This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH 09/14 v6] Add stack_chk_fail_local to libc.so.

From: Nix <nix at esperi dot org dot uk>
To: libc-alpha at sourceware dot org
Cc: fweimer at redhat dot com, Nick Alcock <nick dot alcock at oracle dot com>
Date: Tue, 7 Jun 2016 12:06:11 +0100
Subject: [PATCH 09/14 v6] Add stack_chk_fail_local to libc.so.
Authentication-results: sourceware.org; auth=none
References: <1465297576-10981-1-git-send-email-nix at esperi dot org dot uk>

From: Nick Alcock <nick.alcock@oracle.com>

This is required by the next commit, which routes all
__stack_chk_fail() calls in libc.so via this function to avoid
the PLT.  It has be duplicated in libc.so and libc_nonshared.a
because its entire reason for existence is to be hidden and avoid
the PLT, so the copy in libc.so is not visible from elsewhere.

Also stop all the variants of __stack_chk_fail from being stack-
protected: this makes no sense and risks recursion.

v5: Better explanation.  Add no-stack-protection of
    __stack_chk_fail_local etc.
v6: Rework as suggested by Andreas: make a shared-only version of
    stack_chk_fail_local.c rather than linking libc_nonshared into
    libc.

	* debug/libc-stack_chk_fail_local.c: New file.
	* debug/Makefile (routines): Add it.
	(shared-only-routines): Likewise.
	(CFLAGS-stack_chk_fail.c): Use $(no-stack-protector).
	(CFLAGS-stack_chk_fail_local.c): Likewise.
	(CFLAGS-libc-stack_chk_fail_local.c): Likewise.
---
 debug/Makefile                    | 14 +++++++++++++-
 debug/libc-stack_chk_fail_local.c |  3 +++
 2 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 debug/libc-stack_chk_fail_local.c

diff --git a/debug/Makefile b/debug/Makefile
index 6b5f31e..27da081 100644
--- a/debug/Makefile
+++ b/debug/Makefile
@@ -48,9 +48,21 @@ routines  = backtrace backtracesyms backtracesymsfd noophooks \
 	    vdprintf_chk obprintf_chk \
 	    longjmp_chk ____longjmp_chk \
 	    fdelt_chk poll_chk ppoll_chk \
-	    stack_chk_fail fortify_fail \
+	    stack_chk_fail fortify_fail libc-stack_chk_fail_local \
 	    $(static-only-routines)
+
+# stack_chk_fail_local must be non-PIC, thus static-only, but we also
+# want an identical thunk hidden in libc.so to avoid going via the PLT.
+
 static-only-routines := warning-nop stack_chk_fail_local
+shared-only-routines += libc-stack_chk_fail_local
+
+# Building the stack-protector failure routines with stack protection
+# makes no sense.
+
+CFLAGS-stack_chk_fail.c = $(no-stack-protector)
+CFLAGS-stack_chk_fail_local.c = $(no-stack-protector)
+CFLAGS-libc-stack_chk_fail_local.c = $(no-stack-protector)
 
 CFLAGS-backtrace.c = -fno-omit-frame-pointer
 CFLAGS-sprintf_chk.c = $(libio-mtsafe)
diff --git a/debug/libc-stack_chk_fail_local.c b/debug/libc-stack_chk_fail_local.c
new file mode 100644
index 0000000..73da970
--- /dev/null
+++ b/debug/libc-stack_chk_fail_local.c
@@ -0,0 +1,3 @@
+/* This goes into the shared libc.  */
+
+#include <stack_chk_fail_local.c>
-- 
2.8.2.202.g98588b6

Follow-Ups:
- Re: [PATCH 09/14 v6] Add stack_chk_fail_local to libc.so.
  - From: Florian Weimer

References:
- --enable-stack-protector for glibc, v7
  - From: Nix

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]