From c61b4d41c9647a54a329aa021341c0eb032b793e Mon Sep 17 00:00:00 2001 From: Carlos O'Donell Date: Mon, 23 Sep 2013 00:52:09 -0400 Subject: BZ #15754: CVE-2013-4788 The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature being disabled. The pointer guard is now correctly initialized to a random value for static applications. Existing static applications need to be recompiled to take advantage of the fix. The test tst-ptrguard1-static and tst-ptrguard1 add regression coverage to ensure the pointer guards are sufficiently random and initialized to a default value. --- sysdeps/s390/s390-64/stackguard-macros.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'sysdeps/s390/s390-64') diff --git a/sysdeps/s390/s390-64/stackguard-macros.h b/sysdeps/s390/s390-64/stackguard-macros.h index 0cebb5f022..c8270fbe79 100644 --- a/sysdeps/s390/s390-64/stackguard-macros.h +++ b/sysdeps/s390/s390-64/stackguard-macros.h @@ -2,3 +2,17 @@ #define STACK_CHK_GUARD \ ({ uintptr_t x; asm ("ear %0,%%a0; sllg %0,%0,32; ear %0,%%a1; lg %0,0x28(%0)" : "=a" (x)); x; }) + +/* On s390/s390x there is no unique pointer guard, instead we use the + same value as the stack guard. */ +#define POINTER_CHK_GUARD \ + ({ \ + uintptr_t x; \ + asm ("ear %0,%%a0;" \ + "sllg %0,%0,32;" \ + "ear %0,%%a1;" \ + "lg %0,%1(%0)" \ + : "=a" (x) \ + : "i" (offsetof (tcbhead_t, stack_guard))); \ + x; \ + }) -- cgit 1.4.1