This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH 13/14] Avoid stack-protecting certain functions called from assembly.

From: Nix <nix at esperi dot org dot uk>
To: libc-alpha at sourceware dot org
Cc: carlos at redhat dot com
Date: Tue, 23 Feb 2016 23:39:36 +0000
Subject: [PATCH 13/14] Avoid stack-protecting certain functions called from assembly.
Authentication-results: sourceware.org; auth=none
References: <1456270777-9083-1-git-send-email-nix at esperi dot org dot uk>

From: Nick Alcock <nick.alcock@oracle.com>

This is the problematic part.  Without -fno-stack-protector on
__pthread_mutex_cond_lock_adjust() and __pthread_mutex_unlock_usercnt(),
nptl/tst-cond24 and nptl/tst-cond25 receive a NULL mutex at unlock time
and segfault.  However... I don't understand why.  It is the callee's
responsibility both to add the stack canary and to initialize it, just
like any other local variable.  It has to be, or the ABI for stack-
protected code would be incompatible with that for non-protected code.
But the fact remains that
sysdeps/unix/sysv/linux/i386/pthread_cond_timedwait.S both explicitly
mentions the stack frame layout and calls this function, and this call
goes wrong if we stack-protect it.

So this is somewhere where I need someone to tell me what's special about
sysdeps/unix/sysv/linux/i386/pthread_cond_timedwait.S (and in particular
special about priority-inheritance mutexes: everything else works),
before I can be confident that this is even remotely the right thing to
do.

We also de-stack-protect setjmp/sigjmp.c: it receives a sibcall from
sysdeps/x86_64/setjmp.S and lands in rtld, but is *not* rebuilt by
the machinery that rebuilds almost everything else that lands in
rtld with an appropriate MODULE_NAME.

Similar fixups may be required for things called directly from
assembly on other architectures.

v2: de-stack-protect setjmp/sigjmp.c.
---
 nptl/Makefile   | 4 ++++
 setjmp/Makefile | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/nptl/Makefile b/nptl/Makefile
index a1d52a2..95240c7 100644
--- a/nptl/Makefile
+++ b/nptl/Makefile
@@ -330,6 +330,10 @@ endif
 ifeq ($(have-ssp),yes)
 # Parts of nptl-init.c are called before the stack guard is initialized.
 CFLAGS-nptl-init.c += -fno-stack-protector
+# Parts of these files are called from assembler, with a hand-made stack,
+# sans canary.
+CFLAGS-pthread_mutex_cond_lock.c += -fno-stack-protector
+CFLAGS-pthread_mutex_unlock.c += -fno-stack-protector
 endif
 
 modules-names = tst-atfork2mod tst-tls3mod tst-tls4moda tst-tls4modb \
diff --git a/setjmp/Makefile b/setjmp/Makefile
index 5b677cc..37c5a1b 100644
--- a/setjmp/Makefile
+++ b/setjmp/Makefile
@@ -35,3 +35,9 @@ tests-static	:= tst-setjmp-static
 include ../Rules
 
 $(objpfx)tst-setjmp-fp: $(libm)
+
+ifeq ($(have-ssp),yes)
+# This is sibcalled directly from arch-specific assembly, included in rtld,
+# but never rebuilt, so it must never be built with stack protection.
+CFLAGS-sigjmp.c += -fno-stack-protector
+endif
-- 
2.7.0.198.g6dd47b6

References:
- --enable-stack-protector for glibc, v2, now with sparc.
  - From: Nix

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]