aboutsummaryrefslogtreecommitdiff
path: root/sysdeps/s390
diff options
context:
space:
mode:
authorCarlos O'Donell <carlos@redhat.com>2013-09-23 00:52:09 -0400
committerCarlos O'Donell <carlos@redhat.com>2013-09-23 00:52:09 -0400
commitc61b4d41c9647a54a329aa021341c0eb032b793e (patch)
treec4a665c232a7d37786a6f3b5e3f56d0ae11480e8 /sysdeps/s390
parent58a96064d193317236b740998e134b652d3d62ad (diff)
downloadglibc-c61b4d41c9647a54a329aa021341c0eb032b793e.zip
glibc-c61b4d41c9647a54a329aa021341c0eb032b793e.tar.gz
glibc-c61b4d41c9647a54a329aa021341c0eb032b793e.tar.bz2
BZ #15754: CVE-2013-4788
The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature being disabled. The pointer guard is now correctly initialized to a random value for static applications. Existing static applications need to be recompiled to take advantage of the fix. The test tst-ptrguard1-static and tst-ptrguard1 add regression coverage to ensure the pointer guards are sufficiently random and initialized to a default value.
Diffstat (limited to 'sysdeps/s390')
-rw-r--r--sysdeps/s390/s390-32/stackguard-macros.h11
-rw-r--r--sysdeps/s390/s390-64/stackguard-macros.h14
2 files changed, 25 insertions, 0 deletions
diff --git a/sysdeps/s390/s390-32/stackguard-macros.h b/sysdeps/s390/s390-32/stackguard-macros.h
index b74c579..449e8d4 100644
--- a/sysdeps/s390/s390-32/stackguard-macros.h
+++ b/sysdeps/s390/s390-32/stackguard-macros.h
@@ -2,3 +2,14 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("ear %0,%%a0; l %0,0x14(%0)" : "=a" (x)); x; })
+
+/* On s390/s390x there is no unique pointer guard, instead we use the
+ same value as the stack guard. */
+#define POINTER_CHK_GUARD \
+ ({ \
+ uintptr_t x; \
+ asm ("ear %0,%%a0; l %0,%1(%0)" \
+ : "=a" (x) \
+ : "i" (offsetof (tcbhead_t, stack_guard))); \
+ x; \
+ })
diff --git a/sysdeps/s390/s390-64/stackguard-macros.h b/sysdeps/s390/s390-64/stackguard-macros.h
index 0cebb5f..c8270fb 100644
--- a/sysdeps/s390/s390-64/stackguard-macros.h
+++ b/sysdeps/s390/s390-64/stackguard-macros.h
@@ -2,3 +2,17 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("ear %0,%%a0; sllg %0,%0,32; ear %0,%%a1; lg %0,0x28(%0)" : "=a" (x)); x; })
+
+/* On s390/s390x there is no unique pointer guard, instead we use the
+ same value as the stack guard. */
+#define POINTER_CHK_GUARD \
+ ({ \
+ uintptr_t x; \
+ asm ("ear %0,%%a0;" \
+ "sllg %0,%0,32;" \
+ "ear %0,%%a1;" \
+ "lg %0,%1(%0)" \
+ : "=a" (x) \
+ : "i" (offsetof (tcbhead_t, stack_guard))); \
+ x; \
+ })