From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 732 invoked by alias); 26 Sep 2013 15:02:48 -0000 Mailing-List: contact libc-ports-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: libc-ports-owner@sourceware.org Received: (qmail 717 invoked by uid 89); 26 Sep 2013 15:02:47 -0000 Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 26 Sep 2013 15:02:47 +0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPAM_SUBJECT autolearn=no version=3.3.2 X-HELO: mx1.redhat.com Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r8QF2f7J021089 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 26 Sep 2013 11:02:41 -0400 Received: from [10.3.113.163] (ovpn-113-163.phx2.redhat.com [10.3.113.163]) by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id r8QF2en3001841; Thu, 26 Sep 2013 11:02:40 -0400 Message-ID: <52444C90.5070307@redhat.com> Date: Thu, 26 Sep 2013 15:02:00 -0000 From: "Carlos O'Donell" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130805 Thunderbird/17.0.8 MIME-Version: 1.0 To: Will Newton CC: libc-ports@sourceware.org, patches@linaro.org Subject: Re: [PATCH] ARM: Add pointer guard support. References: <5242A79D.1030709@linaro.org> In-Reply-To: <5242A79D.1030709@linaro.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2013-09/txt/msg00141.txt.bz2 On 09/25/2013 05:06 AM, Will Newton wrote: > > Add support for pointer mangling in glibc internal structures in C > and assembler code. > > Tested on armv7 with hard and soft thread pointers. > > ports/ChangeLog.arm: > > 2013-09-24 Will Newton > > * sysdeps/arm/__longjmp.S (__longjmp): Demangle fp, sp > and lr when restoring register values. > * sysdeps/arm/include/bits/setjmp.h (JMP_BUF_REGLIST): Remove > sp and lr from list and replace fp with a4. > * sysdeps/arm/jmpbuf-unwind.h (_jmpbuf_sp): New function. > (_JMPBUF_UNWINDS_ADJ): Call _jmpbuf_sp. > * sysdeps/arm/nptl/tcb-offsets.sym: Add POINTER_GUARD. > * sysdeps/arm/nptl/tls.h (tcbhead_t): Remove private and add > pointer_guard. (THREAD_GET_POINTER_GUARD): New macro. > (THREAD_SET_POINTER_GUARD): New macro. > (THREAD_COPY_POINTER_GUARD): New macro. > * sysdeps/arm/setjmp.S (__sigsetjmp): Mangle fp, sp and lr > before storing register values. > * sysdeps/unix/sysv/linux/arm/sysdep.h (PTR_MANGLE): New macro. > (PTR_DEMANGLE): Likewise. (PTR_MANGLE2): Likewise. > (PTR_DEMANGLE2): Likewise. As of the fix for CVE-2013-4788 (bug 15754) there is now a regression test that ensures the pointer guard varies with each process and is indeed somewhat variable. You will need to provide your own stackguard-macros.h file with the appropriate macros including POINTER_CHK_GUARD to allow tst-ptrguard1 and tst-ptrguard1-static to pass. If these tests don't pass then you've got something wrong. Cheers, Carlos.