Hi
I try the shadow call stack in llvm.
clang -fsanitize=shadow-call-stack ./test.c
test.c
#include<stdio.h>
void A(){
printf(“A\n”);
}
int main(){
A();
return 0;
}
And then produe weird code
0000000000400570 :
400570: 4c 8b 14 24 mov r10,QWORD PTR [rsp]
400574: 4d 31 db xor r11,r11
400577: 65 49 83 03 08 add QWORD PTR gs:[r11],0x8
40057c: 65 4d 8b 1b mov r11,QWORD PTR gs:[r11]
400580: 65 4d 89 13 mov QWORD PTR gs:[r11],r10
at 0x400577 the program crashes
because r11 is 0 after 0x400574 .
I wonder that shadow call stack in llvm 7 is ok now?
Thank you.
Hi,
at 0x400577 the program crashes
because r11 is 0 after 0x400574 .
Looking at ShadowCallStack.cpp, the 0 is very intentional. So to use
this feature you'll need a runtime willing to give each thread a valid
shadow stack and set the base and of the gs register to point at it.
The documentation mentions that you'll probably have to write your own
runtime: ShadowCallStack — Clang 18.0.0git documentation. You didn't
mention which OS you were using, but these notes seem to cover what
would be needed to actually set GS on various platforms:
https://gist.github.com/MerryMage/f22e75d5128c07d77630ca01c4272937.
You'd have to come up with your own methods to make sure that happens
on each thread before any instrumented code runs.
Cheers.
Tim.