about summary refs log tree commit diff
path: root/include
diff options
context:
space:
mode:
authorNick Alcock <nick.alcock@oracle.com>2016-12-26 10:08:41 +0100
committerFlorian Weimer <fweimer@redhat.com>2016-12-26 10:08:41 +0100
commitde6591238b478bc86b8cf5af01a484114e399213 (patch)
tree2717c115fbc7518fcbe9348239ff536eb914d267 /include
parent003a27e8195470f470f4d9384ca70d4e9fc8bd1b (diff)
downloadglibc-de6591238b478bc86b8cf5af01a484114e399213.tar.gz
glibc-de6591238b478bc86b8cf5af01a484114e399213.tar.xz
glibc-de6591238b478bc86b8cf5af01a484114e399213.zip
Do not stack-protect ifunc resolvers [BZ #7065]
When dynamically linking, ifunc resolvers are called before TLS is
initialized, so they cannot be safely stack-protected.

We avoid disabling stack-protection on large numbers of files by
using __attribute__ ((__optimize__ ("-fno-stack-protector")))
to turn it off just for the resolvers themselves.  (We provide
the attribute even when statically linking, because we will later
use it elsewhere too.)
Diffstat (limited to 'include')
-rw-r--r--include/libc-symbols.h12
1 files changed, 11 insertions, 1 deletions
diff --git a/include/libc-symbols.h b/include/libc-symbols.h
index 4238d7930b..d981e67343 100644
--- a/include/libc-symbols.h
+++ b/include/libc-symbols.h
@@ -336,6 +336,16 @@ for linking")
 
 #define attribute_relro __attribute__ ((section (".data.rel.ro")))
 
+
+/* Used to disable stack protection in sensitive places, like ifunc
+   resolvers and early static TLS init.  */
+#ifdef HAVE_CC_NO_STACK_PROTECTOR
+# define inhibit_stack_protector \
+    __attribute__ ((__optimize__ ("-fno-stack-protector")))
+#else
+# define inhibit_stack_protector
+#endif
+
 /* The following macros are used for PLT bypassing within libc.so
    (and if needed other libraries similarly).
    First of all, you need to have the function prototyped somewhere,
@@ -737,7 +747,7 @@ for linking")
 
 /* Helper / base  macros for indirect function symbols.  */
 #define __ifunc_resolver(type_name, name, expr, arg, init, classifier)	\
-  classifier void *name##_ifunc (arg)					\
+  classifier inhibit_stack_protector void *name##_ifunc (arg)					\
   {									\
     init ();								\
     __typeof (type_name) *res = expr;					\