diff options
| author | H.J. Lu <hjl.tools@gmail.com> | 2018-07-30 16:14:46 -0700 |
|---|---|---|
| committer | H.J. Lu <hjl.tools@gmail.com> | 2018-07-30 16:15:38 -0700 |
| commit | 98864ed0e055583707e37cdb7d41a9cdeac4473b (patch) | |
| tree | acf6ed5508969c54b0489b917d40df7e9a79236e /sysdeps/x86 | |
| parent | c92a00d865638cebcfd13cfe0c3e811f565fe43b (diff) | |
| download | glibc-98864ed0e055583707e37cdb7d41a9cdeac4473b.zip glibc-98864ed0e055583707e37cdb7d41a9cdeac4473b.tar.gz glibc-98864ed0e055583707e37cdb7d41a9cdeac4473b.tar.bz2 | |
x86/CET: Fix property note parser [BZ #23467]
GNU_PROPERTY_X86_FEATURE_1_AND may not be the first property item. We
need to check each property item until we reach the end of the property
or find GNU_PROPERTY_X86_FEATURE_1_AND.
This patch adds 2 tests. The first test checks if IBT is enabled and
the second test reads the output from the first test to check if IBT
is is enabled. The second second test fails if IBT isn't enabled
properly.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
[BZ #23467]
* sysdeps/unix/sysv/linux/x86/Makefile (tests): Add
tst-cet-property-1 and tst-cet-property-2 if CET is enabled.
(CFLAGS-tst-cet-property-1.o): New.
(ASFLAGS-tst-cet-property-dep-2.o): Likewise.
($(objpfx)tst-cet-property-2): Likewise.
($(objpfx)tst-cet-property-2.out): Likewise.
* sysdeps/unix/sysv/linux/x86/tst-cet-property-1.c: New file.
* sysdeps/unix/sysv/linux/x86/tst-cet-property-2.c: Likewise.
* sysdeps/unix/sysv/linux/x86/tst-cet-property-dep-2.S: Likewise.
* sysdeps/x86/dl-prop.h (_dl_process_cet_property_note): Parse
each property item until GNU_PROPERTY_X86_FEATURE_1_AND is found.
Diffstat (limited to 'sysdeps/x86')
| -rw-r--r-- | sysdeps/x86/dl-prop.h | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/sysdeps/x86/dl-prop.h b/sysdeps/x86/dl-prop.h index 35d3f16..26c3131 100644 --- a/sysdeps/x86/dl-prop.h +++ b/sysdeps/x86/dl-prop.h @@ -73,7 +73,7 @@ _dl_process_cet_property_note (struct link_map *l, unsigned char *ptr = (unsigned char *) (note + 1) + 4; unsigned char *ptr_end = ptr + note->n_descsz; - while (ptr < ptr_end) + do { unsigned int type = *(unsigned int *) ptr; unsigned int datasz = *(unsigned int *) (ptr + 4); @@ -82,17 +82,28 @@ _dl_process_cet_property_note (struct link_map *l, if ((ptr + datasz) > ptr_end) break; - if (type == GNU_PROPERTY_X86_FEATURE_1_AND - && datasz == 4) + if (type == GNU_PROPERTY_X86_FEATURE_1_AND) { - unsigned int feature_1 = *(unsigned int *) ptr; - if ((feature_1 & GNU_PROPERTY_X86_FEATURE_1_IBT)) - l->l_cet |= lc_ibt; - if ((feature_1 & GNU_PROPERTY_X86_FEATURE_1_SHSTK)) - l->l_cet |= lc_shstk; - break; + /* The size of GNU_PROPERTY_X86_FEATURE_1_AND is 4 + bytes. When seeing GNU_PROPERTY_X86_FEATURE_1_AND, + we stop the search regardless if its size is correct + or not. There is no point to continue if this note + is ill-formed. */ + if (datasz == 4) + { + unsigned int feature_1 = *(unsigned int *) ptr; + if ((feature_1 & GNU_PROPERTY_X86_FEATURE_1_IBT)) + l->l_cet |= lc_ibt; + if ((feature_1 & GNU_PROPERTY_X86_FEATURE_1_SHSTK)) + l->l_cet |= lc_shstk; + } + return; } + + /* Check the next property item. */ + ptr += ALIGN_UP (datasz, sizeof (ElfW(Addr))); } + while ((ptr_end - ptr) >= 8); } /* NB: Note sections like .note.ABI-tag and .note.gnu.build-id are |