From 0dc5853b9ee33f9a02c1fb8894e91b89a379ee97 Mon Sep 17 00:00:00 2001 From: Mark Wielaard Date: Wed, 5 Jul 2017 09:57:48 +0000 Subject: [PATCH] Bug 381805 arm32 needs ld.so index hardwire for new glibc security fixes glibc added some security hardening adding (optimized) index/strchr calls in the LD_PRELOAD path: commit 6d0ba622891bed9d8394eef1935add53003b12e8 Author: Florian Weimer Date: Mon Jun 19 22:31:04 2017 +0200 ld.so: Reject overly long LD_PRELOAD path elements arm32 doesn't have an ld.so hardwire for index/strchr like other architectures and so will always complain during early startup: ==9495== Conditional jump or move depends on uninitialised value(s) ==9495== at 0x401CF84: index (in /usr/lib/ld-2.25.so) ==9495== ==9495== Conditional jump or move depends on uninitialised value(s) ==9495== at 0x401CF88: index (in /usr/lib/ld-2.25.so) index/strchr is doing a word load from a partially-written stack-allocated buffer, therefore accessing uninitialized data. This is normal for an optimized string function. The uninitialized data does not affect the function result. This can be suppressed by adding a index hardwire for ld.so on arm32 like on other arches. There even was already some commented out code to do that. Enable that code. git-svn-id: svn://svn.valgrind.org/valgrind/trunk@16458 --- NEWS | 1 + coregrind/m_redir.c | 11 +++++++++ coregrind/m_trampoline.S | 40 ++++++++++++++++----------------- coregrind/pub_core_trampoline.h | 2 +- 4 files changed, 33 insertions(+), 21 deletions(-) diff --git a/NEWS b/NEWS index dd1833a01b..01eab4cfe1 100644 --- a/NEWS +++ b/NEWS @@ -41,6 +41,7 @@ where XXXXXX is the bug number as listed below. 381289 epoll_pwait can have a NULL sigmask 381274 powerpc too chatty even with --sigill-diagnostics=no 381769 Use ucontext_t instead of struct ucontext +381805 arm32 needs ld.so index hardwire for new glibc security fixes Release 3.13.0 (15 June 2017) diff --git a/coregrind/m_redir.c b/coregrind/m_redir.c index b8cc0224ff..d54cae7966 100644 --- a/coregrind/m_redir.c +++ b/coregrind/m_redir.c @@ -1485,6 +1485,17 @@ void VG_(redir_initialise) ( void ) (Addr)&VG_(arm_linux_REDIR_FOR_strcmp), complain_about_stripped_glibc_ldso ); + /* index */ + add_hardwired_spec( + "ld-linux.so.3", "index", + (Addr)&VG_(arm_linux_REDIR_FOR_index), + complain_about_stripped_glibc_ldso + ); + add_hardwired_spec( + "ld-linux-armhf.so.3", "index", + (Addr)&VG_(arm_linux_REDIR_FOR_index), + complain_about_stripped_glibc_ldso + ); } # elif defined(VGP_arm64_linux) diff --git a/coregrind/m_trampoline.S b/coregrind/m_trampoline.S index a5320716f0..0488b54bdf 100644 --- a/coregrind/m_trampoline.S +++ b/coregrind/m_trampoline.S @@ -625,26 +625,26 @@ VG_(arm_linux_REDIR_FOR_strlen): bx lr UD2_4 -//.global VG_(arm_linux_REDIR_FOR_index) -//VG_(arm_linux_REDIR_FOR_index): -// ldrb r3, [r0, #0] @ zero_extendqisi2 -// and r1, r1, #255 -// cmp r3, r1 -// @ lr needed for prologue -// bne .L9 -// bx lr -//.L12: -// ldrb r3, [r0, #1]! @ zero_extendqisi2 -// cmp r3, r1 -// beq .L11 -//.L9: -// cmp r3, #0 -// bne .L12 -// mov r0, #0 -// bx lr -//.L11: -// bx lr -// UD2_4 +.global VG_(arm_linux_REDIR_FOR_index) +VG_(arm_linux_REDIR_FOR_index): + ldrb r3, [r0, #0] @ zero_extendqisi2 + and r1, r1, #255 + cmp r3, r1 + @ lr needed for prologue + bne .L9 + bx lr +.L12: + ldrb r3, [r0, #1]! @ zero_extendqisi2 + cmp r3, r1 + beq .L11 +.L9: + cmp r3, #0 + bne .L12 + mov r0, #0 + bx lr +.L11: + bx lr + UD2_4 .global VG_(arm_linux_REDIR_FOR_memcpy) VG_(arm_linux_REDIR_FOR_memcpy): diff --git a/coregrind/pub_core_trampoline.h b/coregrind/pub_core_trampoline.h index 3a9bafe1ca..e29427d72c 100644 --- a/coregrind/pub_core_trampoline.h +++ b/coregrind/pub_core_trampoline.h @@ -100,7 +100,7 @@ extern Addr VG_(ppctoc_magic_redirect_return_stub); extern Addr VG_(arm_linux_SUBST_FOR_sigreturn); extern Addr VG_(arm_linux_SUBST_FOR_rt_sigreturn); extern UInt VG_(arm_linux_REDIR_FOR_strlen)( void* ); -//extern void* VG_(arm_linux_REDIR_FOR_index) ( void*, Int ); +extern void* VG_(arm_linux_REDIR_FOR_index) ( void*, Int ); extern void* VG_(arm_linux_REDIR_FOR_memcpy)( void*, void*, Int ); extern void* VG_(arm_linux_REDIR_FOR_strcmp)( void*, void* ); #endif -- 2.47.2