From dcca3fe25f4a57f351ce95253f32e191dfe1167d Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Sun, 19 Sep 2004 02:48:59 +0000 Subject: Update. * sysdeps/unisx/sysv/linux/dl-execstack.c: Get protection flag from memory. * elf/dl-load.c (_dl_map_object_from_fd): Add PROT_EXEC flag to __stack_flags. --- ChangeLog | 5 ++++ elf/dl-load.c | 45 ++++++++++++++++++++++++---------- sysdeps/unix/sysv/linux/dl-execstack.c | 13 +++++++--- 3 files changed, 47 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index d3e8f72..c25b747 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ 2004-09-18 Ulrich Drepper + * sysdeps/unisx/sysv/linux/dl-execstack.c: Get protection flag + from memory. + * elf/dl-load.c (_dl_map_object_from_fd): Add PROT_EXEC flag to + __stack_flags. + * sysdeps/posix/getaddrinfo.c (gaih_inet): Do not use gethostbyname3_r if we are not looking for the canonical name. diff --git a/elf/dl-load.c b/elf/dl-load.c index cb0642a..059be4e 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -101,6 +101,9 @@ ELF_PREFERRED_ADDRESS_DATA; # define ELF_FIXED_ADDRESS(loader, mapstart) ((void) 0) #endif + +extern int __stack_prot attribute_relro attribute_hidden; + /* Type for the buffer we put the ELF header and hopefully the program header. This buffer does not really have to be too large. In most cases the program header follows the ELF header directly. If this @@ -1302,6 +1305,35 @@ cannot allocate TLS data structures for initial thread"); goto call_lose; } + if (__builtin_expect ((stack_flags &~ GL(dl_stack_flags)) & PF_X, 0)) + { + /* The stack is presently not executable, but this module + requires that it be executable. We must change the + protection of the variable which contains the flags used in + the mprotect calls. */ +#ifdef HAVE_Z_RELRO + if (mode & __RTLD_DLOPEN) + { + uintptr_t p = ((uintptr_t) &__stack_prot) & ~(GLRO(dl_pagesize) - 1); + size_t s = (uintptr_t) &__stack_prot - p + sizeof (int); + + __mprotect ((void *) p, s, PROT_READ|PROT_WRITE); + __stack_prot |= PROT_EXEC; + __mprotect ((void *) p, s, PROT_READ); + } + else +#endif + __stack_prot |= PROT_EXEC; + + errval = (*GL(dl_make_stack_executable_hook)) (stack_endp); + if (errval) + { + errstring = N_("\ +cannot enable executable stack as shared object requires"); + goto call_lose; + } + } + if (l->l_info[DT_HASH]) _dl_setup_hash (l); @@ -1344,19 +1376,6 @@ cannot allocate TLS data structures for initial thread"); l->l_dev = st.st_dev; l->l_ino = st.st_ino; - if (__builtin_expect ((stack_flags &~ GL(dl_stack_flags)) & PF_X, 0)) - { - /* The stack is presently not executable, but this module - requires that it be executable. */ - errval = (*GL(dl_make_stack_executable_hook)) (stack_endp); - if (errval) - { - errstring = N_("\ -cannot enable executable stack as shared object requires"); - goto call_lose; - } - } - /* When we profile the SONAME might be needed for something else but loading. Add it right away. */ if (__builtin_expect (GLRO(dl_profile) != NULL, 0) diff --git a/sysdeps/unix/sysv/linux/dl-execstack.c b/sysdeps/unix/sysv/linux/dl-execstack.c index 3ca9b0b..c2b964b 100644 --- a/sysdeps/unix/sysv/linux/dl-execstack.c +++ b/sysdeps/unix/sysv/linux/dl-execstack.c @@ -28,6 +28,14 @@ #include "kernel-features.h" +int __stack_prot attribute_hidden attribute_relro +#if _STACK_GROWS_DOWN + = PROT_READ|PROT_WRITE|PROT_GROWSDOWN; +#elif _STACK_GROWS_UP + = PROT_READ|PROT_WRITE|PROT_GROWSUP; +#endif + + int internal_function _dl_make_stack_executable (void **stack_endp) @@ -51,8 +59,7 @@ _dl_make_stack_executable (void **stack_endp) # endif { if (__builtin_expect (__mprotect ((void *) page, GLRO(dl_pagesize), - PROT_READ|PROT_WRITE|PROT_EXEC - |PROT_GROWSDOWN) == 0, 1)) + __stack_prot) == 0, 1)) goto return_success; # if __ASSUME_PROT_GROWSUPDOWN == 0 if (errno == EINVAL) @@ -76,7 +83,7 @@ _dl_make_stack_executable (void **stack_endp) while (1) { if (__mprotect ((void *) page, size, - PROT_READ|PROT_WRITE|PROT_EXEC) == 0) + __stack_prot & ~PROT_GROWSDOWN) == 0) /* We got this chunk changed; loop to do another chunk below. */ page -= size; else -- cgit v1.1