https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85334
--- Comment #14 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The releases/gcc-8 branch has been updated by H.J. Lu <h...@gcc.gnu.org>: https://gcc.gnu.org/g:f4e748747a6536dc49586c8202284bc2b7bf2c6c commit r8-10108-gf4e748747a6536dc49586c8202284bc2b7bf2c6c Author: H.J. Lu <hjl.to...@gmail.com> Date: Mon Feb 10 07:58:45 2020 -0800 i386: Properly pop restore token in signal frame Linux CET kernel places a restore token on shadow stack for signal handler to enhance security. The restore token is 8 byte and aligned to 8 bytes. It is usually transparent to user programs since kernel will pop the restore token when signal handler returns. But when an exception is thrown from a signal handler, now we need to pop the restore token from shadow stack. For x86-64, we just need to treat the signal frame as normal frame. For i386, we need to search for the restore token to check if the original shadow stack is 8 byte aligned. If the original shadow stack is 8 byte aligned, we just need to pop 2 slots, one restore token, from shadow stack. Otherwise, we need to pop 3 slots, one restore token + 4 byte padding, from shadow stack. This patch also includes 2 tests, one has a restore token with 4 byte padding and one without. Tested on Linux/x86-64 CET machine with and without -m32. libgcc/ Backport from mainline PR libgcc/85334 * config/i386/shadow-stack-unwind.h (_Unwind_Frames_Increment): New. (cherry picked from commit bf6465d0461234ccd45ae34d5e2375a0bee0081d)
