpe@intel.com> MIME-Version: 1.0 X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces~public-inbox=simark.ca@sourceware.org --===============4677828738574758157== Content-Transfer-Encoding: 8bit There can be elements on the shadow stack which are not return addresses. This can happen, for instance, in case of signals on amd64 linux. The old shadow stack pointer is pushed in a special format with bit 63 set. |1...old SSP| - Pointer to old pre-signal ssp in sigframe token format (bit 63 set to 1) Linux kernel documentation: https://docs.kernel.org/arch/x86/shstk.html Implement the gdbarch hook is_no_return_shadow_stack_address to detect this scenario to print the shadow stack backtrace correctly. --- gdb/amd64-linux-tdep.c | 55 ++++++++++++++++++- .../amd64-shadow-stack-backtrace-signal.exp | 49 +++++++++++++++++ .../gdb.arch/amd64-shadow-stack-signal.c | 31 +++++++++++ 3 files changed, 134 insertions(+), 1 deletion(-) create mode 100644 gdb/testsuite/gdb.arch/amd64-shadow-stack-backtrace-signal.exp create mode 100644 gdb/testsuite/gdb.arch/amd64-shadow-stack-signal.c diff --git a/gdb/amd64-linux-tdep.c b/gdb/amd64-linux-tdep.c index a4eabccf667..b517f9772f5 100644 --- a/gdb/amd64-linux-tdep.c +++ b/gdb/amd64-linux-tdep.c @@ -1986,6 +1986,56 @@ amd64_linux_get_shadow_stack_size return shadow_stack_bytes / 8; } +/* Return true, if FRAME is a valid shadow stack frame while FRAME.VALUE + does not refer to a return address. This can happen, for instance, in + case of signals. The old shadow stack pointer is pushed in a special + format with bit 63 set. In case this is true, configure the string + which describes the frame and is displayed instead of the address in + the shadow stack backtrace. */ + +static bool +amd64_linux_is_no_return_shadow_stack_address + (gdbarch *gdbarch, + const shadow_stack_frame_info &frame, + std::string &frame_type) +{ + /* FRAME must be a valid shadow stack frame. */ + std::pair range; + gdb_assert (gdbarch_address_in_shadow_stack_memory_range (gdbarch, + frame.ssp, + &range)); + + /* In case bit 63 is not configured, the address on the shadow stack + should be a return address. */ + constexpr CORE_ADDR mask = (CORE_ADDR) 1 << 63; + if ((frame.value & mask) == 0) + return false; + + /* To compare the shadow stack pointer of the previous frame with the + value of FRAME, we must clear bit 63. */ + CORE_ADDR shadow_stack_val_cleared = (frame.value & (~mask)); + + /* Compute the previous/old SSP. The shadow stack grows downwards. To + compute the previous shadow stack pointer, we need to increment + FRAME.SSP. */ + CORE_ADDR prev_ssp + = frame.ssp + gdbarch_shadow_stack_element_size_aligned (gdbarch); + + /* We incremented FRAME.SSP by one element to compute PREV_SSP before. + In case FRAME.SSP points to the first element of the shadow stack, + PREV_SSP must point to the bottom of the shadow stack (RANGE.SECOND), + but not beyond that address. */ + gdb_assert (prev_ssp > range.first && prev_ssp <= range.second); + + if (shadow_stack_val_cleared == prev_ssp) + { + frame_type = _(""); + return true; + } + + return false; +} + static void amd64_linux_init_abi_common (struct gdbarch_info info, struct gdbarch *gdbarch, int num_disp_step_buffers) @@ -2049,9 +2099,12 @@ amd64_linux_init_abi_common (struct gdbarch_info info, struct gdbarch *gdbarch, set_gdbarch_top_addr_empty_shadow_stack (gdbarch, amd64_linux_top_addr_empty_shadow_stack); - + set_gdbarch_get_shadow_stack_size (gdbarch, amd64_linux_get_shadow_stack_size); + + set_gdbarch_is_no_return_shadow_stack_address + (gdbarch, amd64_linux_is_no_return_shadow_stack_address); } static void diff --git a/gdb/testsuite/gdb.arch/amd64-shadow-stack-backtrace-signal.exp b/gdb/testsuite/gdb.arch/amd64-shadow-stack-backtrace-signal.exp new file mode 100644 index 00000000000..21373dc07f3 --- /dev/null +++ b/gdb/testsuite/gdb.arch/amd64-shadow-stack-backtrace-signal.exp @@ -0,0 +1,49 @@ +# Copyright 2024-2026 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Test shadow stack backtrace for signal handling on linux. + +require allow_ssp_tests {istarget "*-*-linux*"} + +standard_testfile amd64-shadow-stack-signal.c + +save_vars { ::env(GLIBC_TUNABLES) } { + + append_environment GLIBC_TUNABLES "glibc.cpu.hwcaps" "SHSTK" + + if { [prepare_for_testing "failed to prepare" ${testfile} ${srcfile} \ + {debug additional_flags="-fcf-protection=return"}] } { + return + } + + if { ![runto_main] } { + return + } + + gdb_breakpoint "handler" + gdb_test "continue" \ + ".*Program received signal SIGUSR1, User defined signal 1.*" \ + "continue until signal" + gdb_continue_to_breakpoint "continue to breakpoint in handler" + + # Test shadow stack backtrace including . + gdb_test "bt -shadow" \ + [multi_line \ + "#0\[ \t\]*$hex in \[^\r\n\]+" \ + "#1\[ \t\]*" \ + "#2\[ \t\]*$hex in \[^\r\n\]+" \ + ".*" ] \ + "test shadow stack backtrace for signal handling." +} diff --git a/gdb/testsuite/gdb.arch/amd64-shadow-stack-signal.c b/gdb/testsuite/gdb.arch/amd64-shadow-stack-signal.c new file mode 100644 index 00000000000..c726e05b224 --- /dev/null +++ b/gdb/testsuite/gdb.arch/amd64-shadow-stack-signal.c @@ -0,0 +1,31 @@ +/* This testcase is part of GDB, the GNU debugger. + + Copyright 2024-2026 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . */ + +#include + +void +handler (int signo) +{ +} + +int +main (void) +{ + signal (SIGUSR1, handler); + raise (SIGUSR1); + return 0; +} -- 2.34.1 --===============4677828738574758157== Content-Type: multipart/alternative; boundary="===============2224063468975243967==" MIME-Version: 1.0 Content-Disposition: inline --===============2224063468975243967== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Intel Deutschland GmbH Registered Address: Dornacher Stra=C3=9Fe 1, 85622 Feldkirchen, Germany Tel: +49 89 991 430, www.intel.de Managing Directors: Harry Demas, Jeffrey Schneiderman, Yin Chong Sorrell Chairperson of the Supervisory Board: Nicole Lau Registered Seat: Munich Commercial Register: Amtsgericht M=C3=BCnchen HRB 186928 --===============2224063468975243967== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable

Intel Deutschland GmbH

Registered Ad= dress: Dornacher Stra=C3=9Fe 1, 85622 Feldkirchen, Germany
Tel: +49 89 = 991 430, www.intel.de
Managing Directors: Harry Demas, Jeffrey Schneide= rman, Yin Chong Sorrell
Chairperson of the Supervisory Board: Nicole La= u
Registered Seat: Munich
Commercial Register: Amtsgericht M=C3=BCn= chen HRB 186928

--===============2224063468975243967==-- --===============4677828738574758157==--