Defend against -fstack-protector in libc startup.
Exactly which functions get a stack protector is up to the compiler, so let's separate the code that sets up the environment stack protection requires and explicitly build it with -fno-stack-protector. Bug: http://b/26276517 Change-Id: I8719e23ead1f1e81715c32c1335da868f68369b5
This commit is contained in:
parent
988e71b2b2
commit
42d949ff9d
|
@ -616,7 +616,6 @@ libc_openbsd_src_files_32 += \
|
|||
libc_common_cflags := \
|
||||
-D_LIBC=1 \
|
||||
-Wall -Wextra -Wunused \
|
||||
-fno-stack-protector \
|
||||
|
||||
use_clang := $(USE_CLANG_PLATFORM_BUILD)
|
||||
|
||||
|
@ -685,16 +684,21 @@ endef
|
|||
# libc_stack_protector.a - stack protector code
|
||||
# ========================================================
|
||||
#
|
||||
# The stack protector code needs to be compiled
|
||||
# with -fno-stack-protector, since it modifies the
|
||||
# stack canary.
|
||||
# Code that implements the stack protector (or that runs
|
||||
# before TLS has been set up) needs to be compiled with
|
||||
# -fno-stack-protector, since it accesses the stack canary
|
||||
# TLS slot.
|
||||
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_SRC_FILES := bionic/__stack_chk_fail.cpp
|
||||
# On x86, the __set_tls implementation is complex enough that
|
||||
# -fstack-protector-strong inserts a check.
|
||||
LOCAL_SRC_FILES := \
|
||||
bionic/__libc_init_main_thread.cpp \
|
||||
bionic/__stack_chk_fail.cpp \
|
||||
|
||||
LOCAL_SRC_FILES_arm64 := arch-arm64/bionic/__set_tls.c
|
||||
LOCAL_SRC_FILES_x86 := arch-x86/bionic/__set_tls.c
|
||||
LOCAL_SRC_FILES_x86_64 := arch-x86_64/bionic/__set_tls.c
|
||||
|
||||
LOCAL_CFLAGS := $(libc_common_cflags) -fno-stack-protector
|
||||
LOCAL_CONLYFLAGS := $(libc_common_conlyflags)
|
||||
LOCAL_CPPFLAGS := $(libc_common_cppflags)
|
||||
|
@ -711,6 +715,30 @@ $(eval $(call patch-up-arch-specific-flags,LOCAL_CFLAGS,libc_common_cflags))
|
|||
include $(BUILD_STATIC_LIBRARY)
|
||||
|
||||
|
||||
# libc_init_static.cpp also needs to be built without stack protector,
|
||||
# because it's responsible for setting up TLS for static executables.
|
||||
# This isn't the case for dynamic executables because the dynamic linker
|
||||
# has already set up the main thread's TLS.
|
||||
|
||||
include $(CLEAR_VARS)
|
||||
|
||||
LOCAL_SRC_FILES := bionic/libc_init_static.cpp
|
||||
LOCAL_CFLAGS := $(libc_common_cflags) -fno-stack-protector
|
||||
LOCAL_CONLYFLAGS := $(libc_common_conlyflags)
|
||||
LOCAL_CPPFLAGS := $(libc_common_cppflags)
|
||||
LOCAL_C_INCLUDES := $(libc_common_c_includes)
|
||||
LOCAL_MODULE := libc_init_static
|
||||
LOCAL_CLANG := $(use_clang)
|
||||
LOCAL_ADDITIONAL_DEPENDENCIES := $(libc_common_additional_dependencies)
|
||||
LOCAL_CXX_STL := none
|
||||
LOCAL_SYSTEM_SHARED_LIBRARIES :=
|
||||
LOCAL_SANITIZE := never
|
||||
LOCAL_NATIVE_COVERAGE := $(bionic_coverage)
|
||||
|
||||
$(eval $(call patch-up-arch-specific-flags,LOCAL_CFLAGS,libc_common_cflags))
|
||||
include $(BUILD_STATIC_LIBRARY)
|
||||
|
||||
|
||||
# ========================================================
|
||||
# libc_tzcode.a - upstream 'tzcode' code
|
||||
# ========================================================
|
||||
|
@ -1272,7 +1300,6 @@ include $(CLEAR_VARS)
|
|||
|
||||
LOCAL_SRC_FILES := \
|
||||
$(libc_arch_static_src_files) \
|
||||
bionic/libc_init_static.cpp
|
||||
|
||||
LOCAL_C_INCLUDES := $(libc_common_c_includes)
|
||||
LOCAL_CFLAGS := $(libc_common_cflags) \
|
||||
|
@ -1284,7 +1311,7 @@ LOCAL_CPPFLAGS := $(libc_common_cppflags)
|
|||
LOCAL_MODULE := libc_nomalloc
|
||||
LOCAL_CLANG := $(use_clang)
|
||||
LOCAL_ADDITIONAL_DEPENDENCIES := $(libc_common_additional_dependencies)
|
||||
LOCAL_WHOLE_STATIC_LIBRARIES := libc_common
|
||||
LOCAL_WHOLE_STATIC_LIBRARIES := libc_common libc_init_static
|
||||
LOCAL_CXX_STL := none
|
||||
LOCAL_SYSTEM_SHARED_LIBRARIES :=
|
||||
LOCAL_SANITIZE := never
|
||||
|
@ -1324,7 +1351,6 @@ include $(CLEAR_VARS)
|
|||
LOCAL_SRC_FILES := \
|
||||
$(libc_arch_static_src_files) \
|
||||
bionic/malloc_debug_common.cpp \
|
||||
bionic/libc_init_static.cpp \
|
||||
|
||||
LOCAL_CFLAGS := $(libc_common_cflags) \
|
||||
-DLIBC_STATIC \
|
||||
|
@ -1335,7 +1361,7 @@ LOCAL_C_INCLUDES := $(libc_common_c_includes)
|
|||
LOCAL_MODULE := libc
|
||||
LOCAL_CLANG := $(use_clang)
|
||||
LOCAL_ADDITIONAL_DEPENDENCIES := $(libc_common_additional_dependencies)
|
||||
LOCAL_WHOLE_STATIC_LIBRARIES := libc_common
|
||||
LOCAL_WHOLE_STATIC_LIBRARIES := libc_common libc_init_static
|
||||
|
||||
ifneq ($(MALLOC_SVELTE),true)
|
||||
LOCAL_WHOLE_STATIC_LIBRARIES += libjemalloc
|
||||
|
|
|
@ -42,7 +42,6 @@ libc_bionic_src_files_arm64 += \
|
|||
arch-arm64/bionic/__bionic_clone.S \
|
||||
arch-arm64/bionic/_exit_with_stack_teardown.S \
|
||||
arch-arm64/bionic/setjmp.S \
|
||||
arch-arm64/bionic/__set_tls.c \
|
||||
arch-arm64/bionic/syscall.S \
|
||||
arch-arm64/bionic/vfork.S \
|
||||
|
||||
|
|
|
@ -25,7 +25,6 @@ libc_bionic_src_files_x86_64 += \
|
|||
arch-x86_64/bionic/_exit_with_stack_teardown.S \
|
||||
arch-x86_64/bionic/__restore_rt.S \
|
||||
arch-x86_64/bionic/setjmp.S \
|
||||
arch-x86_64/bionic/__set_tls.c \
|
||||
arch-x86_64/bionic/syscall.S \
|
||||
arch-x86_64/bionic/vfork.S \
|
||||
|
||||
|
|
|
@ -17,7 +17,8 @@
|
|||
|
||||
#include "pthread_internal.h"
|
||||
|
||||
struct thread_local_dtor {
|
||||
class thread_local_dtor {
|
||||
public:
|
||||
void (*func) (void *);
|
||||
void *arg;
|
||||
void *dso_handle; // unused...
|
||||
|
|
|
@ -0,0 +1,85 @@
|
|||
/*
|
||||
* Copyright (C) 2008 The Android Open Source Project
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* * Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* * Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
||||
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
|
||||
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
||||
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
||||
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
||||
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include "libc_init_common.h"
|
||||
|
||||
#include "private/bionic_auxv.h"
|
||||
#include "private/bionic_globals.h"
|
||||
#include "private/KernelArgumentBlock.h"
|
||||
#include "pthread_internal.h"
|
||||
|
||||
extern "C" int __set_tls(void* ptr);
|
||||
extern "C" int __set_tid_address(int* tid_address);
|
||||
|
||||
// Setup for the main thread. For dynamic executables, this is called by the
|
||||
// linker _before_ libc is mapped in memory. This means that all writes to
|
||||
// globals from this function will apply to linker-private copies and will not
|
||||
// be visible from libc later on.
|
||||
//
|
||||
// Note: this function creates a pthread_internal_t for the initial thread and
|
||||
// stores the pointer in TLS, but does not add it to pthread's thread list. This
|
||||
// has to be done later from libc itself (see __libc_init_common).
|
||||
//
|
||||
// This is in a file by itself because it needs to be built with
|
||||
// -fno-stack-protector because it's responsible for setting up the main
|
||||
// thread's TLS (which stack protector relies on).
|
||||
|
||||
void __libc_init_main_thread(KernelArgumentBlock& args) {
|
||||
__libc_auxv = args.auxv;
|
||||
|
||||
static pthread_internal_t main_thread;
|
||||
|
||||
// The -fstack-protector implementation uses TLS, so make sure that's
|
||||
// set up before we call any function that might get a stack check inserted.
|
||||
__set_tls(main_thread.tls);
|
||||
|
||||
// Tell the kernel to clear our tid field when we exit, so we're like any other pthread.
|
||||
// As a side-effect, this tells us our pid (which is the same as the main thread's tid).
|
||||
main_thread.tid = __set_tid_address(&main_thread.tid);
|
||||
main_thread.set_cached_pid(main_thread.tid);
|
||||
|
||||
// We don't want to free the main thread's stack even when the main thread exits
|
||||
// because things like environment variables with global scope live on it.
|
||||
// We also can't free the pthread_internal_t itself, since that lives on the main
|
||||
// thread's stack rather than on the heap.
|
||||
// The main thread has no mmap allocated space for stack or pthread_internal_t.
|
||||
main_thread.mmap_size = 0;
|
||||
pthread_attr_init(&main_thread.attr);
|
||||
main_thread.attr.guard_size = 0; // The main thread has no guard page.
|
||||
main_thread.attr.stack_size = 0; // User code should never see this; we'll compute it when asked.
|
||||
// TODO: the main thread's sched_policy and sched_priority need to be queried.
|
||||
|
||||
__init_thread(&main_thread);
|
||||
__init_tls(&main_thread);
|
||||
|
||||
// Store a pointer to the kernel argument block in a TLS slot to be
|
||||
// picked up by the libc constructor.
|
||||
main_thread.tls[TLS_SLOT_BIONIC_PREINIT] = &args;
|
||||
|
||||
__init_alternate_signal_stack(&main_thread);
|
||||
}
|
|
@ -52,8 +52,6 @@
|
|||
|
||||
extern "C" abort_msg_t** __abort_message_ptr;
|
||||
extern "C" int __system_properties_init(void);
|
||||
extern "C" int __set_tls(void* ptr);
|
||||
extern "C" int __set_tid_address(int* tid_address);
|
||||
|
||||
__LIBC_HIDDEN__ WriteProtected<libc_globals> __libc_globals;
|
||||
|
||||
|
@ -66,49 +64,6 @@ char** environ;
|
|||
// Declared in "private/bionic_ssp.h".
|
||||
uintptr_t __stack_chk_guard = 0;
|
||||
|
||||
// Setup for the main thread. For dynamic executables, this is called by the
|
||||
// linker _before_ libc is mapped in memory. This means that all writes to
|
||||
// globals from this function will apply to linker-private copies and will not
|
||||
// be visible from libc later on.
|
||||
//
|
||||
// Note: this function creates a pthread_internal_t for the initial thread and
|
||||
// stores the pointer in TLS, but does not add it to pthread's thread list. This
|
||||
// has to be done later from libc itself (see __libc_init_common).
|
||||
void __libc_init_main_thread(KernelArgumentBlock& args) {
|
||||
__libc_auxv = args.auxv;
|
||||
|
||||
static pthread_internal_t main_thread;
|
||||
|
||||
// The x86 -fstack-protector implementation uses TLS, so make sure that's
|
||||
// set up before we call any function that might get a stack check inserted.
|
||||
__set_tls(main_thread.tls);
|
||||
|
||||
// Tell the kernel to clear our tid field when we exit, so we're like any other pthread.
|
||||
// As a side-effect, this tells us our pid (which is the same as the main thread's tid).
|
||||
main_thread.tid = __set_tid_address(&main_thread.tid);
|
||||
main_thread.set_cached_pid(main_thread.tid);
|
||||
|
||||
// We don't want to free the main thread's stack even when the main thread exits
|
||||
// because things like environment variables with global scope live on it.
|
||||
// We also can't free the pthread_internal_t itself, since that lives on the main
|
||||
// thread's stack rather than on the heap.
|
||||
// The main thread has no mmap allocated space for stack or pthread_internal_t.
|
||||
main_thread.mmap_size = 0;
|
||||
pthread_attr_init(&main_thread.attr);
|
||||
main_thread.attr.guard_size = 0; // The main thread has no guard page.
|
||||
main_thread.attr.stack_size = 0; // User code should never see this; we'll compute it when asked.
|
||||
// TODO: the main thread's sched_policy and sched_priority need to be queried.
|
||||
|
||||
__init_thread(&main_thread);
|
||||
__init_tls(&main_thread);
|
||||
|
||||
// Store a pointer to the kernel argument block in a TLS slot to be
|
||||
// picked up by the libc constructor.
|
||||
main_thread.tls[TLS_SLOT_BIONIC_PREINIT] = &args;
|
||||
|
||||
__init_alternate_signal_stack(&main_thread);
|
||||
}
|
||||
|
||||
void __libc_init_globals(KernelArgumentBlock& args) {
|
||||
// Initialize libc globals that are needed in both the linker and in libc.
|
||||
// In dynamic binaries, this is run at least twice for different copies of the
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/*
|
||||
* libc_init_dynamic.c
|
||||
*
|
||||
|
|
|
@ -25,17 +25,6 @@
|
|||
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
/*
|
||||
* libc_init_static.c
|
||||
*
|
||||
* The program startup function __libc_init() defined here is
|
||||
* used for static executables only (i.e. those that don't depend
|
||||
* on shared libraries). It is called from arch-$ARCH/bionic/crtbegin_static.S
|
||||
* which is directly invoked by the kernel when the program is launched.
|
||||
*
|
||||
* The 'structors' parameter contains pointers to various initializer
|
||||
* arrays that must be run before the program's 'main' routine is launched.
|
||||
*/
|
||||
|
||||
#include <elf.h>
|
||||
#include <errno.h>
|
||||
|
@ -79,12 +68,19 @@ static void apply_gnu_relro() {
|
|||
}
|
||||
}
|
||||
|
||||
// The program startup function __libc_init() defined here is
|
||||
// used for static executables only (i.e. those that don't depend
|
||||
// on shared libraries). It is called from arch-$ARCH/bionic/crtbegin_static.S
|
||||
// which is directly invoked by the kernel when the program is launched.
|
||||
//
|
||||
// The 'structors' parameter contains pointers to various initializer
|
||||
// arrays that must be run before the program's 'main' routine is launched.
|
||||
|
||||
__noreturn void __libc_init(void* raw_args,
|
||||
void (*onexit)(void) __unused,
|
||||
int (*slingshot)(int, char**, char**),
|
||||
structors_array_t const * const structors) {
|
||||
KernelArgumentBlock args(raw_args);
|
||||
|
||||
__libc_init_main_thread(args);
|
||||
|
||||
// Initializing the globals requires TLS to be available for errno.
|
||||
|
|
|
@ -40,7 +40,8 @@
|
|||
/* Has the thread been joined by another thread? */
|
||||
#define PTHREAD_ATTR_FLAG_JOINED 0x00000002
|
||||
|
||||
struct pthread_key_data_t {
|
||||
class pthread_key_data_t {
|
||||
public:
|
||||
uintptr_t seq; // Use uintptr_t just for alignment, as we use pointer below.
|
||||
void* data;
|
||||
};
|
||||
|
@ -52,11 +53,12 @@ enum ThreadJoinState {
|
|||
THREAD_DETACHED
|
||||
};
|
||||
|
||||
struct thread_local_dtor;
|
||||
class thread_local_dtor;
|
||||
|
||||
struct pthread_internal_t {
|
||||
struct pthread_internal_t* next;
|
||||
struct pthread_internal_t* prev;
|
||||
class pthread_internal_t {
|
||||
public:
|
||||
class pthread_internal_t* next;
|
||||
class pthread_internal_t* prev;
|
||||
|
||||
pid_t tid;
|
||||
|
||||
|
|
|
@ -121,7 +121,7 @@ __END_DECLS
|
|||
|
||||
#if defined(__cplusplus)
|
||||
class KernelArgumentBlock;
|
||||
extern __LIBC_HIDDEN__ void __libc_init_main_thread(KernelArgumentBlock& args);
|
||||
extern __LIBC_HIDDEN__ void __libc_init_main_thread(KernelArgumentBlock&);
|
||||
#endif
|
||||
|
||||
#endif /* __BIONIC_PRIVATE_BIONIC_TLS_H_ */
|
||||
|
|
|
@ -4154,6 +4154,7 @@ static ElfW(Addr) get_elf_exec_load_bias(const ElfW(Ehdr)* elf) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
extern "C" int __set_tls(void*);
|
||||
extern "C" void _start();
|
||||
|
||||
/*
|
||||
|
@ -4168,6 +4169,9 @@ extern "C" void _start();
|
|||
extern "C" ElfW(Addr) __linker_init(void* raw_args) {
|
||||
KernelArgumentBlock args(raw_args);
|
||||
|
||||
void* tls[BIONIC_TLS_SLOTS];
|
||||
__set_tls(tls);
|
||||
|
||||
ElfW(Addr) linker_addr = args.getauxval(AT_BASE);
|
||||
ElfW(Addr) entry_point = args.getauxval(AT_ENTRY);
|
||||
ElfW(Ehdr)* elf_hdr = reinterpret_cast<ElfW(Ehdr)*>(linker_addr);
|
||||
|
|
Loading…
Reference in New Issue