Fix map_shadow_stack syscall number

arnaud-lb · arnaud-lb · commit 3c00dd3e3980 · 2024-04-21T13:46:58.000+02:00
* Syscall number for map_shadow_stack has changed since initial support was
  added.
* Use SYS_map_shadow_stack instead of hard-coded number when possible
diff --git a/Zend/zend_fibers.c b/Zend/zend_fibers.c
@@ -67,10 +67,14 @@
 #endif
 
 # if defined __CET__
+#  include <sys/syscall.h>
+#  include <unistd.h>
 #  include <cet.h>
 #  define SHSTK_ENABLED (__CET__ & 0x2)
 #  define BOOST_CONTEXT_SHADOW_STACK (SHSTK_ENABLED && SHADOW_STACK_SYSCALL)
-#  define __NR_map_shadow_stack 451
+# ifndef SYS_map_shadow_stack
+#  define SYS_map_shadow_stack 453
+# endif
 # ifndef SHADOW_STACK_SET_TOKEN
 #  define SHADOW_STACK_SET_TOKEN 0x1
 #endif
@@ -276,7 +280,7 @@ static zend_fiber_stack *zend_fiber_stack_allocate(size_t size)
 
 	/* issue syscall to create shadow stack for the new fcontext */
 	/* SHADOW_STACK_SET_TOKEN option will put "restore token" on the new shadow stack */
-	stack->ss_base = (void *)syscall(__NR_map_shadow_stack, 0, stack->ss_size, SHADOW_STACK_SET_TOKEN);
+	stack->ss_base = (void *)syscall(SYS_map_shadow_stack, 0, stack->ss_size, SHADOW_STACK_SET_TOKEN);
 
 	if (stack->ss_base == MAP_FAILED) {
 		zend_throw_exception_ex(NULL, 0, "Fiber shadow stack allocate failed: mmap failed: %s (%d)", strerror(errno), errno);
diff --git a/configure.ac b/configure.ac
@@ -1316,11 +1316,18 @@ fi
 dnl Check whether syscall to create shadow stack exists, should be a better way, but...
 AC_CACHE_CHECK([whether syscall to create shadow stack exists], ac_cv_syscall_shadow_stack_exists,
 [AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <sys/syscall.h>
 #include <unistd.h>
 #include <sys/mman.h>
+#ifndef SYS_map_shadow_stack
+# define SYS_map_shadow_stack 453
+#endif
+#ifndef SHADOW_STACK_SET_TOKEN
+# define SHADOW_STACK_SET_TOKEN 0x1
+#endif
 int main(void) {
-  /* test if syscall 451, i.e., map_shadow_stack is available */
-  void* base = (void *)syscall(451, 0, 0x20000, 0x1);
+  /* test if map_shadow_stack is available */
+  void* base = (void *)syscall(SYS_map_shadow_stack, 0, 0x20000, SHADOW_STACK_SET_TOKEN);
   if (base != (void*)-1) {
     munmap(base, 0x20000);
     return 0;
