From de6591238b478bc86b8cf5af01a484114e399213 Mon Sep 17 00:00:00 2001 From: Nick Alcock Date: Mon, 26 Dec 2016 10:08:41 +0100 Subject: Do not stack-protect ifunc resolvers [BZ #7065] When dynamically linking, ifunc resolvers are called before TLS is initialized, so they cannot be safely stack-protected. We avoid disabling stack-protection on large numbers of files by using __attribute__ ((__optimize__ ("-fno-stack-protector"))) to turn it off just for the resolvers themselves. (We provide the attribute even when statically linking, because we will later use it elsewhere too.) --- sysdeps/generic/ifunc-sel.h | 2 ++ sysdeps/nacl/nacl_interface_query.c | 1 + sysdeps/powerpc/ifunc-sel.h | 2 ++ sysdeps/unix/make-syscalls.sh | 1 + sysdeps/unix/sysv/linux/x86_64/x32/getcpu.c | 1 + sysdeps/x86_64/ifuncmod8.c | 1 + 6 files changed, 8 insertions(+) (limited to 'sysdeps') diff --git a/sysdeps/generic/ifunc-sel.h b/sysdeps/generic/ifunc-sel.h index 6a27b69..1fff405 100644 --- a/sysdeps/generic/ifunc-sel.h +++ b/sysdeps/generic/ifunc-sel.h @@ -5,6 +5,7 @@ extern int global; static inline void * +inhibit_stack_protector ifunc_sel (int (*f1) (void), int (*f2) (void), int (*f3) (void)) { switch (global) @@ -19,6 +20,7 @@ ifunc_sel (int (*f1) (void), int (*f2) (void), int (*f3) (void)) } static inline void * +inhibit_stack_protector ifunc_one (int (*f1) (void)) { return f1; diff --git a/sysdeps/nacl/nacl_interface_query.c b/sysdeps/nacl/nacl_interface_query.c index adf1dd4..dbaa88b 100644 --- a/sysdeps/nacl/nacl_interface_query.c +++ b/sysdeps/nacl/nacl_interface_query.c @@ -29,6 +29,7 @@ extern TYPE_nacl_irt_query nacl_interface_query_ifunc (void) asm ("nacl_interface_query"); TYPE_nacl_irt_query +inhibit_stack_protector nacl_interface_query_ifunc (void) { return &__nacl_irt_query; diff --git a/sysdeps/powerpc/ifunc-sel.h b/sysdeps/powerpc/ifunc-sel.h index ac589bd..bdb00bf 100644 --- a/sysdeps/powerpc/ifunc-sel.h +++ b/sysdeps/powerpc/ifunc-sel.h @@ -5,6 +5,7 @@ extern int global; static inline void * +inhibit_stack_protector ifunc_sel (int (*f1) (void), int (*f2) (void), int (*f3) (void)) { register void *ret __asm__ ("r3"); @@ -32,6 +33,7 @@ ifunc_sel (int (*f1) (void), int (*f2) (void), int (*f3) (void)) } static inline void * +inhibit_stack_protector ifunc_one (int (*f1) (void)) { register void *ret __asm__ ("r3"); diff --git a/sysdeps/unix/make-syscalls.sh b/sysdeps/unix/make-syscalls.sh index 58d165e..123553c 100644 --- a/sysdeps/unix/make-syscalls.sh +++ b/sysdeps/unix/make-syscalls.sh @@ -287,6 +287,7 @@ while read file srcfile caller syscall args strong weak; do (echo '#include '; \\ echo 'extern void *${strong}_ifunc (void) __asm ("${strong}");'; \\ echo 'void *'; \\ + echo 'inhibit_stack_protector'; \\ echo '${strong}_ifunc (void)'; \\ echo '{'; \\ echo ' PREPARE_VERSION_KNOWN (symver, ${vdso_symver});'; \\ diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/getcpu.c b/sysdeps/unix/sysv/linux/x86_64/x32/getcpu.c index cbac4b3..8436f9d 100644 --- a/sysdeps/unix/sysv/linux/x86_64/x32/getcpu.c +++ b/sysdeps/unix/sysv/linux/x86_64/x32/getcpu.c @@ -21,6 +21,7 @@ void *getcpu_ifunc (void) __asm__ ("__getcpu"); void * +inhibit_stack_protector getcpu_ifunc (void) { PREPARE_VERSION (linux26, "LINUX_2.6", 61765110); diff --git a/sysdeps/x86_64/ifuncmod8.c b/sysdeps/x86_64/ifuncmod8.c index c004367..7c06562 100644 --- a/sysdeps/x86_64/ifuncmod8.c +++ b/sysdeps/x86_64/ifuncmod8.c @@ -28,6 +28,7 @@ foo_impl (float x) } void * +inhibit_stack_protector foo_ifunc (void) { __m128i xmm = _mm_set1_epi32 (-1); -- cgit v1.1