From 2077db1be5b18b94a91095a3fb380bbc4a81e61b Mon Sep 17 00:00:00 2001 From: Caroline Tice Date: Tue, 6 Aug 2013 20:38:59 -0700 Subject: Commit the vtable verification feature. Commit the vtable verification feature. This feature is designed to detect, at run time, if/when the vtable pointer in a C++ object has been corrupted, before allowing virtual calls through that pointer. If pointer corruption is detected, execution of the program is halted. libstdc++-v3 ChangeLog: 2013-08-06 Caroline Tice * fragment.am: Add XTEMPLATE_FLAGS. * configure.ac: Add definitions for --enable-vtable-verify. * acinclude.m4: Add --enable-vtable-verify and --disable-vtable-verify; define --enable-vtable-verify; define VTV_CXXFLAGS, VTV_PCH_CXXFLAGS and VTV_CXXLINKFLAGS. * config/abi/pre/gnu.ver: Export symbols for vtable verification. * libsupc++/Makefile.am: Define vtv_sources and add it to libsupc___la_SOURCES and libsupc__convenience_la_SOURCES. * libsupc++/vtv_stubs.cc: New file. * include/Makefile.am: Add VTV_PCH_CXXFLAGS to PCHFLAGS. * src/Makefile.am: Add VTV_CXXFLAGS to AM_CXXFLAGS; add VTV_CXXLINKFLAGS to CXXLINK. * src/c++98/Makefile.am: Comment out XTEMPLATE_FLAGS; add VTV_CXXFLAGS to AM_CXXFLAGS; add VTV_CXXXLINKFLAGS to CXXLINK. * src/C++11/Makefile.am: Ditto. * doc/xml/manual/configure.xml: Add entry for --enable-vtable-verify. * scripts/testsuite_flags.in: Add cxxvtvflags to Usage; cause cxxvtvflags to use VTV_CXXFLAGS and VTV_CXXLINKFLAGS. * testsuite/lib/libstdc++.exp: Add cxxvtvflags; add code to locate libvtv if --enable-vtable-verify was used; set cxxvtvflags; add cxxvtvflags to cxx_final. * testsuite/18_support/bad_exception/23591_thread-1.c: Add -fvtable-verify=none to compiler flags. * testsuite/17_intro/freestanding.cc: Add -fvtable-verify=none to compiler flags. * configure: Regenerated. * Makefile.in: Regenerated. * python/Makefile.in: Regenerated. * include/Makefile.in: Regenerated. * libsupc++/Makefile.in: Regenerated. * config.h.in: Regenerated. * po/Makefile.in: Regenerated. * src/Makefile.in: Regenerated. * src/c++98/Makefile.in: Regenerated. * src/c++11/Makefile.in: Regenerated. * doc/Makefile.in: Regenerated. * testsuite/Makefile.in: Regenerated. top level ChangeLog: 2013-08-06 Caroline Tice * configure.ac: Add target-libvtv to target_libraries; disable libvtv on non-linux systems; add target-libvtv to noconfigdirs; add libsupc++/.libs to C++ library search paths. * configure: Regenerated. * Makefile.def: Add libvtv to target_modules; make libvtv depend on libstdc++ and libgcc. * Makefile.in: Regenerated. include/ChangeLog: 2013-08-06 Caroline Tice * vtv-change-permission.h: New file. contrib/ChangeLog: 2013-08-06 Caroline Tice4 * gcc_update: Add libvtv files. libgcc/ChangeLog: 2013-08-06 Caroline Tice config.host (extra_parts): Add vtv_start.o, vtv_end.o vtv_start_preinit.o and vtv_end_preinit.o. configure.ac: Add code to check/set enable_vtable_verify. Makefile.in: Add rules to build vtv_*.o, if enable_vtable_verify is true. vtv_start_preinit.c: New file. vtv_end_preinit.c: New file. vtv_start.c: New file. vtv_end.c: New file. configure: Regenerated. gcc/ChangeLog: 2013-08-06 Caroline Tice * gcc.c (VTABLE_VERIFICATION_SPEC): New definition. (LINK_COMMAND_SPEC): Add VTABLE_VERIFICATION_SPEC. * tree-pass.h: Add pass_vtable_verify. * varasm.c (assemble_variable): Add code to properly set the comdat section and name for the .vtable_map_vars section. (assemble_vtyv_preinit_initializer): New function. (default_sectin_type_flags): Make sure .vtable_map_vars section has LINK_ONCE flag. * output.h: Add function decl for assemble_vtv_preinit_initializer. * vtable-verify.c: New file. * vtable-verify.h: New file. * flag-types.h (enum vtv_priority): Defintions for flag_vtable_verify initialiation levels. * timevar.def (TV_VTABLE_VERIFICATION): New definition. * passes.def: Insert pass_vtable_verify. * aclocal.m4: Reorder includes. * doc/invoke.texi: Add documentation for the flags -fvtable-verify=, -fvtv-debug and -fvtv-counts. * config/gnu-user.h (GNU_USER_TARGET_STARTFILE_SPEC): Add vtv_start*.o, as appropriate, if -fvtable-verify=... is used. (GNU_USER_TARGET_ENDFILE_SPEC): Add vtv_end*.o as appropriate, if -fvtable-verify=... is used. * Makefile.in (OBJS): Add vtable-verify.o to list. (vtable-verify.o): Add new build rule. (GTFILES): Add vtable-verify.c to list. * common.opt (fvtable-verify=): New flag. (vtv_priority): Values for fvtable-verify= flag. (fvtv-counts): New flag. (fvtv-debug): New flag. * tree.h (save_vtable_map_decl): New extern function decl. gcc/cp/ChangeLog: 2013-08-06 Caroline Tice * Make-lang.in (*CXX_AND_OBJCXX_OBJS): Add vtable-class-hierarchy.o to list. (vtable-class-hierarchy.o): Add build rule. * cp-tree.h (vtv_start_verification_constructor_init_function): New extern function decl. (vtv_finish_verification_constructor_init_function): New extern function decl. (build_vtbl_address): New extern function decl. (get_mangled_vtable_map_var_name): New extern function decl. (vtv_compute_class_hierarchy_transitive_closure): New extern function decl. (vtv_generate_init_routine): New extern function decl. (vtv_save_class_info): New extern function decl. (vtv_recover_class_info): New extern function decl. (vtv_build_vtable_verify_fndecl): New extern function decl. * class.c (finish_struct_1): Add call to vtv_save_class_info if flag_vtable_verify is true. * config-lang.in: Add vtable-class-hierarchy.c to gtfiles list. * vtable-class-hierarchy.c: New file. * mangle.c (get_mangled_vtable_map_var_name): New function. * decl2.c (start_objects): Update function comment. (cp_write_global_declarations): Call vtv_recover_class_info, vtv_compute_class_hierarchy_transitive_closure and vtv_build_vtable_verify_fndecl, before calling finalize_compilation_unit, and call vtv_generate_init_rount after, IFF flag_vtable_verify is true. (vtv_start_verification_constructor_init_function): New function. (vtv_finish_verification_constructor_init_function): New function. * init.c (build_vtbl_address): Remove static qualifier from function. libvtv/ChangeLog: 2013-08-06 Caroline Tice Initial check-in of new vtable verification feature. * configure.ac : New file. * acinclude.m4 : New file. * Makefile.am : New file. * aclocal.m4 : New file. * configure.tgt : New file. * configure: New file (generated). * Makefile.in: New file (generated). * vtv_set.h : New file. * vtv_utils.cc : New file. * vtv_utils.h : New file. * vtv_malloc.cc : New file. * vtv_rts.cc : New file. * vtv_malloc.h : New file. * vtv_rts.h : New file. * vtv_fail.cc : New file. * vtv_fail.h : New file. * vtv_map.h : New file. * scripts/run-testsuite.sh : New file. * scripts/sum-vtv-counts.c : New file. * testsuite/parts-test-main.h : New file. * testusite/dataentry.cc : New file. * testsuite/temp_deriv.cc : New file. * testsuite/register_pair.cc : New file. * testsuite/virtual_inheritance.cc : New file. * testsuite/field-test.cc : New file. * testsuite/nested_vcall_test.cc : New file. * testsuite/template-list-iostream.cc : New file. * testsuite/register_pair_inserts.cc : New file. * testsuite/register_pair_inserts_mt.cc : New file. * testsuite/event.list : New file. * testsuite/parts-test-extra-parts-views.cc : New file. * testsuite/parts-test-extra-parts-views.h : New file. * testsuite/environment-fail-32.s : New file. * testsuite/parts-test-extra-parts.h : New file. * testsuite/temp_deriv2.cc : New file. * testsuite/dlopen_mt.cc : New file. * testsuite/event.h : New file. * testsuite/template-list.cc : New file. * testsuite/replace-fail.cc : New file. * testsuite/Makefile.am : New file. * testsuite/Makefile.in: New file (generated). * testsuite/mempool_negative.c : New file. * testsuite/parts-test-main.cc : New file. * testsuite/event-private.cc : New file. * testsuite/thunk.cc : New file. * testsuite/event-defintiions.cc : New file. * testsuite/event-private.h : New file. * testsuite/parts-test.list : New file. * testusite/register_pair_mt.cc : New file. * testsuite/povray-derived.cc : New file. * testsuite/event-main.cc : New file. * testsuite/environment.cc : New file. * testsuite/template-list2.cc : New file. * testsuite/thunk_vtable_map_attack.cc : New file. * testsuite/parts-test-extra-parts.cc : New file. * testsuite/environment-fail-64.s : New file. * testsuite/dlopen.cc : New file. * testsuite/so.cc : New file. * testsuite/temp_deriv3.cc : New file. * testsuite/const_vtable.cc : New file. * testsuite/mempool_positive.c : New file. * testsuite/dup_name.cc : New file. From-SVN: r201555 --- libgcc/ChangeLog | 13 +++++++++ libgcc/Makefile.in | 17 +++++++++++ libgcc/config.host | 2 +- libgcc/configure | 16 ++++++++++ libgcc/configure.ac | 10 +++++++ libgcc/vtv_end.c | 66 +++++++++++++++++++++++++++++++++++++++++ libgcc/vtv_end_preinit.c | 71 ++++++++++++++++++++++++++++++++++++++++++++ libgcc/vtv_start.c | 65 +++++++++++++++++++++++++++++++++++++++++ libgcc/vtv_start_preinit.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++ 9 files changed, 332 insertions(+), 1 deletion(-) create mode 100644 libgcc/vtv_end.c create mode 100644 libgcc/vtv_end_preinit.c create mode 100644 libgcc/vtv_start.c create mode 100644 libgcc/vtv_start_preinit.c (limited to 'libgcc') diff --git a/libgcc/ChangeLog b/libgcc/ChangeLog index ab4d2c1..af42e3e 100644 --- a/libgcc/ChangeLog +++ b/libgcc/ChangeLog @@ -1,3 +1,16 @@ +2013-08-06 Caroline Tice + + config.host (extra_parts): Add vtv_start.o, vtv_end.o + vtv_start_preinit.o and vtv_end_preinit.o. + configure.ac: Add code to check/set enable_vtable_verify. + Makefile.in: Add rules to build vtv_*.o, if enable_vtable_verify is + true. + vtv_start_preinit.c: New file. + vtv_end_preinit.c: New file. + vtv_start.c: New file. + vtv_end.c: New file. + configure: Regenerated. + 2013-08-01 Maxim Kuvyrkov * config/aarch64/sfp-machine.h, config/aarch64/sync-cache.c, diff --git a/libgcc/Makefile.in b/libgcc/Makefile.in index 958be5e..63fd626 100644 --- a/libgcc/Makefile.in +++ b/libgcc/Makefile.in @@ -39,6 +39,7 @@ enable_shared = @enable_shared@ double_type_size = @double_type_size@ long_double_type_size = @long_double_type_size@ decimal_float = @decimal_float@ +enable_vtable_verify = @enable_vtable_verify@ enable_decimal_float = @enable_decimal_float@ fixed_point = @fixed_point@ @@ -971,6 +972,22 @@ crtendS$(objext): $(srcdir)/crtstuff.c # This is a version of crtbegin for -static links. crtbeginT$(objext): $(srcdir)/crtstuff.c $(crt_compile) $(CRTSTUFF_T_CFLAGS) -c $< -DCRT_BEGIN -DCRTSTUFFT_O + +ifeq ($(enable_vtable_verify),yes) +# These are used in vtable verification; see comments in source files for +# more details. +vtv_start$(objext): $(srcdir)/vtv_start.c + $(crt_compile) $(CRTSTUFF_T_CFLAGS_S) -c $(srcdir)/vtv_start.c + +vtv_end$(objext): $(srcdir)/vtv_end.c + $(crt_compile) $(CRTSTUFF_T_CFLAGS_S) -c $(srcdir)/vtv_end.c + +vtv_start_preinit$(objext): $(srcdir)/vtv_start_preinit.c + $(crt_compile) $(CRTSTUFF_T_CFLAGS_S) -c $(srcdir)/vtv_start_preinit.c + +vtv_end_preinit$(objext): $(srcdir)/vtv_end_preinit.c + $(crt_compile) $(CRTSTUFF_T_CFLAGS_S) -c $(srcdir)/vtv_end_preinit.c +endif endif ifeq ($(CUSTOM_CRTIN),) diff --git a/libgcc/config.host b/libgcc/config.host index 9c47e1b..f75ae9a 100644 --- a/libgcc/config.host +++ b/libgcc/config.host @@ -197,7 +197,7 @@ case ${host} in ;; *-*-linux* | frv-*-*linux* | *-*-kfreebsd*-gnu | *-*-knetbsd*-gnu | *-*-gnu* | *-*-kopensolaris*-gnu) tmake_file="$tmake_file t-crtstuff-pic t-libgcc-pic t-eh-dw2-dip t-slibgcc t-slibgcc-gld t-slibgcc-elf-ver t-linux" - extra_parts="crtbegin.o crtbeginS.o crtbeginT.o crtend.o crtendS.o" + extra_parts="crtbegin.o crtbeginS.o crtbeginT.o crtend.o crtendS.o vtv_start.o vtv_end.o vtv_start_preinit.o vtv_end_preinit.o" ;; *-*-lynxos*) tmake_file="$tmake_file t-lynx $cpu_type/t-crtstuff t-crtstuff-pic t-libgcc-pic" diff --git a/libgcc/configure b/libgcc/configure index bb36889..29fa46f 100644 --- a/libgcc/configure +++ b/libgcc/configure @@ -608,6 +608,7 @@ build_os build_vendor build_cpu build +enable_vtable_verify enable_shared libgcc_topdir target_alias @@ -655,6 +656,7 @@ with_target_subdir with_cross_host with_ld enable_shared +enable_vtable_verify enable_version_specific_runtime_libs with_slibdir enable_maintainer_mode @@ -1288,6 +1290,7 @@ Optional Features: --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --disable-shared don't provide a shared libgcc + --enable-vtable-verify Enable vtable verification feature --enable-version-specific-runtime-libs Specify that runtime libraries should be installed in a compiler-specific directory --enable-maintainer-mode enable make rules and dependencies not useful (and @@ -2140,6 +2143,19 @@ fi +# Check whether --enable-vtable-verify was given. +if test "${enable_vtable_verify+set}" = set; then : + enableval=$enable_vtable_verify; case "$enableval" in + yes) enable_vtable_verify=yes ;; + no) enable_vtable_verify=no ;; + *) enable_vtable_verify=no;; + esac +else + enable_vtable_verify=no +fi + + + # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || as_fn_error "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 diff --git a/libgcc/configure.ac b/libgcc/configure.ac index 8b7aba5..186cd6e 100644 --- a/libgcc/configure.ac +++ b/libgcc/configure.ac @@ -66,6 +66,16 @@ AC_ARG_ENABLE(shared, ], [enable_shared=yes]) AC_SUBST(enable_shared) +AC_ARG_ENABLE(vtable-verify, +[ --enable-vtable-verify Enable vtable verification feature ], +[case "$enableval" in + yes) enable_vtable_verify=yes ;; + no) enable_vtable_verify=no ;; + *) enable_vtable_verify=no;; + esac], +[enable_vtable_verify=no]) +AC_SUBST(enable_vtable_verify) + GCC_PICFLAG AC_SUBST(PICFLAG) diff --git a/libgcc/vtv_end.c b/libgcc/vtv_end.c new file mode 100644 index 0000000..83fa101 --- /dev/null +++ b/libgcc/vtv_end.c @@ -0,0 +1,66 @@ +/* Copyright (C) 2012, 2013 + Free Software Foundation, Inc. + +This file is part of GCC. + +GCC is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free +Software Foundation; either version 3, or (at your option) any later +version. + +GCC is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +for more details. + +Under Section 7 of GPL version 3, you are granted additional +permissions described in the GCC Runtime Library Exception, version +3.1, as published by the Free Software Foundation. + +You should have received a copy of the GNU General Public License and +a copy of the GCC Runtime Library Exception along with this program; +see the files COPYING3 and COPYING.RUNTIME respectively. If not, see +. */ + +/* This file is part of the vtable verification feature (for a + detailed description of the feature, see comments in + vtable-verify.c). The vtable verification feature creates + certain global symbols that need to be read-write sometimes during + program execution, and read-only at others. It uses 'mprotect' to + change the memory protections of the pages on which these variables + are stored. In order to not affect the protections of other + program variables, these variables are put into a special named + section, ".vtable_map_vars", which is page-aligned at the start, + and which is padded with a page-sized amount of zeros at the end. + To make this section page aligned, we create a special symbol, + "_vtable_map_vars_start" which we make the very first thing that + goes into the section. That is defined in vtv_start.c (which + contains nothing else). vtv_start.c gest compiled into + vtv_start.o, and vtv_start.o gets inserted into the link line + immediately after crtbegin.o, if the program is compiled with + -fvtable.verify. + + In order to pad the ".vtable_map_vars" section with a page-sized + amount of zeros at the end, there is a second symbol, + _vtable_map_vars_end. This file defines that symbol (and only this + symbol). This second symbol is a page-sized array of chars, + zero-filled, and is the very last thing to go into the section. + When the GCC driver inserts vtv_start.o into the link line (just + after crtbegin.o) it also inserts vtv_end.o into the link line, + just before crtend.o. This has the desired effect of making our + section page-aligned and page-size paded, ensuring that no other + program data lands on our pages. */ + + +#include "vtv-change-permission.h" + +__attribute__ ((constructor(100))) void +__VLTprotect (void) +{ + __VLTChangePermission (__VLTP_READ_ONLY); +} + +/* Page-sized variable to mark end of .vtable_map_vars section. */ +char _vtable_map_vars_end[VTV_PAGE_SIZE] + __attribute__ ((__visibility__ ("protected"), used, + section(".vtable_map_vars"))); diff --git a/libgcc/vtv_end_preinit.c b/libgcc/vtv_end_preinit.c new file mode 100644 index 0000000..53d12b0 --- /dev/null +++ b/libgcc/vtv_end_preinit.c @@ -0,0 +1,71 @@ +/* Copyright (C) 2012, 2013 + Free Software Foundation, Inc. + +This file is part of GCC. + +GCC is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free +Software Foundation; either version 3, or (at your option) any later +version. + +GCC is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +for more details. + +Under Section 7 of GPL version 3, you are granted additional +permissions described in the GCC Runtime Library Exception, version +3.1, as published by the Free Software Foundation. + +You should have received a copy of the GNU General Public License and +a copy of the GCC Runtime Library Exception along with this program; +see the files COPYING3 and COPYING.RUNTIME respectively. If not, see +. */ + +/* This file is part of the vtable verification feature (for a + detailed description of the feature, see comments in + vtable-verify.c). The vtable verification feature creates + certain global symbols that need to be read-write sometimes during + program execution, and read-only at others. It uses 'mprotect' to + change the memory protections of the pages on which these variables + are stored. In order to not affect the protections of other + program variables, these variables are put into a special named + section, ".vtable_map_vars", which is page-aligned at the start, + and which is padded with a page-sized amount of zeros at the end. + To make this section page aligned, we create a special symbol, + "_vtable_map_vars_start" which we make the very first thing that + goes into the section. That is defined in vtv_start.c (which + contains nothing else). vtv_start.c gest compiled into + vtv_start.o, and vtv_start.o gets inserted into the link line + immediately after crtbegin.o, if the program is compiled with + -fvtable.verify. + + In order to pad the ".vtable_map_vars" section with a page-sized + amount of zeros at the end, there is a second symbol, + _vtable_map_vars_end. This file defines that symbol (and only this + symbol). This second symbol is a page-sized array of chars, + zero-filled, and is the very last thing to go into the section. + When the GCC driver inserts vtv_start.o into the link line (just + after crtbegin.o) it also inserts vtv_end.o into the link line, + just before crtend.o. This has the desired effect of making our + section page-aligned and page-size paded, ensuring that no other + program data lands on our pages. */ + +#include "vtv-change-permission.h" + +void +__VLTProtectPreinit (void) +{ + __VLTChangePermission (__VLTP_READ_ONLY); +} + +/* Page-sized variable to mark end of .vtable_map_vars section. */ +char _vtable_map_vars_end[VTV_PAGE_SIZE] + __attribute__ ((__visibility__ ("protected"), used, + section(".vtable_map_vars"))); + +/* Put the function __VLTProtectPreinit into the .preinit_array + section. */ + +__attribute__ ((section (".preinit_array"))) + typeof (__VLTProtectPreinit) *__preinit_end = __VLTProtectPreinit; diff --git a/libgcc/vtv_start.c b/libgcc/vtv_start.c new file mode 100644 index 0000000..3efb63d --- /dev/null +++ b/libgcc/vtv_start.c @@ -0,0 +1,65 @@ +/* Copyright (C) 2012, 2013 + Free Software Foundation, Inc. + +This file is part of GCC. + +GCC is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free +Software Foundation; either version 3, or (at your option) any later +version. + +GCC is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +for more details. + +Under Section 7 of GPL version 3, you are granted additional +permissions described in the GCC Runtime Library Exception, version +3.1, as published by the Free Software Foundation. + +You should have received a copy of the GNU General Public License and +a copy of the GCC Runtime Library Exception along with this program; +see the files COPYING3 and COPYING.RUNTIME respectively. If not, see +. */ + +/* This file is part of the vtable verification feature (for a + detailed description of the feature, see comments in + vtable-verify.c). The vtable verification feature creates + certain global symbols that need to be read-write sometimes during + program execution, and read-only at others. It uses 'mprotect' to + change the memory protections of the pages on which these variables + are stored. In order to not affect the protections of other + program variables, these variables are put into a special named + section, ".vtable_map_vars", which is page-aligned at the start, + and which is padded with a page-sized amount of zeros at the end. + To make this section page aligned, we create a special symbol, + "_vtable_map_vars_start" which we make the very first thing that + goes into the section. This file defines that symbol (and only + that symbol). GCC compiles this file into vtv_start.o, and + inserts vtv_start.o into the link line immediately after + crtbegin.o, if the program is compiled with -fvtable.verify. + + In order to pad the ".vtable_map_vars" section with a page-sized + amount of zeros at the end, there is a second symbol, + _vtable_map_vars_end, which is defined in another file, vtv_end.c. + This second symbol is a page-sized array of chars, zero-filled, and + is the very last thing to go into the section. When the GCC driver + inserts vtv_start.o into the link line (just after crtbegin.o) it + also inserts vtv_end.o into the link line, just before crtend.o. + This has the desired effect of making our section page-aligned and + page-size paded, ensuring that no other program data lands on our + pages. */ + +#include "vtv-change-permission.h" + +__attribute__ ((constructor(98))) void +__VLTunprotect (void) +{ + __VLTChangePermission (__VLTP_READ_WRITE); +} + +/* Page-aligned symbol to mark beginning of .vtable_map_vars section. */ +char _vtable_map_vars_start [] +__attribute__ ((__visibility__ ("protected"), used, aligned(VTV_PAGE_SIZE), + section(".vtable_map_vars"))) + = { }; diff --git a/libgcc/vtv_start_preinit.c b/libgcc/vtv_start_preinit.c new file mode 100644 index 0000000..512c858 --- /dev/null +++ b/libgcc/vtv_start_preinit.c @@ -0,0 +1,73 @@ +/* Copyright (C) 2012, 2013 + Free Software Foundation, Inc. + +This file is part of GCC. + +GCC is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free +Software Foundation; either version 3, or (at your option) any later +version. + +GCC is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +for more details. + +Under Section 7 of GPL version 3, you are granted additional +permissions described in the GCC Runtime Library Exception, version +3.1, as published by the Free Software Foundation. + +You should have received a copy of the GNU General Public License and +a copy of the GCC Runtime Library Exception along with this program; +see the files COPYING3 and COPYING.RUNTIME respectively. If not, see +. */ + +/* This file is part of the vtable verification feature (for a + detailed description of the feature, see comments in + vtable-verify.c). The vtable verification feature creates + certain global symbols that need to be read-write sometimes during + program execution, and read-only at others. It uses 'mprotect' to + change the memory protections of the pages on which these variables + are stored. In order to not affect the protections of other + program variables, these variables are put into a special named + section, ".vtable_map_vars", which is page-aligned at the start, + and which is padded with a page-sized amount of zeros at the end. + To make this section page aligned, we create a special symbol, + "_vtable_map_vars_start" which we make the very first thing that + goes into the section. This file defines that symbol (and only + that symbol). GCC compiles this file into vtv_start.o, and + inserts vtv_start.o into the link line immediately after + crtbegin.o, if the program is compiled with -fvtable.verify. + + In order to pad the ".vtable_map_vars" section with a page-sized + amount of zeros at the end, there is a second symbol, + _vtable_map_vars_end, which is defined in another file, vtv_end.c. + This second symbol is a page-sized array of chars, zero-filled, and + is the very last thing to go into the section. When the GCC driver + inserts vtv_start.o into the link line (just after crtbegin.o) it + also inserts vtv_end.o into the link line, just before crtend.o. + This has the desired effect of making our section page-aligned and + page-size paded, ensuring that no other program data lands on our + pages. */ + +#include "vtv-change-permission.h" + +void +__VLTUnprotectPreinit (void) +{ + __VLTChangePermission (__VLTP_READ_WRITE); +} + +/* Page-aligned symbol to mark beginning of .vtable_map_vars section. */ +char _vtable_map_vars_start [] +__attribute__ ((__visibility__ ("protected"), used, aligned(VTV_PAGE_SIZE), + section(".vtable_map_vars"))) + = { }; + + +/* Put the function __VLTUnprotectPreinit into the .preinit_array + section. */ + +__attribute__ ((section (".preinit_array"))) + typeof (__VLTUnprotectPreinit) *__preinit = __VLTUnprotectPreinit; + -- cgit v1.1