[openssl] master update

Matt Caswell matt at openssl.org
Fri Feb 7 23:26:00 UTC 2020 

The branch master has been updated
       via  34675b2ba942f81a74bd8bc46b937604dca0a645 (commit)
      from  0e43960e88128bb86031a45c0fe9ca3e3a310c3b (commit)


- Log -----------------------------------------------------------------
commit 34675b2ba942f81a74bd8bc46b937604dca0a645
Author: H.J. Lu <hongjiu.lu at intel.com>
Date:   Fri Dec 13 16:46:07 2019 -0800

    Use swapcontext for Intel CET
    
    When Intel CET is enabled, makecontext will create a different shadow
    stack for each context.  async_fibre_swapcontext cannot use _longjmp.
    It must call swapcontext to swap shadow stack as well as normal stack.
    
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/10983)

-----------------------------------------------------------------------

Summary of changes:
 crypto/async/arch/async_posix.c |  2 ++
 crypto/async/arch/async_posix.h | 19 ++++++++++++++++++-
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/crypto/async/arch/async_posix.c b/crypto/async/arch/async_posix.c
index 7476970e6b..3432320bcf 100644
--- a/crypto/async/arch/async_posix.c
+++ b/crypto/async/arch/async_posix.c
@@ -34,7 +34,9 @@ void async_local_cleanup(void)
 
 int async_fibre_makecontext(async_fibre *fibre)
 {
+#ifndef USE_SWAPCONTEXT
     fibre->env_init = 0;
+#endif
     if (getcontext(&fibre->fibre) == 0) {
         fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE);
         if (fibre->fibre.uc_stack.ss_sp != NULL) {
diff --git a/crypto/async/arch/async_posix.h b/crypto/async/arch/async_posix.h
index aba713e759..4fb09b71dc 100644
--- a/crypto/async/arch/async_posix.h
+++ b/crypto/async/arch/async_posix.h
@@ -25,17 +25,33 @@
 #  define ASYNC_POSIX
 #  define ASYNC_ARCH
 
+#  ifdef __CET__
+/*
+ * When Intel CET is enabled, makecontext will create a different
+ * shadow stack for each context.  async_fibre_swapcontext cannot
+ * use _longjmp.  It must call swapcontext to swap shadow stack as
+ * well as normal stack.
+ */
+#   define USE_SWAPCONTEXT
+#  endif
 #  include <ucontext.h>
-#  include <setjmp.h>
+#  ifndef USE_SWAPCONTEXT
+#   include <setjmp.h>
+#  endif
 
 typedef struct async_fibre_st {
     ucontext_t fibre;
+#  ifndef USE_SWAPCONTEXT
     jmp_buf env;
     int env_init;
+#  endif
 } async_fibre;
 
 static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
 {
+#  ifdef USE_SWAPCONTEXT
+    swapcontext(&o->fibre, &n->fibre);
+#  else
     o->env_init = 1;
 
     if (!r || !_setjmp(o->env)) {
@@ -44,6 +60,7 @@ static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, i
         else
             setcontext(&n->fibre);
     }
+#  endif
 
     return 1;
 }

More information about the openssl-commits mailing list