* configure.in: Add --enable-stackguard-randomization option.
(ENABLE_STACKGUARD_RANDOMIZE): New define.
* config.h.in (ENABLE_STACKGUARD_RANDOMIZE): Add.
* sysdeps/unix/sysv/linux/dl-osinfo.h: Include stdint.h.
(_dl_setup_stack_chk_guard): New inline function.
* sysdeps/generic/dl-osinfo.h: Include stdint.h.
(_dl_setup_stack_chk_guard): New inline function.
* elf/rtld.c (__stack_chk_guard): New variable.
(dl_main): Remove all traces of TLS_INIT_TP_EXPENSIVE.
Set __stack_chk_guard to _dl_setup_stack_chk_guard (),
use THREAD_SET_STACK_GUARD if defined.
* elf/Versions (ld): Export __stack_chk_guard@@GLIBC_2.4.
* sysdeps/generic/libc-start.c (__stack_chk_guard): New variable.
(__libc_start_main): Set __stack_chk_guard to
_dl_setup_stack_chk_guard (), use THREAD_SET_STACK_GUARD if defined.
* sysdeps/generic/libc-tls.c (__libc_setup_tls): Remove all
traces of TLS_INIT_TP_EXPENSIVE.
* debug/Versions (libc): Export __stack_chk_fail@@GLIBC_2.4.
* debug/Makefile (routines): Add stack_chk_fail.
(static-only-routines): Add stack_chk_fail_local.
* debug/stack_chk_fail_local.c: New file.
* debug/stack_chk_fail.c: New file.
* elf/Makefile: Add rules to build and run tst-stackguard1{,-static}
tests.
* elf/tst-stackguard1.c: New file.
* elf/tst-stackguard1-static.c: New file.
* elf/stackguard-macros.h: New file.
+2005-06-25 Jakub Jelinek <jakub@redhat.com>
+
+ * Versions.def (ld): Add GLIBC_2.4.
+ * configure.in: Add --enable-stackguard-randomization option.
+ (ENABLE_STACKGUARD_RANDOMIZE): New define.
+ * config.h.in (ENABLE_STACKGUARD_RANDOMIZE): Add.
+ * sysdeps/unix/sysv/linux/dl-osinfo.h: Include stdint.h.
+ (_dl_setup_stack_chk_guard): New inline function.
+ * sysdeps/generic/dl-osinfo.h: Include stdint.h.
+ (_dl_setup_stack_chk_guard): New inline function.
+ * elf/rtld.c (__stack_chk_guard): New variable.
+ (dl_main): Remove all traces of TLS_INIT_TP_EXPENSIVE.
+ Set __stack_chk_guard to _dl_setup_stack_chk_guard (),
+ use THREAD_SET_STACK_GUARD if defined.
+ * elf/Versions (ld): Export __stack_chk_guard@@GLIBC_2.4.
+ * sysdeps/generic/libc-start.c (__stack_chk_guard): New variable.
+ (__libc_start_main): Set __stack_chk_guard to
+ _dl_setup_stack_chk_guard (), use THREAD_SET_STACK_GUARD if defined.
+ * sysdeps/generic/libc-tls.c (__libc_setup_tls): Remove all
+ traces of TLS_INIT_TP_EXPENSIVE.
+ * debug/Versions (libc): Export __stack_chk_fail@@GLIBC_2.4.
+ * debug/Makefile (routines): Add stack_chk_fail.
+ (static-only-routines): Add stack_chk_fail_local.
+ * debug/stack_chk_fail_local.c: New file.
+ * debug/stack_chk_fail.c: New file.
+ * elf/Makefile: Add rules to build and run tst-stackguard1{,-static}
+ tests.
+ * elf/tst-stackguard1.c: New file.
+ * elf/tst-stackguard1-static.c: New file.
+ * elf/stackguard-macros.h: New file.
+
2005-06-21 Ulrich Drepper <drepper@redhat.com>
* resource/Makefile (tests): Add tst-getrlimit.
GLIBC_2.0
GLIBC_2.1
GLIBC_2.3
+ GLIBC_2.4
GLIBC_PRIVATE
}
libthread_db {
/* Define if your assembler and linker support R_PPC_REL16* relocs. */
#undef HAVE_ASM_PPC_REL16
+/* Define if __stack_chk_guard canary should be randomized at program startup. */
+#undef ENABLE_STACKGUARD_RANDOMIZE
+
/*
\f */
objects [default=yes if supported]
--enable-oldest-abi=ABI configure the oldest ABI supported [e.g. 2.2]
[default=glibc default]
+ --enable-stackguard-randomization
+ initialize __stack_chk_guard canary with a random
+ number at program start
--enable-add-ons[=DIRS...]
configure and build add-ons in DIR1,DIR2,... search
for add-ons if no parameter given
fi
+# Check whether --enable-stackguard-randomization or --disable-stackguard-randomization was given.
+if test "${enable_stackguard_randomization+set}" = set; then
+ enableval="$enable_stackguard_randomization"
+ enable_stackguard_randomize=$enableval
+else
+ enable_stackguard_randomize=no
+fi;
+if test "$enable_stackguard_randomize" = yes; then
+ cat >>confdefs.h <<\_ACEOF
+#define ENABLE_STACKGUARD_RANDOMIZE 1
+_ACEOF
+
+fi
+
# Check whether --enable-add-ons or --disable-add-ons was given.
if test "${enable_add_ons+set}" = set; then
enableval="$enable_add_ons"
fi
AC_SUBST(oldest_abi)
+AC_ARG_ENABLE([stackguard-randomization],
+ AC_HELP_STRING([--enable-stackguard-randomization],
+ [initialize __stack_chk_guard canary with a random number at program start]),
+ [enable_stackguard_randomize=$enableval],
+ [enable_stackguard_randomize=no])
+if test "$enable_stackguard_randomize" = yes; then
+ AC_DEFINE(ENABLE_STACKGUARD_RANDOMIZE)
+fi
+
dnl Generic infrastructure for drop-in additions to libc.
AC_ARG_ENABLE([add-ons],
AC_HELP_STRING([--enable-add-ons@<:@=DIRS...@:>@],
printf_chk fprintf_chk vprintf_chk vfprintf_chk \
gets_chk chk_fail readonly-area fgets_chk fgets_u_chk \
read_chk pread_chk pread64_chk recv_chk recvfrom_chk \
- readlink_chk getwd_chk getcwd_chk \
+ readlink_chk getwd_chk getcwd_chk stack_chk_fail \
$(static-only-routines)
-static-only-routines := warning-nop
+static-only-routines := warning-nop stack_chk_fail_local
CFLAGS-backtrace.c = -fno-omit-frame-pointer
CFLAGS-sprintf_chk.c = -D_IO_MTSAFE_IO
__read_chk; __pread_chk; __pread64_chk;
__readlink_chk; __getcwd_chk; __getwd_chk;
__recv_chk; __recvfrom_chk;
+
+ __stack_chk_fail;
}
}
--- /dev/null
+/* Copyright (C) 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+
+extern char **__libc_argv attribute_hidden;
+
+void
+__attribute__ ((noreturn))
+__stack_chk_fail (void)
+{
+ /* The loop is added only to keep gcc happy. */
+ while (1)
+ __libc_message (1, "*** stack smashing detected ***: %s terminated\n",
+ __libc_argv[0] ?: "<unknown>");
+}
--- /dev/null
+/* Copyright (C) 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+#include <sys/cdefs.h>
+
+extern void __stack_chk_fail (void) __attribute__ ((noreturn));
+
+/* On some architectures, this helps needless PIC pointer setup
+ that would be needed just for the __stack_chk_fail call. */
+
+void __attribute__ ((noreturn)) attribute_hidden
+__stack_chk_fail_local (void)
+{
+ __stack_chk_fail ();
+}
unload3mod1.c unload3mod2.c unload3mod3.c unload3mod4.c \
unload4mod1.c unload4mod2.c unload4mod3.c unload4mod4.c \
unload6mod1.c unload6mod2.c unload6mod3.c tst-auditmod1.c \
- order2mod1.c order2mod2.c order2mod3.c order2mod4.c
+ order2mod1.c order2mod2.c order2mod3.c order2mod4.c \
+ tst-stackguard1.c tst-stackguard1-static.c
CFLAGS-dl-runtime.c = -fexceptions -fasynchronous-unwind-tables
CFLAGS-dl-lookup.c = -fexceptions -fasynchronous-unwind-tables
tests += tst-array1 tst-array2 tst-array3 tst-array4
endif
ifeq (yes,$(build-static))
-tests-static = tst-tls1-static tst-tls2-static
+tests-static = tst-tls1-static tst-tls2-static tst-stackguard1-static
ifeq (yesyesyes,$(build-static)$(build-shared)$(elf))
tests-static += tst-tls9-static
tst-tls9-static-ENV = \
tst-tls10 tst-tls11 tst-tls12 tst-tls13 tst-tls14 tst-tls15 tst-align \
tst-align2 $(tests-execstack-$(have-z-execstack)) tst-dlmodcount \
tst-dlopenrpath tst-deep1 tst-dlmopen1 tst-dlmopen2 tst-dlmopen3 \
- unload3 unload4 unload5 unload6 tst-audit1 tst-global1 order2
+ unload3 unload4 unload5 unload6 tst-audit1 tst-global1 order2 \
+ tst-stackguard1
# reldep9
test-srcs = tst-pathopt
tests-vis-yes = vismain
$(objpfx)order2mod4.so: $(objpfx)order2mod3.so
$(objpfx)order2mod2.so: $(objpfx)order2mod3.so
order2mod2.so-no-z-defs = yes
+
+tst-stackguard1-ARGS = --command "$(built-program-cmd) --child"
+tst-stackguard1-static-ARGS = --command "$(objpfx)tst-stackguard1-static --child"
# runtime interface to TLS
__tls_get_addr;
}
+ GLIBC_2.4 {
+ # stack canary
+ __stack_chk_guard;
+ }
GLIBC_PRIVATE {
# Those are in the dynamic linker, but used by libc.so.
__libc_enable_secure;
#endif
INTDEF(_dl_argv)
+#ifndef THREAD_SET_STACK_GUARD
+/* Only exported for architectures that don't store the stack guard canary
+ in thread local area. */
+uintptr_t __stack_chk_guard attribute_relro;
+#endif
+
/* Nonzero if we were run directly. */
unsigned int _dl_skip_args attribute_relro attribute_hidden;
always allocate the static block, we never defer it even if
no DF_STATIC_TLS bit is set. The reason is that we know
glibc will use the static model. */
-# ifndef TLS_INIT_TP_EXPENSIVE
-# define TLS_INIT_TP_EXPENSIVE 0
-# endif
/* Since we start using the auditing DSOs right away we need to
initialize the data structures now. */
used. Trying to do it lazily is too hairy to try when there could be
multiple threads (from a non-TLS-using libpthread). */
bool was_tls_init_tp_called = tls_init_tp_called;
- if (tcbp == NULL && (!TLS_INIT_TP_EXPENSIVE || GL(dl_tls_max_dtv_idx) > 0))
+ if (tcbp == NULL)
tcbp = init_tls ();
#endif
+ /* Set up the stack checker's canary. */
+ uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+#ifdef THREAD_SET_STACK_GUARD
+ THREAD_SET_STACK_GUARD (stack_chk_guard);
+#else
+ __stack_chk_guard = stack_chk_guard;
+#endif
+
if (__builtin_expect (mode, normal) != normal)
{
/* We were run just to list the shared libraries. It is
#endif
#ifdef USE_TLS
- if (GL(dl_tls_max_dtv_idx) > 0 || USE___THREAD || !TLS_INIT_TP_EXPENSIVE)
- {
- if (!was_tls_init_tp_called && GL(dl_tls_max_dtv_idx) > 0)
- ++GL(dl_tls_generation);
+ if (!was_tls_init_tp_called && GL(dl_tls_max_dtv_idx) > 0)
+ ++GL(dl_tls_generation);
- /* Now that we have completed relocation, the initializer data
- for the TLS blocks has its final values and we can copy them
- into the main thread's TLS area, which we allocated above. */
- _dl_allocate_tls_init (tcbp);
+ /* Now that we have completed relocation, the initializer data
+ for the TLS blocks has its final values and we can copy them
+ into the main thread's TLS area, which we allocated above. */
+ _dl_allocate_tls_init (tcbp);
- /* And finally install it for the main thread. If ld.so itself uses
- TLS we know the thread pointer was initialized earlier. */
- if (! tls_init_tp_called)
- {
- const char *lossage = TLS_INIT_TP (tcbp, USE___THREAD);
- if (__builtin_expect (lossage != NULL, 0))
- _dl_fatal_printf ("cannot set up thread-local storage: %s\n",
- lossage);
- }
+ /* And finally install it for the main thread. If ld.so itself uses
+ TLS we know the thread pointer was initialized earlier. */
+ if (! tls_init_tp_called)
+ {
+ const char *lossage = TLS_INIT_TP (tcbp, USE___THREAD);
+ if (__builtin_expect (lossage != NULL, 0))
+ _dl_fatal_printf ("cannot set up thread-local storage: %s\n",
+ lossage);
}
- else
+#else
+ NONTLS_INIT_TP;
#endif
- NONTLS_INIT_TP;
#ifdef SHARED
/* Auditing checkpoint: we have added all objects. */
--- /dev/null
+#include <stdint.h>
+
+#ifdef __i386__
+# define STACK_CHK_GUARD \
+ ({ uintptr_t x; asm ("movl %%gs:0x14, %0" : "=r" (x)); x; })
+#elif defined __x86_64__
+# define STACK_CHK_GUARD \
+ ({ uintptr_t x; asm ("movq %%fs:0x28, %0" : "=r" (x)); x; })
+#elif defined __powerpc64__
+# define STACK_CHK_GUARD \
+ ({ uintptr_t x; asm ("ld %0,-28688(13)" : "=r" (x)); x; })
+#elif defined __powerpc__
+# define STACK_CHK_GUARD \
+ ({ uintptr_t x; asm ("lwz %0,-28680(2)" : "=r" (x)); x; })
+#elif defined __sparc__ && defined __arch64__
+# define STACK_CHK_GUARD \
+ ({ uintptr_t x; asm ("ldx [%%g7+0x28], %0" : "=r" (x)); x; })
+#elif defined __sparc__
+# define STACK_CHK_GUARD \
+ ({ uintptr_t x; asm ("ld [%%g7+0x14], %0" : "=r" (x)); x; })
+#elif defined __s390x__
+# define STACK_CHK_GUARD \
+ ({ uintptr_t x; asm ("ear %0,%a0; sllg %0,%0,32; ear %0,%a1; lg %0,0x28(%0)" : "=r" (x)); x; })
+#elif defined __s390__
+# define STACK_CHK_GUARD \
+ ({ uintptr_t x; asm ("ear %0,%%a0; l %0,0x14(%0)" : "=r" (x)); x; })
+#else
+extern uintptr_t __stack_chk_guard;
+# define STACK_CHK_GUARD __stack_chk_guard
+#endif
--- /dev/null
+#include "tst-stackguard1.c"
--- /dev/null
+/* Copyright (C) 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+ Contributed by Jakub Jelinek <jakub@redhat.com>, 2005.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+#include <errno.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/wait.h>
+#include <stackguard-macros.h>
+#include <unistd.h>
+
+static const char *command;
+static bool child;
+static uintptr_t stack_chk_guard_copy;
+static bool stack_chk_guard_copy_set;
+static int fds[2];
+
+static void __attribute__ ((constructor))
+con (void)
+{
+ stack_chk_guard_copy = STACK_CHK_GUARD;
+ stack_chk_guard_copy_set = true;
+}
+
+static int
+uintptr_t_cmp (const void *a, const void *b)
+{
+ if (*(uintptr_t *) a < *(uintptr_t *) b)
+ return 1;
+ if (*(uintptr_t *) a > *(uintptr_t *) b)
+ return -1;
+ return 0;
+}
+
+static int
+do_test (void)
+{
+ if (!stack_chk_guard_copy_set)
+ {
+ puts ("constructor has not been run");
+ return 1;
+ }
+
+ if (stack_chk_guard_copy != STACK_CHK_GUARD)
+ {
+ puts ("STACK_CHK_GUARD changed between constructor and do_test");
+ return 1;
+ }
+
+ if (child)
+ {
+ write (2, &stack_chk_guard_copy, sizeof (stack_chk_guard_copy));
+ return 0;
+ }
+
+ if (command == NULL)
+ {
+ puts ("missing --command or --child argument");
+ return 1;
+ }
+
+#define N 16
+ uintptr_t child_stack_chk_guards[N + 1];
+ child_stack_chk_guards[N] = stack_chk_guard_copy;
+ int i;
+ for (i = 0; i < N; ++i)
+ {
+ if (pipe (fds) < 0)
+ {
+ printf ("couldn't create pipe: %m\n");
+ return 1;
+ }
+
+ pid_t pid = fork ();
+ if (pid < 0)
+ {
+ printf ("fork failed: %m\n");
+ return 1;
+ }
+
+ if (!pid)
+ {
+ if (stack_chk_guard_copy != STACK_CHK_GUARD)
+ {
+ puts ("STACK_CHK_GUARD changed after fork");
+ exit (1);
+ }
+
+ close (fds[0]);
+ close (2);
+ dup2 (fds[1], 2);
+ close (fds[1]);
+
+ system (command);
+ exit (0);
+ }
+
+ close (fds[1]);
+
+ if (TEMP_FAILURE_RETRY (read (fds[0], &child_stack_chk_guards[i],
+ sizeof (uintptr_t))) != sizeof (uintptr_t))
+ {
+ puts ("could not read stack_chk_guard value from child");
+ return 1;
+ }
+
+ close (fds[0]);
+
+ pid_t termpid;
+ int status;
+ termpid = TEMP_FAILURE_RETRY (waitpid (pid, &status, 0));
+ if (termpid == -1)
+ {
+ printf ("waitpid failed: %m\n");
+ return 1;
+ }
+ else if (termpid != pid)
+ {
+ printf ("waitpid returned %ld != %ld\n",
+ (long int) termpid, (long int) pid);
+ return 1;
+ }
+ else if (!WIFEXITED (status) || WEXITSTATUS (status))
+ {
+ puts ("child hasn't exited with exit status 0");
+ return 1;
+ }
+ }
+
+ qsort (child_stack_chk_guards, N + 1, sizeof (uintptr_t), uintptr_t_cmp);
+
+ uintptr_t default_guard = 0;
+ unsigned char *p = (unsigned char *) &default_guard;
+ p[sizeof (uintptr_t) - 1] = 255;
+ p[sizeof (uintptr_t) - 2] = '\n';
+ p[0] = 0;
+
+ /* Test if the stack guard canaries are either randomized,
+ or equal to the default stack guard canary value.
+ Even with randomized stack guards it might happen
+ that the random number generator generates the same
+ values, but if that happens in more than half from
+ the 16 runs, something is very wrong. */
+ int ndifferences = 0;
+ int ndefaults = 0;
+ for (i = 0; i < N; ++i)
+ {
+ if (child_stack_chk_guards[i] != child_stack_chk_guards[i+1])
+ ndifferences++;
+ else if (child_stack_chk_guards[i] == default_guard)
+ ndefaults++;
+ }
+
+ printf ("differences %d defaults %d\n", ndifferences, ndefaults);
+
+ if (ndifferences < N / 2 && ndefaults < N / 2)
+ {
+ puts ("stack guard canaries are not randomized enough");
+ puts ("nor equal to the default canary value");
+ return 1;
+ }
+
+ return 0;
+}
+
+#define OPT_COMMAND 10000
+#define OPT_CHILD 10001
+#define CMDLINE_OPTIONS \
+ { "command", required_argument, NULL, OPT_COMMAND }, \
+ { "child", no_argument, NULL, OPT_CHILD },
+#define CMDLINE_PROCESS \
+ case OPT_COMMAND: \
+ command = optarg; \
+ break; \
+ case OPT_CHILD: \
+ child = true; \
+ break;
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
tst-oncex3 tst-oncex4
endif
ifeq ($(build-shared),yes)
-tests += tst-atfork2 tst-tls3 tst-tls4 tst-tls5 tst-_res1 tst-fini1
+tests += tst-atfork2 tst-tls3 tst-tls4 tst-tls5 tst-_res1 tst-fini1 \
+ tst-stackguard1
tests-nolibpthread += tst-fini1
ifeq ($(have-z-execstack),yes)
tests += tst-execstack
$(common-objpfx)libc.a
ifeq ($(build-static),yes)
-tests-static += tst-locale1 tst-locale2
+tests-static += tst-locale1 tst-locale2 tst-stackguard1-static
+tests += tst-stackguard1-static
xtests-static += tst-setuid1-static
endif
# These tests are linked with libc before libpthread
$(objpfx)tst-fini1mod.so: $(shared-thread-library)
+tst-stackguard1-ARGS = --command "$(built-program-cmd) --child"
+tst-stackguard1-static-ARGS = --command "$(objpfx)tst-stackguard1-static --child"
+
# The tests here better do not run in parallel
ifneq ($(filter %tests,$(MAKECMDGOALS)),)
.NOTPARALLEL:
pd->schedpolicy = self->schedpolicy;
pd->schedparam = self->schedparam;
+ /* Copy the stack guard canary. */
+#ifdef THREAD_COPY_STACK_GUARD
+ THREAD_COPY_STACK_GUARD (pd);
+#endif
+
/* Determine scheduling parameters for the thread. */
if (attr != NULL
&& __builtin_expect ((iattr->flags & ATTR_FLAG_NOTINHERITSCHED) != 0, 0)
void *self; /* Pointer to the thread descriptor. */
int multiple_threads;
uintptr_t sysinfo;
+ uintptr_t stack_guard;
} tcbhead_t;
# define TLS_MULTIPLE_THREADS_IN_TCB 1
__res; })
+/* Set the stack guard field in TCB head. */
+#define THREAD_SET_STACK_GUARD(value) \
+ THREAD_SETMEM (THREAD_SELF, header.stack_guard, value)
+#define THREAD_COPY_STACK_GUARD(descr) \
+ ((descr)->header.stack_guard \
+ = THREAD_GETMEM (THREAD_SELF, header.stack_guard))
+
+
#endif /* __ASSEMBLER__ */
#endif /* tls.h */
/* Get the thread descriptor definition. */
# include <nptl/descr.h>
-/* This layout is actually wholly private and not affected by the ABI.
- Nor does it overlap the pthread data structure, so we need nothing
- extra here at all. */
+/* The stack_guard is accessed directly by GCC -fstack-protector code,
+ so it is a part of public ABI. The dtv field is private. */
typedef struct
{
+ uintptr_t stack_guard;
dtv_t *dtv;
} tcbhead_t;
/* Return the address of the dtv for the current thread. */
# define THREAD_DTV() \
- (((tcbhead_t *) (__thread_register - TLS_TCB_OFFSET))[-1].dtv)
+ (((tcbhead_t *) (__thread_register - TLS_TCB_OFFSET))[-1].dtv)
/* Return the thread descriptor for the current thread. */
# define THREAD_SELF \
/* Magic for libthread_db to know how to do THREAD_SELF. */
# define DB_THREAD_SELF \
- REGISTER (32, 32, PT_THREAD_POINTER * 4, \
+ REGISTER (32, 32, PT_THREAD_POINTER * 4, \
- TLS_TCB_OFFSET - TLS_PRE_TCB_SIZE) \
- REGISTER (64, 64, PT_THREAD_POINTER * 8, \
+ REGISTER (64, 64, PT_THREAD_POINTER * 8, \
- TLS_TCB_OFFSET - TLS_PRE_TCB_SIZE)
/* Read member of the thread descriptor directly. */
# define THREAD_SETMEM_NC(descr, member, idx, value) \
((void)(descr), (THREAD_SELF)->member[idx] = (value))
+/* Set the stack guard field in TCB head. */
+# define THREAD_SET_STACK_GUARD(value) \
+ (((tcbhead_t *) ((char *) __thread_register \
+ - TLS_TCB_OFFSET))[-1].stack_guard = (value))
+# define THREAD_COPY_STACK_GUARD(descr) \
+ (((tcbhead_t *) ((char *) (descr) \
+ + TLS_PRE_TCB_SIZE))[-1].stack_guard \
+ = ((tcbhead_t *) ((char *) __thread_register \
+ - TLS_TCB_OFFSET))[-1].stack_guard)
+
/* l_tls_offset == 0 is perfectly valid on PPC, so we have to use some
different value to mean unset l_tls_offset. */
# define NO_TLS_OFFSET -1
dtv_t *dtv;
void *self; /* Pointer to the thread descriptor. */
int multiple_threads;
-# ifdef NEED_DL_SYSINFO
uintptr_t sysinfo;
-# endif
+ uintptr_t stack_guard;
} tcbhead_t;
# ifndef __s390x__
#define THREAD_SETMEM_NC(descr, member, idx, value) \
descr->member[idx] = (value)
+/* Set the stack guard field in TCB head. */
+#define THREAD_SET_STACK_GUARD(value) \
+ THREAD_SETMEM (THREAD_SELF, header.stack_guard, value)
+#define THREAD_COPY_STACK_GUARD(descr) \
+ ((descr)->header.stack_guard \
+ = THREAD_GETMEM (THREAD_SELF, header.stack_guard))
+
#endif /* __ASSEMBLER__ */
#endif /* tls.h */
dtv_t *dtv;
void *self;
int multiple_threads;
+ uintptr_t sysinfo;
+ uintptr_t stack_guard;
} tcbhead_t;
#else /* __ASSEMBLER__ */
#define THREAD_SETMEM_NC(descr, member, idx, value) \
descr->member[idx] = (value)
+/* Set the stack guard field in TCB head. */
+#define THREAD_SET_STACK_GUARD(value) \
+ THREAD_SETMEM (THREAD_SELF, header.stack_guard, value)
+# define THREAD_COPY_STACK_GUARD(descr) \
+ ((descr)->header.stack_guard \
+ = THREAD_GETMEM (THREAD_SELF, header.stack_guard))
+
#endif /* !ASSEMBLER */
#endif /* tls.h */
dtv_t *dtv;
void *self; /* Pointer to the thread descriptor. */
int multiple_threads;
+ uintptr_t sysinfo;
+ uintptr_t stack_guard;
} tcbhead_t;
#else /* __ASSEMBLER__ */
__res; })
+/* Set the stack guard field in TCB head. */
+# define THREAD_SET_STACK_GUARD(value) \
+ THREAD_SETMEM (THREAD_SELF, header.stack_guard, value)
+# define THREAD_COPY_STACK_GUARD(descr) \
+ ((descr)->header.stack_guard \
+ = THREAD_GETMEM (THREAD_SELF, header.stack_guard))
+
#endif /* __ASSEMBLER__ */
#endif /* tls.h */
--- /dev/null
+#include "tst-stackguard1.c"
--- /dev/null
+/* Copyright (C) 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+ Contributed by Jakub Jelinek <jakub@redhat.com>, 2005.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+#include <errno.h>
+#include <pthread.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/wait.h>
+#include <elf/stackguard-macros.h>
+#include <unistd.h>
+
+static const char *command;
+static bool child;
+static uintptr_t stack_chk_guard_copy;
+static bool stack_chk_guard_copy_set;
+static int fds[2];
+
+static void __attribute__ ((constructor))
+con (void)
+{
+ stack_chk_guard_copy = STACK_CHK_GUARD;
+ stack_chk_guard_copy_set = true;
+}
+
+static int
+uintptr_t_cmp (const void *a, const void *b)
+{
+ if (*(uintptr_t *) a < *(uintptr_t *) b)
+ return 1;
+ if (*(uintptr_t *) a > *(uintptr_t *) b)
+ return -1;
+ return 0;
+}
+
+static void *
+tf (void *arg)
+{
+ if (stack_chk_guard_copy != STACK_CHK_GUARD)
+ {
+ puts ("STACK_CHK_GUARD changed in thread");
+ return (void *) 1L;
+ }
+ return NULL;
+}
+
+static int
+do_test (void)
+{
+ if (!stack_chk_guard_copy_set)
+ {
+ puts ("constructor has not been run");
+ return 1;
+ }
+
+ if (stack_chk_guard_copy != STACK_CHK_GUARD)
+ {
+ puts ("STACK_CHK_GUARD changed between constructor and do_test");
+ return 1;
+ }
+
+ if (child)
+ {
+ int i;
+ pthread_t th[4];
+ void *ret;
+ for (i = 0; i < 4; ++i)
+ if (pthread_create (&th[i], NULL, tf, NULL))
+ {
+ puts ("thread creation failed");
+ return 1;
+ }
+ for (i = 0; i < 4; ++i)
+ if (pthread_join (th[i], &ret))
+ {
+ puts ("thread join failed");
+ return 1;
+ }
+ else if (ret != NULL)
+ return 1;
+
+ write (2, &stack_chk_guard_copy, sizeof (stack_chk_guard_copy));
+ return 0;
+ }
+
+ if (command == NULL)
+ {
+ puts ("missing --command or --child argument");
+ return 1;
+ }
+
+#define N 16
+ uintptr_t child_stack_chk_guards[N + 1];
+ child_stack_chk_guards[N] = stack_chk_guard_copy;
+ int i;
+ for (i = 0; i < N; ++i)
+ {
+ if (pipe (fds) < 0)
+ {
+ printf ("couldn't create pipe: %m\n");
+ return 1;
+ }
+
+ pid_t pid = fork ();
+ if (pid < 0)
+ {
+ printf ("fork failed: %m\n");
+ return 1;
+ }
+
+ if (!pid)
+ {
+ if (stack_chk_guard_copy != STACK_CHK_GUARD)
+ {
+ puts ("STACK_CHK_GUARD changed after fork");
+ exit (1);
+ }
+
+ close (fds[0]);
+ close (2);
+ dup2 (fds[1], 2);
+ close (fds[1]);
+
+ system (command);
+ exit (0);
+ }
+
+ close (fds[1]);
+
+ if (TEMP_FAILURE_RETRY (read (fds[0], &child_stack_chk_guards[i],
+ sizeof (uintptr_t))) != sizeof (uintptr_t))
+ {
+ puts ("could not read stack_chk_guard value from child");
+ return 1;
+ }
+
+ close (fds[0]);
+
+ pid_t termpid;
+ int status;
+ termpid = TEMP_FAILURE_RETRY (waitpid (pid, &status, 0));
+ if (termpid == -1)
+ {
+ printf ("waitpid failed: %m\n");
+ return 1;
+ }
+ else if (termpid != pid)
+ {
+ printf ("waitpid returned %ld != %ld\n",
+ (long int) termpid, (long int) pid);
+ return 1;
+ }
+ else if (!WIFEXITED (status) || WEXITSTATUS (status))
+ {
+ puts ("child hasn't exited with exit status 0");
+ return 1;
+ }
+ }
+
+ qsort (child_stack_chk_guards, N + 1, sizeof (uintptr_t), uintptr_t_cmp);
+
+ uintptr_t default_guard = 0;
+ unsigned char *p = (unsigned char *) &default_guard;
+ p[sizeof (uintptr_t) - 1] = 255;
+ p[sizeof (uintptr_t) - 2] = '\n';
+ p[0] = 0;
+
+ /* Test if the stack guard canaries are either randomized,
+ or equal to the default stack guard canary value.
+ Even with randomized stack guards it might happen
+ that the random number generator generates the same
+ values, but if that happens in more than half from
+ the 16 runs, something is very wrong. */
+ int ndifferences = 0;
+ int ndefaults = 0;
+ for (i = 0; i < N; ++i)
+ {
+ if (child_stack_chk_guards[i] != child_stack_chk_guards[i+1])
+ ndifferences++;
+ else if (child_stack_chk_guards[i] == default_guard)
+ ndefaults++;
+ }
+
+ printf ("differences %d defaults %d\n", ndifferences, ndefaults);
+
+ if (ndifferences < N / 2 && ndefaults < N / 2)
+ {
+ puts ("stack guard canaries are not randomized enough");
+ puts ("nor equal to the default canary value");
+ return 1;
+ }
+
+ return 0;
+}
+
+#define OPT_COMMAND 10000
+#define OPT_CHILD 10001
+#define CMDLINE_OPTIONS \
+ { "command", required_argument, NULL, OPT_COMMAND }, \
+ { "child", no_argument, NULL, OPT_CHILD },
+#define CMDLINE_PROCESS \
+ case OPT_COMMAND: \
+ command = optarg; \
+ break; \
+ case OPT_CHILD: \
+ child = true; \
+ break;
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
-/* Nothing needed in general. */
+#include <stdint.h>
+
+static inline uintptr_t __attribute__ ((always_inline))
+_dl_setup_stack_chk_guard (void)
+{
+ uintptr_t ret = 0;
+ unsigned char *p = (unsigned char *) &ret;
+ p[sizeof (ret) - 1] = 255;
+ p[sizeof (ret) - 2] = '\n';
+ p[0] = 0;
+ return ret;
+}
__attribute__ ((weak))
# endif
;
+# ifndef THREAD_SET_STACK_GUARD
+/* Only exported for architectures that don't store the stack guard canary
+ in thread local area. */
+uintptr_t __stack_chk_guard attribute_relro;
+# endif
#endif
#ifdef HAVE_PTR_NTHREADS
__pthread_initialize_minimal ();
#endif
+# ifndef SHARED
+ /* Set up the stack checker's canary. */
+ uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+# ifdef THREAD_SET_STACK_GUARD
+ THREAD_SET_STACK_GUARD (stack_chk_guard);
+# else
+ __stack_chk_guard = stack_chk_guard;
+# endif
+#endif
+
/* Register the destructor of the dynamic linker if there is any. */
if (__builtin_expect (rtld_fini != NULL, 1))
__cxa_atexit ((void (*) (void *)) rtld_fini, NULL, NULL);
break;
}
-#ifdef TLS_INIT_TP_EXPENSIVE
- if (memsz == 0 && tcbsize <= TLS_INIT_TCB_SIZE)
- {
- /* We do not need a TLS block and no thread descriptor. */
-# ifdef NONTLS_INIT_TP
- NONTLS_INIT_TP;
-# endif
- return;
- }
-#endif
-
/* We have to set up the TCB block which also (possibly) contains
'errno'. Therefore we avoid 'malloc' which might touch 'errno'.
Instead we use 'sbrk' which would only uses 'errno' if it fails.
#include <sys/utsname.h>
#include "kernel-features.h"
#include <dl-sysdep.h>
+#include <stdint.h>
#ifndef MIN
# define MIN(a,b) (((a)<(b))?(a):(b))
else if (__LINUX_KERNEL_VERSION > 0) \
FATAL ("FATAL: cannot determine kernel version\n"); \
} while (0)
+
+static inline uintptr_t __attribute__ ((always_inline))
+_dl_setup_stack_chk_guard (void)
+{
+ uintptr_t ret;
+#ifdef ENABLE_STACKGUARD_RANDOMIZE
+ int fd = __open ("/dev/urandom", O_RDONLY);
+ if (fd >= 0)
+ {
+ ssize_t reslen = __read (fd, &ret, sizeof (ret));
+ __close (fd);
+ if (reslen == (ssize_t) sizeof (ret))
+ return ret;
+ }
+#endif
+ ret = 0;
+ unsigned char *p = (unsigned char *) &ret;
+ p[sizeof (ret) - 1] = 255;
+ p[sizeof (ret) - 2] = '\n';
+ return ret;
+}
projects / thirdparty / glibc.git / commitdiff
