From 19d9b9820637a3d2e5b710841dbf3ab7eeefe8f8 Mon Sep 17 00:00:00 2001 From: Todd Mortimer Date: Wed, 11 Jan 2023 01:55:18 +0000 Subject: Add retguard to amd64 syscalls. Since we got rid of padded syscalls we have enough registers to do this. ok deraadt@ ok kettenis@ --- lib/libc/arch/amd64/SYS.h | 37 ++++++++++++++++++++++------------ lib/libc/arch/amd64/sys/Ovfork.S | 6 +++++- lib/libc/arch/amd64/sys/brk.S | 9 +++++++-- lib/libc/arch/amd64/sys/sbrk.S | 9 +++++++-- lib/libc/arch/amd64/sys/sigpending.S | 6 +++++- lib/libc/arch/amd64/sys/sigprocmask.S | 9 +++++++-- lib/libc/arch/amd64/sys/sigsuspend.S | 6 +++++- lib/libc/arch/amd64/sys/tfork_thread.S | 9 +++++++-- 8 files changed, 67 insertions(+), 24 deletions(-) (limited to 'lib') diff --git a/lib/libc/arch/amd64/SYS.h b/lib/libc/arch/amd64/SYS.h index e20e50c7875..ce67ad0325c 100644 --- a/lib/libc/arch/amd64/SYS.h +++ b/lib/libc/arch/amd64/SYS.h @@ -1,4 +1,4 @@ -/* $OpenBSD: SYS.h,v 1.20 2016/09/06 18:33:35 kettenis Exp $ */ +/* $OpenBSD: SYS.h,v 1.21 2023/01/11 01:55:17 mortimer Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. @@ -82,25 +82,36 @@ HANDLE_ERRNO -/* return, handling errno for failed calls */ -#define _RSYSCALL_RET \ - jc 99f; \ - ret; \ - 99: SET_ERRNO; \ - ret - #define PSEUDO_NOERROR(x,y) \ - _SYSCALL_NOERROR(x,y); \ + SYSENTRY(x); \ + RETGUARD_SETUP(_thread_sys_##x, r11); \ + RETGUARD_PUSH(r11); \ + SYSTRAP(y); \ + RETGUARD_POP(r11); \ + RETGUARD_CHECK(_thread_sys_##x, r11); \ ret; \ SYSCALL_END(x) #define PSEUDO(x,y) \ - _SYSCALL_NOERROR(x,y); \ - _RSYSCALL_RET; \ + SYSENTRY(x); \ + RETGUARD_SETUP(_thread_sys_##x, r11); \ + RETGUARD_PUSH(r11); \ + SYSTRAP(y); \ + HANDLE_ERRNO; \ + RETGUARD_POP(r11); \ + RETGUARD_CHECK(_thread_sys_##x, r11); \ + ret; \ SYSCALL_END(x) + #define PSEUDO_HIDDEN(x,y) \ - _SYSCALL_HIDDEN_NOERROR(x,y); \ - _RSYSCALL_RET; \ + SYSENTRY_HIDDEN(x); \ + RETGUARD_SETUP(_thread_sys_##x, r11); \ + RETGUARD_PUSH(r11); \ + SYSTRAP(y); \ + HANDLE_ERRNO; \ + RETGUARD_POP(r11); \ + RETGUARD_CHECK(_thread_sys_##x , r11); \ + ret; \ SYSCALL_END_HIDDEN(x) #define RSYSCALL_NOERROR(x) \ diff --git a/lib/libc/arch/amd64/sys/Ovfork.S b/lib/libc/arch/amd64/sys/Ovfork.S index e42649e28ce..3d129eeb222 100644 --- a/lib/libc/arch/amd64/sys/Ovfork.S +++ b/lib/libc/arch/amd64/sys/Ovfork.S @@ -1,4 +1,4 @@ -/* $OpenBSD: Ovfork.S,v 1.8 2016/05/07 19:05:21 guenther Exp $ */ +/* $OpenBSD: Ovfork.S,v 1.9 2023/01/11 01:55:17 mortimer Exp $ */ /* $NetBSD: Ovfork.S,v 1.2 2002/06/03 18:30:33 fvdl Exp $ */ /*- @@ -41,11 +41,15 @@ SYSENTRY_HIDDEN(vfork) popq %r9 /* my rta into r9 */ + RETGUARD_SETUP(_thread_sys_vfork, r11); + RETGUARD_PUSH(r11); SYSTRAP(vfork) + RETGUARD_POP(r11) jc 1f jmp *%r9 1: pushq %r9 SET_ERRNO + RETGUARD_CHECK(_thread_sys_vfork, r11); ret SYSCALL_END_HIDDEN(vfork) diff --git a/lib/libc/arch/amd64/sys/brk.S b/lib/libc/arch/amd64/sys/brk.S index e00f74099eb..0fa17dbedce 100644 --- a/lib/libc/arch/amd64/sys/brk.S +++ b/lib/libc/arch/amd64/sys/brk.S @@ -1,4 +1,4 @@ -/* $OpenBSD: brk.S,v 1.12 2022/01/01 23:47:14 guenther Exp $ */ +/* $OpenBSD: brk.S,v 1.13 2023/01/11 01:55:17 mortimer Exp $ */ /* $NetBSD: brk.S,v 1.2 2002/06/03 18:30:33 fvdl Exp $ */ /*- @@ -49,6 +49,8 @@ __minbrk: .type __minbrk,@object ENTRY_NB(brk) + RETGUARD_SETUP(brk, r11); + RETGUARD_PUSH(r11); cmpq %rdi,__minbrk(%rip) jb 1f movq __minbrk(%rip),%rdi @@ -57,9 +59,12 @@ ENTRY_NB(brk) jc 1f movq %rdi,__curbrk(%rip) xorl %eax,%eax - ret + jmp 2f 1: SET_ERRNO +2: + RETGUARD_POP(r11); + RETGUARD_CHECK(brk, r11); ret END(brk) .weak brk diff --git a/lib/libc/arch/amd64/sys/sbrk.S b/lib/libc/arch/amd64/sys/sbrk.S index 80a6a16d4e1..836f40a1784 100644 --- a/lib/libc/arch/amd64/sys/sbrk.S +++ b/lib/libc/arch/amd64/sys/sbrk.S @@ -1,4 +1,4 @@ -/* $OpenBSD: sbrk.S,v 1.12 2022/01/01 23:47:14 guenther Exp $ */ +/* $OpenBSD: sbrk.S,v 1.13 2023/01/11 01:55:17 mortimer Exp $ */ /* $NetBSD: sbrk.S,v 1.1 2001/06/19 00:25:06 fvdl Exp $ */ /*- @@ -54,6 +54,8 @@ __curbrk: .type __curbrk,@object ENTRY_NB(sbrk) + RETGUARD_SETUP(sbrk, r11); + RETGUARD_PUSH(r11); movq __curbrk(%rip),%rax movslq %edi,%rsi movq %rsi,%rdi @@ -62,9 +64,12 @@ ENTRY_NB(sbrk) jc 1f movq __curbrk(%rip),%rax addq %rsi,__curbrk(%rip) - ret + jmp 2f 1: SET_ERRNO +2: + RETGUARD_POP(r11); + RETGUARD_CHECK(sbrk, r11); ret END(sbrk) .weak sbrk diff --git a/lib/libc/arch/amd64/sys/sigpending.S b/lib/libc/arch/amd64/sys/sigpending.S index 6d8a2201791..576eff08766 100644 --- a/lib/libc/arch/amd64/sys/sigpending.S +++ b/lib/libc/arch/amd64/sys/sigpending.S @@ -1,4 +1,4 @@ -/* $OpenBSD: sigpending.S,v 1.3 2015/06/17 03:04:50 uebayasi Exp $ */ +/* $OpenBSD: sigpending.S,v 1.4 2023/01/11 01:55:17 mortimer Exp $ */ /* $NetBSD: sigpending.S,v 1.1 2001/06/19 00:25:06 fvdl Exp $ */ /*- @@ -40,7 +40,11 @@ #include "SYS.h" SYSCALL(sigpending) + RETGUARD_SETUP(_thread_sys_sigpending, r11); + RETGUARD_PUSH(r11); movl %eax,(%rdi) # store old mask xorl %eax,%eax + RETGUARD_POP(r11) + RETGUARD_CHECK(_thread_sys_sigpending, r11); ret SYSCALL_END(sigpending) diff --git a/lib/libc/arch/amd64/sys/sigprocmask.S b/lib/libc/arch/amd64/sys/sigprocmask.S index 308c5800b50..ddcae14576c 100644 --- a/lib/libc/arch/amd64/sys/sigprocmask.S +++ b/lib/libc/arch/amd64/sys/sigprocmask.S @@ -1,4 +1,4 @@ -/* $OpenBSD: sigprocmask.S,v 1.9 2016/05/07 19:05:21 guenther Exp $ */ +/* $OpenBSD: sigprocmask.S,v 1.10 2023/01/11 01:55:17 mortimer Exp $ */ /* $NetBSD: sigprocmask.S,v 1.1 2001/06/19 00:25:06 fvdl Exp $ */ /*- @@ -40,6 +40,8 @@ #include "SYS.h" SYSENTRY_HIDDEN(sigprocmask) + RETGUARD_SETUP(_thread_sys_sigprocmask, r11); + RETGUARD_PUSH(r11); testq %rsi,%rsi # check new sigset pointer jnz 1f # if not null, indirect movl $1,%edi # SIG_BLOCK @@ -52,8 +54,11 @@ SYSENTRY_HIDDEN(sigprocmask) movl %eax,(%rdx) # store old mask 3: xorl %eax,%eax - ret + jmp 2f 1: SET_ERRNO +2: + RETGUARD_POP(r11); + RETGUARD_CHECK(_thread_sys_sigprocmask, r11); ret SYSCALL_END_HIDDEN(sigprocmask) diff --git a/lib/libc/arch/amd64/sys/sigsuspend.S b/lib/libc/arch/amd64/sys/sigsuspend.S index 9abb04e1079..2a08beb361e 100644 --- a/lib/libc/arch/amd64/sys/sigsuspend.S +++ b/lib/libc/arch/amd64/sys/sigsuspend.S @@ -1,4 +1,4 @@ -/* $OpenBSD: sigsuspend.S,v 1.7 2016/05/07 19:05:21 guenther Exp $ */ +/* $OpenBSD: sigsuspend.S,v 1.8 2023/01/11 01:55:17 mortimer Exp $ */ /* $NetBSD: sigsuspend.S,v 1.1 2001/06/19 00:25:07 fvdl Exp $ */ /*- @@ -40,8 +40,12 @@ #include "SYS.h" SYSENTRY_HIDDEN(sigsuspend) + RETGUARD_SETUP(_thread_sys_sigsuspend, r11); + RETGUARD_PUSH(r11); movl (%rdi),%edi # indirect to mask arg SYSTRAP(sigsuspend) SET_ERRNO + RETGUARD_POP(r11); + RETGUARD_CHECK(_thread_sys_sigsuspend, r11); ret SYSCALL_END_HIDDEN(sigsuspend) diff --git a/lib/libc/arch/amd64/sys/tfork_thread.S b/lib/libc/arch/amd64/sys/tfork_thread.S index b543296b04e..8de236b7d21 100644 --- a/lib/libc/arch/amd64/sys/tfork_thread.S +++ b/lib/libc/arch/amd64/sys/tfork_thread.S @@ -1,4 +1,4 @@ -/* $OpenBSD: tfork_thread.S,v 1.10 2020/10/18 14:28:17 deraadt Exp $ */ +/* $OpenBSD: tfork_thread.S,v 1.11 2023/01/11 01:55:17 mortimer Exp $ */ /*- * Copyright (c) 2000 Peter Wemm * Copyright (c) 2003 Alan L. Cox @@ -46,6 +46,8 @@ ENTRY(__tfork_thread) .cfi_startproc + RETGUARD_SETUP(__tfork_thread, r11); + RETGUARD_PUSH(r11); movq %rdx, %r8 movq %rcx, %r9 @@ -62,7 +64,7 @@ ENTRY(__tfork_thread) */ cmpl $0, %eax jz 1f - ret + jmp 3f /* the retpoline we'll use to call the child's main */ _ALIGN_TRAPS @@ -96,6 +98,9 @@ ENTRY(__tfork_thread) */ 2: SET_ERRNO +3: + RETGUARD_POP(r11); + RETGUARD_CHECK(__tfork_thread, r11); ret .cfi_endproc END(__tfork_thread) -- cgit v1.2.3