From 35f1e82763326f196fd068e92343643d8ed54ee3 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Sun, 26 Jun 2005 18:14:26 +0000 Subject: * Versions.def (ld): Add GLIBC_2.4. * configure.in: Add --enable-stackguard-randomization option. (ENABLE_STACKGUARD_RANDOMIZE): New define. * config.h.in (ENABLE_STACKGUARD_RANDOMIZE): Add. * sysdeps/unix/sysv/linux/dl-osinfo.h: Include stdint.h. (_dl_setup_stack_chk_guard): New inline function. * sysdeps/generic/dl-osinfo.h: Include stdint.h. (_dl_setup_stack_chk_guard): New inline function. * elf/rtld.c (__stack_chk_guard): New variable. (dl_main): Remove all traces of TLS_INIT_TP_EXPENSIVE. Set __stack_chk_guard to _dl_setup_stack_chk_guard (), use THREAD_SET_STACK_GUARD if defined. * elf/Versions (ld): Export __stack_chk_guard@@GLIBC_2.4. * sysdeps/generic/libc-start.c (__stack_chk_guard): New variable. (__libc_start_main): Set __stack_chk_guard to _dl_setup_stack_chk_guard (), use THREAD_SET_STACK_GUARD if defined. * sysdeps/generic/libc-tls.c (__libc_setup_tls): Remove all traces of TLS_INIT_TP_EXPENSIVE. * debug/Versions (libc): Export __stack_chk_fail@@GLIBC_2.4. * debug/Makefile (routines): Add stack_chk_fail. (static-only-routines): Add stack_chk_fail_local. * debug/stack_chk_fail_local.c: New file. * debug/stack_chk_fail.c: New file. * elf/Makefile: Add rules to build and run tst-stackguard1{,-static} tests. * elf/tst-stackguard1.c: New file. * elf/tst-stackguard1-static.c: New file. * elf/stackguard-macros.h: New file. --- nptl/Makefile | 9 +- nptl/pthread_create.c | 5 + nptl/sysdeps/i386/tls.h | 9 ++ nptl/sysdeps/powerpc/tls.h | 22 ++-- nptl/sysdeps/s390/tls.h | 10 +- nptl/sysdeps/sparc/tls.h | 9 ++ nptl/sysdeps/x86_64/tls.h | 9 ++ nptl/tst-stackguard1-static.c | 1 + nptl/tst-stackguard1.c | 226 ++++++++++++++++++++++++++++++++++++++++++ 9 files changed, 290 insertions(+), 10 deletions(-) create mode 100644 nptl/tst-stackguard1-static.c create mode 100644 nptl/tst-stackguard1.c (limited to 'nptl') diff --git a/nptl/Makefile b/nptl/Makefile index 4c3cf94..71361c4 100644 --- a/nptl/Makefile +++ b/nptl/Makefile @@ -269,7 +269,8 @@ tests += tst-cancelx2 tst-cancelx3 tst-cancelx4 tst-cancelx5 \ tst-oncex3 tst-oncex4 endif ifeq ($(build-shared),yes) -tests += tst-atfork2 tst-tls3 tst-tls4 tst-tls5 tst-_res1 tst-fini1 +tests += tst-atfork2 tst-tls3 tst-tls4 tst-tls5 tst-_res1 tst-fini1 \ + tst-stackguard1 tests-nolibpthread += tst-fini1 ifeq ($(have-z-execstack),yes) tests += tst-execstack @@ -337,7 +338,8 @@ link-libc-static := $(common-objpfx)libc.a $(static-gnulib) \ $(common-objpfx)libc.a ifeq ($(build-static),yes) -tests-static += tst-locale1 tst-locale2 +tests-static += tst-locale1 tst-locale2 tst-stackguard1-static +tests += tst-stackguard1-static xtests-static += tst-setuid1-static endif # These tests are linked with libc before libpthread @@ -586,6 +588,9 @@ LDFLAGS-tst-execstack = -Wl,-z,noexecstack $(objpfx)tst-fini1mod.so: $(shared-thread-library) +tst-stackguard1-ARGS = --command "$(built-program-cmd) --child" +tst-stackguard1-static-ARGS = --command "$(objpfx)tst-stackguard1-static --child" + # The tests here better do not run in parallel ifneq ($(filter %tests,$(MAKECMDGOALS)),) .NOTPARALLEL: diff --git a/nptl/pthread_create.c b/nptl/pthread_create.c index 18f1c03..122778b 100644 --- a/nptl/pthread_create.c +++ b/nptl/pthread_create.c @@ -399,6 +399,11 @@ __pthread_create_2_1 (newthread, attr, start_routine, arg) pd->schedpolicy = self->schedpolicy; pd->schedparam = self->schedparam; + /* Copy the stack guard canary. */ +#ifdef THREAD_COPY_STACK_GUARD + THREAD_COPY_STACK_GUARD (pd); +#endif + /* Determine scheduling parameters for the thread. */ if (attr != NULL && __builtin_expect ((iattr->flags & ATTR_FLAG_NOTINHERITSCHED) != 0, 0) diff --git a/nptl/sysdeps/i386/tls.h b/nptl/sysdeps/i386/tls.h index c033114..65566ff 100644 --- a/nptl/sysdeps/i386/tls.h +++ b/nptl/sysdeps/i386/tls.h @@ -49,6 +49,7 @@ typedef struct void *self; /* Pointer to the thread descriptor. */ int multiple_threads; uintptr_t sysinfo; + uintptr_t stack_guard; } tcbhead_t; # define TLS_MULTIPLE_THREADS_IN_TCB 1 @@ -416,6 +417,14 @@ union user_desc_init __res; }) +/* Set the stack guard field in TCB head. */ +#define THREAD_SET_STACK_GUARD(value) \ + THREAD_SETMEM (THREAD_SELF, header.stack_guard, value) +#define THREAD_COPY_STACK_GUARD(descr) \ + ((descr)->header.stack_guard \ + = THREAD_GETMEM (THREAD_SELF, header.stack_guard)) + + #endif /* __ASSEMBLER__ */ #endif /* tls.h */ diff --git a/nptl/sysdeps/powerpc/tls.h b/nptl/sysdeps/powerpc/tls.h index a7f6907..b2322b0 100644 --- a/nptl/sysdeps/powerpc/tls.h +++ b/nptl/sysdeps/powerpc/tls.h @@ -65,11 +65,11 @@ typedef union dtv /* Get the thread descriptor definition. */ # include -/* This layout is actually wholly private and not affected by the ABI. - Nor does it overlap the pthread data structure, so we need nothing - extra here at all. */ +/* The stack_guard is accessed directly by GCC -fstack-protector code, + so it is a part of public ABI. The dtv field is private. */ typedef struct { + uintptr_t stack_guard; dtv_t *dtv; } tcbhead_t; @@ -127,7 +127,7 @@ register void *__thread_register __asm__ ("r13"); /* Return the address of the dtv for the current thread. */ # define THREAD_DTV() \ - (((tcbhead_t *) (__thread_register - TLS_TCB_OFFSET))[-1].dtv) + (((tcbhead_t *) (__thread_register - TLS_TCB_OFFSET))[-1].dtv) /* Return the thread descriptor for the current thread. */ # define THREAD_SELF \ @@ -136,9 +136,9 @@ register void *__thread_register __asm__ ("r13"); /* Magic for libthread_db to know how to do THREAD_SELF. */ # define DB_THREAD_SELF \ - REGISTER (32, 32, PT_THREAD_POINTER * 4, \ + REGISTER (32, 32, PT_THREAD_POINTER * 4, \ - TLS_TCB_OFFSET - TLS_PRE_TCB_SIZE) \ - REGISTER (64, 64, PT_THREAD_POINTER * 8, \ + REGISTER (64, 64, PT_THREAD_POINTER * 8, \ - TLS_TCB_OFFSET - TLS_PRE_TCB_SIZE) /* Read member of the thread descriptor directly. */ @@ -156,6 +156,16 @@ register void *__thread_register __asm__ ("r13"); # define THREAD_SETMEM_NC(descr, member, idx, value) \ ((void)(descr), (THREAD_SELF)->member[idx] = (value)) +/* Set the stack guard field in TCB head. */ +# define THREAD_SET_STACK_GUARD(value) \ + (((tcbhead_t *) ((char *) __thread_register \ + - TLS_TCB_OFFSET))[-1].stack_guard = (value)) +# define THREAD_COPY_STACK_GUARD(descr) \ + (((tcbhead_t *) ((char *) (descr) \ + + TLS_PRE_TCB_SIZE))[-1].stack_guard \ + = ((tcbhead_t *) ((char *) __thread_register \ + - TLS_TCB_OFFSET))[-1].stack_guard) + /* l_tls_offset == 0 is perfectly valid on PPC, so we have to use some different value to mean unset l_tls_offset. */ # define NO_TLS_OFFSET -1 diff --git a/nptl/sysdeps/s390/tls.h b/nptl/sysdeps/s390/tls.h index 060dde3..f90b35b 100644 --- a/nptl/sysdeps/s390/tls.h +++ b/nptl/sysdeps/s390/tls.h @@ -48,9 +48,8 @@ typedef struct dtv_t *dtv; void *self; /* Pointer to the thread descriptor. */ int multiple_threads; -# ifdef NEED_DL_SYSINFO uintptr_t sysinfo; -# endif + uintptr_t stack_guard; } tcbhead_t; # ifndef __s390x__ @@ -158,6 +157,13 @@ typedef struct #define THREAD_SETMEM_NC(descr, member, idx, value) \ descr->member[idx] = (value) +/* Set the stack guard field in TCB head. */ +#define THREAD_SET_STACK_GUARD(value) \ + THREAD_SETMEM (THREAD_SELF, header.stack_guard, value) +#define THREAD_COPY_STACK_GUARD(descr) \ + ((descr)->header.stack_guard \ + = THREAD_GETMEM (THREAD_SELF, header.stack_guard)) + #endif /* __ASSEMBLER__ */ #endif /* tls.h */ diff --git a/nptl/sysdeps/sparc/tls.h b/nptl/sysdeps/sparc/tls.h index 54b5485..ddc4848 100644 --- a/nptl/sysdeps/sparc/tls.h +++ b/nptl/sysdeps/sparc/tls.h @@ -46,6 +46,8 @@ typedef struct dtv_t *dtv; void *self; int multiple_threads; + uintptr_t sysinfo; + uintptr_t stack_guard; } tcbhead_t; #else /* __ASSEMBLER__ */ @@ -126,6 +128,13 @@ register struct pthread *__thread_self __asm__("%g7"); #define THREAD_SETMEM_NC(descr, member, idx, value) \ descr->member[idx] = (value) +/* Set the stack guard field in TCB head. */ +#define THREAD_SET_STACK_GUARD(value) \ + THREAD_SETMEM (THREAD_SELF, header.stack_guard, value) +# define THREAD_COPY_STACK_GUARD(descr) \ + ((descr)->header.stack_guard \ + = THREAD_GETMEM (THREAD_SELF, header.stack_guard)) + #endif /* !ASSEMBLER */ #endif /* tls.h */ diff --git a/nptl/sysdeps/x86_64/tls.h b/nptl/sysdeps/x86_64/tls.h index 3fc9b38..516827b 100644 --- a/nptl/sysdeps/x86_64/tls.h +++ b/nptl/sysdeps/x86_64/tls.h @@ -47,6 +47,8 @@ typedef struct dtv_t *dtv; void *self; /* Pointer to the thread descriptor. */ int multiple_threads; + uintptr_t sysinfo; + uintptr_t stack_guard; } tcbhead_t; #else /* __ASSEMBLER__ */ @@ -320,6 +322,13 @@ typedef struct __res; }) +/* Set the stack guard field in TCB head. */ +# define THREAD_SET_STACK_GUARD(value) \ + THREAD_SETMEM (THREAD_SELF, header.stack_guard, value) +# define THREAD_COPY_STACK_GUARD(descr) \ + ((descr)->header.stack_guard \ + = THREAD_GETMEM (THREAD_SELF, header.stack_guard)) + #endif /* __ASSEMBLER__ */ #endif /* tls.h */ diff --git a/nptl/tst-stackguard1-static.c b/nptl/tst-stackguard1-static.c new file mode 100644 index 0000000..db1e215 --- /dev/null +++ b/nptl/tst-stackguard1-static.c @@ -0,0 +1 @@ +#include "tst-stackguard1.c" diff --git a/nptl/tst-stackguard1.c b/nptl/tst-stackguard1.c new file mode 100644 index 0000000..15c30ae --- /dev/null +++ b/nptl/tst-stackguard1.c @@ -0,0 +1,226 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + Contributed by Jakub Jelinek , 2005. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static const char *command; +static bool child; +static uintptr_t stack_chk_guard_copy; +static bool stack_chk_guard_copy_set; +static int fds[2]; + +static void __attribute__ ((constructor)) +con (void) +{ + stack_chk_guard_copy = STACK_CHK_GUARD; + stack_chk_guard_copy_set = true; +} + +static int +uintptr_t_cmp (const void *a, const void *b) +{ + if (*(uintptr_t *) a < *(uintptr_t *) b) + return 1; + if (*(uintptr_t *) a > *(uintptr_t *) b) + return -1; + return 0; +} + +static void * +tf (void *arg) +{ + if (stack_chk_guard_copy != STACK_CHK_GUARD) + { + puts ("STACK_CHK_GUARD changed in thread"); + return (void *) 1L; + } + return NULL; +} + +static int +do_test (void) +{ + if (!stack_chk_guard_copy_set) + { + puts ("constructor has not been run"); + return 1; + } + + if (stack_chk_guard_copy != STACK_CHK_GUARD) + { + puts ("STACK_CHK_GUARD changed between constructor and do_test"); + return 1; + } + + if (child) + { + int i; + pthread_t th[4]; + void *ret; + for (i = 0; i < 4; ++i) + if (pthread_create (&th[i], NULL, tf, NULL)) + { + puts ("thread creation failed"); + return 1; + } + for (i = 0; i < 4; ++i) + if (pthread_join (th[i], &ret)) + { + puts ("thread join failed"); + return 1; + } + else if (ret != NULL) + return 1; + + write (2, &stack_chk_guard_copy, sizeof (stack_chk_guard_copy)); + return 0; + } + + if (command == NULL) + { + puts ("missing --command or --child argument"); + return 1; + } + +#define N 16 + uintptr_t child_stack_chk_guards[N + 1]; + child_stack_chk_guards[N] = stack_chk_guard_copy; + int i; + for (i = 0; i < N; ++i) + { + if (pipe (fds) < 0) + { + printf ("couldn't create pipe: %m\n"); + return 1; + } + + pid_t pid = fork (); + if (pid < 0) + { + printf ("fork failed: %m\n"); + return 1; + } + + if (!pid) + { + if (stack_chk_guard_copy != STACK_CHK_GUARD) + { + puts ("STACK_CHK_GUARD changed after fork"); + exit (1); + } + + close (fds[0]); + close (2); + dup2 (fds[1], 2); + close (fds[1]); + + system (command); + exit (0); + } + + close (fds[1]); + + if (TEMP_FAILURE_RETRY (read (fds[0], &child_stack_chk_guards[i], + sizeof (uintptr_t))) != sizeof (uintptr_t)) + { + puts ("could not read stack_chk_guard value from child"); + return 1; + } + + close (fds[0]); + + pid_t termpid; + int status; + termpid = TEMP_FAILURE_RETRY (waitpid (pid, &status, 0)); + if (termpid == -1) + { + printf ("waitpid failed: %m\n"); + return 1; + } + else if (termpid != pid) + { + printf ("waitpid returned %ld != %ld\n", + (long int) termpid, (long int) pid); + return 1; + } + else if (!WIFEXITED (status) || WEXITSTATUS (status)) + { + puts ("child hasn't exited with exit status 0"); + return 1; + } + } + + qsort (child_stack_chk_guards, N + 1, sizeof (uintptr_t), uintptr_t_cmp); + + uintptr_t default_guard = 0; + unsigned char *p = (unsigned char *) &default_guard; + p[sizeof (uintptr_t) - 1] = 255; + p[sizeof (uintptr_t) - 2] = '\n'; + p[0] = 0; + + /* Test if the stack guard canaries are either randomized, + or equal to the default stack guard canary value. + Even with randomized stack guards it might happen + that the random number generator generates the same + values, but if that happens in more than half from + the 16 runs, something is very wrong. */ + int ndifferences = 0; + int ndefaults = 0; + for (i = 0; i < N; ++i) + { + if (child_stack_chk_guards[i] != child_stack_chk_guards[i+1]) + ndifferences++; + else if (child_stack_chk_guards[i] == default_guard) + ndefaults++; + } + + printf ("differences %d defaults %d\n", ndifferences, ndefaults); + + if (ndifferences < N / 2 && ndefaults < N / 2) + { + puts ("stack guard canaries are not randomized enough"); + puts ("nor equal to the default canary value"); + return 1; + } + + return 0; +} + +#define OPT_COMMAND 10000 +#define OPT_CHILD 10001 +#define CMDLINE_OPTIONS \ + { "command", required_argument, NULL, OPT_COMMAND }, \ + { "child", no_argument, NULL, OPT_CHILD }, +#define CMDLINE_PROCESS \ + case OPT_COMMAND: \ + command = optarg; \ + break; \ + case OPT_CHILD: \ + child = true; \ + break; +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" -- cgit v1.1