1/*
2            Copyright Oliver Kowalke 2009.
3   Distributed under the Boost Software License, Version 1.0.
4      (See accompanying file LICENSE_1_0.txt or copy at
5            http://www.boost.org/LICENSE_1_0.txt)
6*/
7
8/****************************************************************************************
9 *                                                                                      *
10 *  ----------------------------------------------------------------------------------  *
11 *  |    0    |    1    |    2    |    3    |    4     |    5    |    6    |    7    |  *
12 *  ----------------------------------------------------------------------------------  *
13 *  |   0x0   |   0x4   |   0x8   |   0xc   |   0x10   |   0x14  |   0x18  |   0x1c  |  *
14 *  ----------------------------------------------------------------------------------  *
15 *  | fc_mxcsr|fc_x87_cw|       guard       |         R12        |        R13        |  *
16 *  ----------------------------------------------------------------------------------  *
17 *  ----------------------------------------------------------------------------------  *
18 *  |    8    |    9    |   10    |   11    |    12    |    13   |    14   |    15   |  *
19 *  ----------------------------------------------------------------------------------  *
20 *  |   0x20  |   0x24  |   0x28  |  0x2c   |   0x30   |   0x34  |   0x38  |   0x3c  |  *
21 *  ----------------------------------------------------------------------------------  *
22 *  |        R14        |        R15        |         RBX        |        RBP        |  *
23 *  ----------------------------------------------------------------------------------  *
24 *  ----------------------------------------------------------------------------------  *
25 *  |   16    |   17    |   18    |   19    |    20    |    21   |    22   |    23   |  *
26 *  ----------------------------------------------------------------------------------  *
27 *  |   0x40  |   0x44  |                                                            |  *
28 *  ----------------------------------------------------------------------------------  *
29 *  |        RIP        |                                                            |  *
30 *  ----------------------------------------------------------------------------------  *
31 *                                                                                      *
32 ****************************************************************************************/
33
34# ifdef __i386__
35#  include "make_i386_sysv_elf_gas.S"
36# else
37#  if defined __CET__
38#   include <cet.h>
39#   define SHSTK_ENABLED (__CET__ & 0x2)
40#   define BOOST_CONTEXT_SHADOW_STACK (SHSTK_ENABLED && SHADOW_STACK_SYSCALL)
41#  else
42#   define _CET_ENDBR
43#  endif
44.file "make_x86_64_sysv_elf_gas.S"
45.text
46.globl make_fcontext
47.type make_fcontext,@function
48.align 16
49make_fcontext:
50    _CET_ENDBR
51
52#if BOOST_CONTEXT_SHADOW_STACK
53    /* the new shadow stack pointer (SSP) */
54    movq  -0x8(%rdi), %r9
55#endif
56
57    /* first arg of make_fcontext() == top of context-stack */
58    movq  %rdi, %rax
59
60    /* shift address in RAX to lower 16 byte boundary */
61    andq  $-16, %rax
62
63    /* reserve space for context-data on context-stack */
64    /* on context-function entry: (RSP -0x8) % 16 == 0 */
65    leaq  -0x48(%rax), %rax
66
67    /* third arg of make_fcontext() == address of context-function */
68    /* stored in RBX */
69    movq  %rdx, 0x30(%rax)
70
71    /* save MMX control- and status-word */
72    stmxcsr  (%rax)
73    /* save x87 control-word */
74    fnstcw   0x4(%rax)
75
76#if defined(BOOST_CONTEXT_TLS_STACK_PROTECTOR)
77    /* save stack guard */
78    movq  %fs:0x28, %rcx    /* read stack guard from TLS record */
79    movq  %rcx, 0x8(%rsp)   /* save stack guard */
80#endif
81
82    /* compute abs address of label trampoline */
83    leaq  trampoline(%rip), %rcx
84    /* save address of trampoline as return-address for context-function */
85    /* will be entered after calling jump_fcontext() first time */
86    movq  %rcx, 0x40(%rax)
87
88    /* compute abs address of label finish */
89    leaq  finish(%rip), %rcx
90    /* save address of finish as return-address for context-function */
91    /* will be entered after context-function returns */
92    movq  %rcx, 0x38(%rax)
93
94#if BOOST_CONTEXT_SHADOW_STACK
95    /* Populate the shadow stack and normal stack */
96    /* get original SSP */
97    rdsspq  %r8
98    /* restore new shadow stack */
99    rstorssp  -0x8(%r9)
100    /* save the restore token on the original shadow stack */
101    saveprevssp
102    /* push the address of "jmp trampoline" to the new shadow stack */
103    /* as well as the stack */
104    call  1f
105    jmp  trampoline
1061:
107    /* save address of "jmp trampoline" as return-address */
108    /* for context-function */
109    pop 0x38(%rax)
110    /* Get the new SSP.  */
111    rdsspq  %r9
112    /* restore original shadow stack */
113    rstorssp  -0x8(%r8)
114    /* save the restore token on the new shadow stack.  */
115    saveprevssp
116
117    /* reserve space for the new SSP */
118    leaq  -0x8(%rax), %rax
119    /* save the new SSP to this fcontext */
120    movq  %r9, (%rax)
121#endif
122
123#if BOOST_CONTEXT_SHADOW_STACK
124    /* Populate the shadow stack */
125
126    /* get original SSP */
127    rdsspq  %r8
128    /* restore new shadow stack */
129    rstorssp  -0x8(%r9)
130    /* save the restore token on the original shadow stack */
131    saveprevssp
132    /* push the address of "jmp trampoline" to the new shadow stack */
133    /* as well as the stack */
134    call  1f
135    jmp  trampoline
1361:
137    /* save address of "jmp trampoline" as return-address */
138    /* for context-function */
139    pop 0x38(%rax)
140    /* Get the new SSP.  */
141    rdsspq  %r9
142    /* restore original shadow stack */
143    rstorssp  -0x8(%r8)
144    /* save the restore token on the new shadow stack.  */
145    saveprevssp
146
147    /* now the new shadow stack looks like:
148        base->  +------------------------------+
149                | address of "jmp  trampoline" |
150        SSP->   +------------------------------+
151                |         restore token        |
152                +------------------------------+
153    */
154
155    /* reserve space for the new SSP */
156    leaq  -0x8(%rax), %rax
157    /* save the new SSP to this fcontext */
158    movq  %r9, (%rax)
159#endif
160
161    ret /* return pointer to context-data */
162
163trampoline:
164    /* store return address on stack */
165    /* fix stack alignment */
166    _CET_ENDBR
167#if BOOST_CONTEXT_SHADOW_STACK
168    /* save address of "jmp *%rbp" as return-address */
169    /* on stack and shadow stack */
170    call  2f
171    jmp  *%rbp
1722:
173#else
174    push %rbp
175#endif
176    /* jump to context-function */
177    jmp *%rbx
178
179finish:
180    _CET_ENDBR
181    /* exit code is zero */
182    xorq  %rdi, %rdi
183    /* exit application */
184    call  _exit@PLT
185    hlt
186.size make_fcontext,.-make_fcontext
187
188/* Mark that we don't need executable stack. */
189.section .note.GNU-stack,"",%progbits
190# endif
191