diff options
author | Nick Alcock <nick.alcock@oracle.com> | 2016-12-26 10:08:41 +0100 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2016-12-26 10:08:41 +0100 |
commit | de6591238b478bc86b8cf5af01a484114e399213 (patch) | |
tree | 2717c115fbc7518fcbe9348239ff536eb914d267 /include | |
parent | 003a27e8195470f470f4d9384ca70d4e9fc8bd1b (diff) | |
download | glibc-de6591238b478bc86b8cf5af01a484114e399213.zip glibc-de6591238b478bc86b8cf5af01a484114e399213.tar.gz glibc-de6591238b478bc86b8cf5af01a484114e399213.tar.bz2 |
Do not stack-protect ifunc resolvers [BZ #7065]
When dynamically linking, ifunc resolvers are called before TLS is
initialized, so they cannot be safely stack-protected.
We avoid disabling stack-protection on large numbers of files by
using __attribute__ ((__optimize__ ("-fno-stack-protector")))
to turn it off just for the resolvers themselves. (We provide
the attribute even when statically linking, because we will later
use it elsewhere too.)
Diffstat (limited to 'include')
-rw-r--r-- | include/libc-symbols.h | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/include/libc-symbols.h b/include/libc-symbols.h index 4238d79..d981e67 100644 --- a/include/libc-symbols.h +++ b/include/libc-symbols.h @@ -336,6 +336,16 @@ for linking") #define attribute_relro __attribute__ ((section (".data.rel.ro"))) + +/* Used to disable stack protection in sensitive places, like ifunc + resolvers and early static TLS init. */ +#ifdef HAVE_CC_NO_STACK_PROTECTOR +# define inhibit_stack_protector \ + __attribute__ ((__optimize__ ("-fno-stack-protector"))) +#else +# define inhibit_stack_protector +#endif + /* The following macros are used for PLT bypassing within libc.so (and if needed other libraries similarly). First of all, you need to have the function prototyped somewhere, @@ -737,7 +747,7 @@ for linking") /* Helper / base macros for indirect function symbols. */ #define __ifunc_resolver(type_name, name, expr, arg, init, classifier) \ - classifier void *name##_ifunc (arg) \ + classifier inhibit_stack_protector void *name##_ifunc (arg) \ { \ init (); \ __typeof (type_name) *res = expr; \ |