1/* 2 Copyright Oliver Kowalke 2009. 3 Distributed under the Boost Software License, Version 1.0. 4 (See accompanying file LICENSE_1_0.txt or copy at 5 http://www.boost.org/LICENSE_1_0.txt) 6*/ 7 8/**************************************************************************************** 9 * * 10 * ---------------------------------------------------------------------------------- * 11 * | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | * 12 * ---------------------------------------------------------------------------------- * 13 * | 0x0 | 0x4 | 0x8 | 0xc | 0x10 | 0x14 | 0x18 | 0x1c | * 14 * ---------------------------------------------------------------------------------- * 15 * | fc_mxcsr|fc_x87_cw| guard | R12 | R13 | * 16 * ---------------------------------------------------------------------------------- * 17 * ---------------------------------------------------------------------------------- * 18 * | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | * 19 * ---------------------------------------------------------------------------------- * 20 * | 0x20 | 0x24 | 0x28 | 0x2c | 0x30 | 0x34 | 0x38 | 0x3c | * 21 * ---------------------------------------------------------------------------------- * 22 * | R14 | R15 | RBX | RBP | * 23 * ---------------------------------------------------------------------------------- * 24 * ---------------------------------------------------------------------------------- * 25 * | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | * 26 * ---------------------------------------------------------------------------------- * 27 * | 0x40 | 0x44 | | * 28 * ---------------------------------------------------------------------------------- * 29 * | RIP | | * 30 * ---------------------------------------------------------------------------------- * 31 * * 32 ****************************************************************************************/ 33 34# if defined __CET__ 35# include <cet.h> 36# define SHSTK_ENABLED (__CET__ & 0x2) 37# define BOOST_CONTEXT_SHADOW_STACK (SHSTK_ENABLED && SHADOW_STACK_SYSCALL) 38# else 39# define _CET_ENDBR 40# endif 41.file "make_x86_64_sysv_elf_gas.S" 42.text 43.globl make_fcontext 44.type make_fcontext,@function 45.align 16 46make_fcontext: 47 _CET_ENDBR 48 49#if BOOST_CONTEXT_SHADOW_STACK 50 /* the new shadow stack pointer (SSP) */ 51 movq -0x8(%rdi), %r9 52#endif 53 54 /* first arg of make_fcontext() == top of context-stack */ 55 movq %rdi, %rax 56 57 /* shift address in RAX to lower 16 byte boundary */ 58 andq $-16, %rax 59 60 /* reserve space for context-data on context-stack */ 61 /* on context-function entry: (RSP -0x8) % 16 == 0 */ 62 leaq -0x48(%rax), %rax 63 64 /* third arg of make_fcontext() == address of context-function */ 65 /* stored in RBX */ 66 movq %rdx, 0x30(%rax) 67 68 /* save MMX control- and status-word */ 69 stmxcsr (%rax) 70 /* save x87 control-word */ 71 fnstcw 0x4(%rax) 72 73#if defined(BOOST_CONTEXT_TLS_STACK_PROTECTOR) 74 /* save stack guard */ 75 movq %fs:0x28, %rcx /* read stack guard from TLS record */ 76 movq %rcx, 0x8(%rsp) /* save stack guard */ 77#endif 78 79 /* compute abs address of label trampoline */ 80 leaq trampoline(%rip), %rcx 81 /* save address of trampoline as return-address for context-function */ 82 /* will be entered after calling jump_fcontext() first time */ 83 movq %rcx, 0x40(%rax) 84 85 /* compute abs address of label finish */ 86 leaq finish(%rip), %rcx 87 /* save address of finish as return-address for context-function */ 88 /* will be entered after context-function returns */ 89 movq %rcx, 0x38(%rax) 90 91#if BOOST_CONTEXT_SHADOW_STACK 92 /* Populate the shadow stack and normal stack */ 93 /* get original SSP */ 94 rdsspq %r8 95 /* restore new shadow stack */ 96 rstorssp -0x8(%r9) 97 /* save the restore token on the original shadow stack */ 98 saveprevssp 99 /* push the address of "jmp trampoline" to the new shadow stack */ 100 /* as well as the stack */ 101 call 1f 102 jmp trampoline 1031: 104 /* save address of "jmp trampoline" as return-address */ 105 /* for context-function */ 106 pop 0x38(%rax) 107 /* Get the new SSP. */ 108 rdsspq %r9 109 /* restore original shadow stack */ 110 rstorssp -0x8(%r8) 111 /* save the restore token on the new shadow stack. */ 112 saveprevssp 113 114 /* reserve space for the new SSP */ 115 leaq -0x8(%rax), %rax 116 /* save the new SSP to this fcontext */ 117 movq %r9, (%rax) 118#endif 119 120#if BOOST_CONTEXT_SHADOW_STACK 121 /* Populate the shadow stack */ 122 123 /* get original SSP */ 124 rdsspq %r8 125 /* restore new shadow stack */ 126 rstorssp -0x8(%r9) 127 /* save the restore token on the original shadow stack */ 128 saveprevssp 129 /* push the address of "jmp trampoline" to the new shadow stack */ 130 /* as well as the stack */ 131 call 1f 132 jmp trampoline 1331: 134 /* save address of "jmp trampoline" as return-address */ 135 /* for context-function */ 136 pop 0x38(%rax) 137 /* Get the new SSP. */ 138 rdsspq %r9 139 /* restore original shadow stack */ 140 rstorssp -0x8(%r8) 141 /* save the restore token on the new shadow stack. */ 142 saveprevssp 143 144 /* now the new shadow stack looks like: 145 base-> +------------------------------+ 146 | address of "jmp trampoline" | 147 SSP-> +------------------------------+ 148 | restore token | 149 +------------------------------+ 150 */ 151 152 /* reserve space for the new SSP */ 153 leaq -0x8(%rax), %rax 154 /* save the new SSP to this fcontext */ 155 movq %r9, (%rax) 156#endif 157 158 ret /* return pointer to context-data */ 159 160trampoline: 161 /* store return address on stack */ 162 /* fix stack alignment */ 163 _CET_ENDBR 164#if BOOST_CONTEXT_SHADOW_STACK 165 /* save address of "jmp *%rbp" as return-address */ 166 /* on stack and shadow stack */ 167 call 2f 168 jmp *%rbp 1692: 170#else 171 push %rbp 172#endif 173 /* jump to context-function */ 174 jmp *%rbx 175 176finish: 177 _CET_ENDBR 178 /* exit code is zero */ 179 xorq %rdi, %rdi 180 /* exit application */ 181 call _exit@PLT 182 hlt 183.size make_fcontext,.-make_fcontext 184 185/* Mark that we don't need executable stack. */ 186.section .note.GNU-stack,"",%progbits 187