Skip to content

Sync x86_64 fcontext fixes#22584

Open
kn1g78 wants to merge 3 commits into
php:masterfrom
kn1g78:fctx-x64-fix
Open

Sync x86_64 fcontext fixes#22584
kn1g78 wants to merge 3 commits into
php:masterfrom
kn1g78:fctx-x64-fix

Conversation

@kn1g78

@kn1g78 kn1g78 commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

This fixes the TLS stack protector save location, removes duplicated shadow stack handling, and adds CFI information for the make_fcontext trampoline.

@kn1g78 kn1g78 marked this pull request as ready for review July 4, 2026 01:50
@kn1g78 kn1g78 requested a review from TimWolla as a code owner July 4, 2026 01:50
@TimWolla TimWolla removed their request for review July 4, 2026 10:14
@Girgias Girgias requested a review from arnaud-lb July 4, 2026 11:24
@kn1g78

kn1g78 commented Jul 4, 2026

Copy link
Copy Markdown
Contributor Author

The intent of this PR is small: sync the upstream Boost.Context fixes relevant
to x86_64 Fiber/fcontext assembly.

The diff is larger because Zend/asm is a bundled upstream copy. Partial
cherry-picks fail Verify Bundled Files, so this had to be turned into a full
Boost.Context bundle sync from 1.86.0 to 1.91.0 by updating
boost-context.sh and
regenerating
Zend/asm. Most of the added lines are therefore upstream sync churn, not
new hand-written logic.

For reference, this was the original targeted x86_64 diff before converting it
into a full bundled sync:

diff --git a/Zend/asm/jump_x86_64_sysv_elf_gas.S b/Zend/asm/jump_x86_64_sysv_elf_gas.S
@@ -67,14 +67,6 @@ jump_fcontext:
      movq  %rbx, 0x30(%rsp)  /* save RBX */
      movq  %rbp, 0x38(%rsp)  /* save RBP */

-#if BOOST_CONTEXT_SHADOW_STACK
-    /* grow the stack to reserve space for shadow stack pointer(SSP) */
-    leaq  -0x8(%rsp), %rsp
-    /* read the current SSP and store it */
-    rdsspq  %rcx
-    movq  %rcx, (%rsp)
-#endif
-
  #if BOOST_CONTEXT_SHADOW_STACK
      /* grow the stack to reserve space for shadow stack pointer(SSP) */
      leaq  -0x8(%rsp), %rsp

diff --git a/Zend/asm/make_x86_64_sysv_elf_gas.S b/Zend/asm/make_x86_64_sysv_elf_gas.S
@@ -76,7 +76,7 @@ make_fcontext:
  #if defined(BOOST_CONTEXT_TLS_STACK_PROTECTOR)
      /* save stack guard */
      movq  %fs:0x28, %rcx    /* read stack guard from TLS record */
-    movq  %rcx, 0x8(%rsp)   /* save stack guard */
+    movq  %rcx, 0x8(%rax)   /* save stack guard */
  #endif

@@ -91,35 +91,6 @@ make_fcontext:
      /* will be entered after context-function returns */
      movq  %rcx, 0x38(%rax)

-#if BOOST_CONTEXT_SHADOW_STACK
-    /* Populate the shadow stack and normal stack */
-    /* get original SSP */
-    rdsspq  %r8
-    /* restore new shadow stack */
-    rstorssp  -0x8(%r9)
-    /* save the restore token on the original shadow stack */
-    saveprevssp
-    /* push the address of "jmp trampoline" to the new shadow stack */
-    /* as well as the stack */
-    call  1f
-    jmp  trampoline
-1:
-    /* save address of "jmp trampoline" as return-address */
-    /* for context-function */
-    pop 0x38(%rax)
-    /* Get the new SSP.  */
-    rdsspq  %r9
-    /* restore original shadow stack */
-    rstorssp  -0x8(%r8)
-    /* save the restore token on the new shadow stack.  */
-    saveprevssp
-
-    /* reserve space for the new SSP */
-    leaq  -0x8(%rax), %rax
-    /* save the new SSP to this fcontext */
-    movq  %r9, (%rax)
-#endif
-
  #if BOOST_CONTEXT_SHADOW_STACK
      /* Populate the shadow stack */

@@ -161,6 +132,8 @@ make_fcontext:
      ret /* return pointer to context-data */

  trampoline:
+    .cfi_startproc
+    .cfi_undefined rip
      /* store return address on stack */
      /* fix stack alignment */
      _CET_ENDBR
@@ -175,6 +148,7 @@ trampoline:
  #endif
      /* jump to context-function */
      jmp *%rbx
+    .cfi_endproc

Comment thread .github/scripts/download-bundled/boost-context.sh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants