Allocate a small guard region around the shadow call stack. This lets us do two things: 1) Make setjmp and longjmp compatible with shadow call stack. To avoid leaking the shadow call stack address into memory, only the lower log2(SCS_SIZE) bits of x18 are stored to jmp_buf. This requires allocating an additional guard page so that we're guaranteed to be able to allocate a sufficiently aligned SCS. 2) SCS overflow detection. Overflows now result in a SIGSEGV instead of corrupting the allocation that comes after it. Change-Id: I04d6634f96162bf625684672a87fba8b402b7fd1 Test: bionic-unit-tests

commit: 734beec3d48a7ea5cfe3bd0815676181ea698cc7 [log] [tgz]
author: Peter Collingbourne <pcc@google.com> Wed Nov 14 12:41:41 2018 -0800
committer: Peter Collingbourne <pcc@google.com> Fri Nov 16 14:37:08 2018 -0800
tree: 4a288b288b56d549c23e25166de6be1b86729c79
parent: 83590680649dc04ce8a98cd85b6356e1d6066564 [diff] [blame]
diff --git a/tests/setjmp_test.cpp b/tests/setjmp_test.cpp
index dde0be1..44d8af1 100644
--- a/tests/setjmp_test.cpp
+++ b/tests/setjmp_test.cpp

@@ -264,3 +264,14 @@
     fprintf(stderr, "setjmp_cookie_checksum: longjmp succeeded?");
   }
 }
+
+__attribute__((noinline)) void call_longjmp(jmp_buf buf) {
+  longjmp(buf, 123);
+}
+
+TEST(setjmp, setjmp_stack) {
+  jmp_buf buf;
+  int value = setjmp(buf);
+  if (value == 0) call_longjmp(buf);
+  EXPECT_EQ(123, value);
+}
commit	734beec3d48a7ea5cfe3bd0815676181ea698cc7	[log] [tgz]
author	Peter Collingbourne <pcc@google.com>	Wed Nov 14 12:41:41 2018 -0800
committer	Peter Collingbourne <pcc@google.com>	Fri Nov 16 14:37:08 2018 -0800
tree	4a288b288b56d549c23e25166de6be1b86729c79
parent	83590680649dc04ce8a98cd85b6356e1d6066564 [diff] [blame]