Defend against -fstack-protector in libc startup.
Exactly which functions get a stack protector is up to the compiler, so
let's separate the code that sets up the environment stack protection
requires and explicitly build it with -fno-stack-protector.
Bug: http://b/26276517
Change-Id: I8719e23ead1f1e81715c32c1335da868f68369b5
diff --git a/libc/Android.mk b/libc/Android.mk
index ca75230..753e946 100644
--- a/libc/Android.mk
+++ b/libc/Android.mk
@@ -616,7 +616,6 @@
libc_common_cflags := \
-D_LIBC=1 \
-Wall -Wextra -Wunused \
- -fno-stack-protector \
use_clang := $(USE_CLANG_PLATFORM_BUILD)
@@ -685,16 +684,21 @@
# libc_stack_protector.a - stack protector code
# ========================================================
#
-# The stack protector code needs to be compiled
-# with -fno-stack-protector, since it modifies the
-# stack canary.
+# Code that implements the stack protector (or that runs
+# before TLS has been set up) needs to be compiled with
+# -fno-stack-protector, since it accesses the stack canary
+# TLS slot.
include $(CLEAR_VARS)
-LOCAL_SRC_FILES := bionic/__stack_chk_fail.cpp
-# On x86, the __set_tls implementation is complex enough that
-# -fstack-protector-strong inserts a check.
+LOCAL_SRC_FILES := \
+ bionic/__libc_init_main_thread.cpp \
+ bionic/__stack_chk_fail.cpp \
+
+LOCAL_SRC_FILES_arm64 := arch-arm64/bionic/__set_tls.c
LOCAL_SRC_FILES_x86 := arch-x86/bionic/__set_tls.c
+LOCAL_SRC_FILES_x86_64 := arch-x86_64/bionic/__set_tls.c
+
LOCAL_CFLAGS := $(libc_common_cflags) -fno-stack-protector
LOCAL_CONLYFLAGS := $(libc_common_conlyflags)
LOCAL_CPPFLAGS := $(libc_common_cppflags)
@@ -711,6 +715,30 @@
include $(BUILD_STATIC_LIBRARY)
+# libc_init_static.cpp also needs to be built without stack protector,
+# because it's responsible for setting up TLS for static executables.
+# This isn't the case for dynamic executables because the dynamic linker
+# has already set up the main thread's TLS.
+
+include $(CLEAR_VARS)
+
+LOCAL_SRC_FILES := bionic/libc_init_static.cpp
+LOCAL_CFLAGS := $(libc_common_cflags) -fno-stack-protector
+LOCAL_CONLYFLAGS := $(libc_common_conlyflags)
+LOCAL_CPPFLAGS := $(libc_common_cppflags)
+LOCAL_C_INCLUDES := $(libc_common_c_includes)
+LOCAL_MODULE := libc_init_static
+LOCAL_CLANG := $(use_clang)
+LOCAL_ADDITIONAL_DEPENDENCIES := $(libc_common_additional_dependencies)
+LOCAL_CXX_STL := none
+LOCAL_SYSTEM_SHARED_LIBRARIES :=
+LOCAL_SANITIZE := never
+LOCAL_NATIVE_COVERAGE := $(bionic_coverage)
+
+$(eval $(call patch-up-arch-specific-flags,LOCAL_CFLAGS,libc_common_cflags))
+include $(BUILD_STATIC_LIBRARY)
+
+
# ========================================================
# libc_tzcode.a - upstream 'tzcode' code
# ========================================================
@@ -1272,7 +1300,6 @@
LOCAL_SRC_FILES := \
$(libc_arch_static_src_files) \
- bionic/libc_init_static.cpp
LOCAL_C_INCLUDES := $(libc_common_c_includes)
LOCAL_CFLAGS := $(libc_common_cflags) \
@@ -1284,7 +1311,7 @@
LOCAL_MODULE := libc_nomalloc
LOCAL_CLANG := $(use_clang)
LOCAL_ADDITIONAL_DEPENDENCIES := $(libc_common_additional_dependencies)
-LOCAL_WHOLE_STATIC_LIBRARIES := libc_common
+LOCAL_WHOLE_STATIC_LIBRARIES := libc_common libc_init_static
LOCAL_CXX_STL := none
LOCAL_SYSTEM_SHARED_LIBRARIES :=
LOCAL_SANITIZE := never
@@ -1324,7 +1351,6 @@
LOCAL_SRC_FILES := \
$(libc_arch_static_src_files) \
bionic/malloc_debug_common.cpp \
- bionic/libc_init_static.cpp \
LOCAL_CFLAGS := $(libc_common_cflags) \
-DLIBC_STATIC \
@@ -1335,7 +1361,7 @@
LOCAL_MODULE := libc
LOCAL_CLANG := $(use_clang)
LOCAL_ADDITIONAL_DEPENDENCIES := $(libc_common_additional_dependencies)
-LOCAL_WHOLE_STATIC_LIBRARIES := libc_common
+LOCAL_WHOLE_STATIC_LIBRARIES := libc_common libc_init_static
ifneq ($(MALLOC_SVELTE),true)
LOCAL_WHOLE_STATIC_LIBRARIES += libjemalloc
diff --git a/libc/arch-arm64/arm64.mk b/libc/arch-arm64/arm64.mk
index 0811c96..9a76072 100644
--- a/libc/arch-arm64/arm64.mk
+++ b/libc/arch-arm64/arm64.mk
@@ -42,7 +42,6 @@
arch-arm64/bionic/__bionic_clone.S \
arch-arm64/bionic/_exit_with_stack_teardown.S \
arch-arm64/bionic/setjmp.S \
- arch-arm64/bionic/__set_tls.c \
arch-arm64/bionic/syscall.S \
arch-arm64/bionic/vfork.S \
diff --git a/libc/arch-x86_64/x86_64.mk b/libc/arch-x86_64/x86_64.mk
index bbf5c8c..ce06217 100644
--- a/libc/arch-x86_64/x86_64.mk
+++ b/libc/arch-x86_64/x86_64.mk
@@ -25,7 +25,6 @@
arch-x86_64/bionic/_exit_with_stack_teardown.S \
arch-x86_64/bionic/__restore_rt.S \
arch-x86_64/bionic/setjmp.S \
- arch-x86_64/bionic/__set_tls.c \
arch-x86_64/bionic/syscall.S \
arch-x86_64/bionic/vfork.S \
diff --git a/libc/bionic/__cxa_thread_atexit_impl.cpp b/libc/bionic/__cxa_thread_atexit_impl.cpp
index 0e903b9..6284b12 100644
--- a/libc/bionic/__cxa_thread_atexit_impl.cpp
+++ b/libc/bionic/__cxa_thread_atexit_impl.cpp
@@ -17,7 +17,8 @@
#include "pthread_internal.h"
-struct thread_local_dtor {
+class thread_local_dtor {
+ public:
void (*func) (void *);
void *arg;
void *dso_handle; // unused...
diff --git a/libc/bionic/__libc_init_main_thread.cpp b/libc/bionic/__libc_init_main_thread.cpp
new file mode 100644
index 0000000..e1445cb
--- /dev/null
+++ b/libc/bionic/__libc_init_main_thread.cpp
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "libc_init_common.h"
+
+#include "private/bionic_auxv.h"
+#include "private/bionic_globals.h"
+#include "private/KernelArgumentBlock.h"
+#include "pthread_internal.h"
+
+extern "C" int __set_tls(void* ptr);
+extern "C" int __set_tid_address(int* tid_address);
+
+// Setup for the main thread. For dynamic executables, this is called by the
+// linker _before_ libc is mapped in memory. This means that all writes to
+// globals from this function will apply to linker-private copies and will not
+// be visible from libc later on.
+//
+// Note: this function creates a pthread_internal_t for the initial thread and
+// stores the pointer in TLS, but does not add it to pthread's thread list. This
+// has to be done later from libc itself (see __libc_init_common).
+//
+// This is in a file by itself because it needs to be built with
+// -fno-stack-protector because it's responsible for setting up the main
+// thread's TLS (which stack protector relies on).
+
+void __libc_init_main_thread(KernelArgumentBlock& args) {
+ __libc_auxv = args.auxv;
+
+ static pthread_internal_t main_thread;
+
+ // The -fstack-protector implementation uses TLS, so make sure that's
+ // set up before we call any function that might get a stack check inserted.
+ __set_tls(main_thread.tls);
+
+ // Tell the kernel to clear our tid field when we exit, so we're like any other pthread.
+ // As a side-effect, this tells us our pid (which is the same as the main thread's tid).
+ main_thread.tid = __set_tid_address(&main_thread.tid);
+ main_thread.set_cached_pid(main_thread.tid);
+
+ // We don't want to free the main thread's stack even when the main thread exits
+ // because things like environment variables with global scope live on it.
+ // We also can't free the pthread_internal_t itself, since that lives on the main
+ // thread's stack rather than on the heap.
+ // The main thread has no mmap allocated space for stack or pthread_internal_t.
+ main_thread.mmap_size = 0;
+ pthread_attr_init(&main_thread.attr);
+ main_thread.attr.guard_size = 0; // The main thread has no guard page.
+ main_thread.attr.stack_size = 0; // User code should never see this; we'll compute it when asked.
+ // TODO: the main thread's sched_policy and sched_priority need to be queried.
+
+ __init_thread(&main_thread);
+ __init_tls(&main_thread);
+
+ // Store a pointer to the kernel argument block in a TLS slot to be
+ // picked up by the libc constructor.
+ main_thread.tls[TLS_SLOT_BIONIC_PREINIT] = &args;
+
+ __init_alternate_signal_stack(&main_thread);
+}
diff --git a/libc/bionic/libc_init_common.cpp b/libc/bionic/libc_init_common.cpp
index d16b452..532dab9 100644
--- a/libc/bionic/libc_init_common.cpp
+++ b/libc/bionic/libc_init_common.cpp
@@ -52,8 +52,6 @@
extern "C" abort_msg_t** __abort_message_ptr;
extern "C" int __system_properties_init(void);
-extern "C" int __set_tls(void* ptr);
-extern "C" int __set_tid_address(int* tid_address);
__LIBC_HIDDEN__ WriteProtected<libc_globals> __libc_globals;
@@ -66,49 +64,6 @@
// Declared in "private/bionic_ssp.h".
uintptr_t __stack_chk_guard = 0;
-// Setup for the main thread. For dynamic executables, this is called by the
-// linker _before_ libc is mapped in memory. This means that all writes to
-// globals from this function will apply to linker-private copies and will not
-// be visible from libc later on.
-//
-// Note: this function creates a pthread_internal_t for the initial thread and
-// stores the pointer in TLS, but does not add it to pthread's thread list. This
-// has to be done later from libc itself (see __libc_init_common).
-void __libc_init_main_thread(KernelArgumentBlock& args) {
- __libc_auxv = args.auxv;
-
- static pthread_internal_t main_thread;
-
- // The x86 -fstack-protector implementation uses TLS, so make sure that's
- // set up before we call any function that might get a stack check inserted.
- __set_tls(main_thread.tls);
-
- // Tell the kernel to clear our tid field when we exit, so we're like any other pthread.
- // As a side-effect, this tells us our pid (which is the same as the main thread's tid).
- main_thread.tid = __set_tid_address(&main_thread.tid);
- main_thread.set_cached_pid(main_thread.tid);
-
- // We don't want to free the main thread's stack even when the main thread exits
- // because things like environment variables with global scope live on it.
- // We also can't free the pthread_internal_t itself, since that lives on the main
- // thread's stack rather than on the heap.
- // The main thread has no mmap allocated space for stack or pthread_internal_t.
- main_thread.mmap_size = 0;
- pthread_attr_init(&main_thread.attr);
- main_thread.attr.guard_size = 0; // The main thread has no guard page.
- main_thread.attr.stack_size = 0; // User code should never see this; we'll compute it when asked.
- // TODO: the main thread's sched_policy and sched_priority need to be queried.
-
- __init_thread(&main_thread);
- __init_tls(&main_thread);
-
- // Store a pointer to the kernel argument block in a TLS slot to be
- // picked up by the libc constructor.
- main_thread.tls[TLS_SLOT_BIONIC_PREINIT] = &args;
-
- __init_alternate_signal_stack(&main_thread);
-}
-
void __libc_init_globals(KernelArgumentBlock& args) {
// Initialize libc globals that are needed in both the linker and in libc.
// In dynamic binaries, this is run at least twice for different copies of the
diff --git a/libc/bionic/libc_init_dynamic.cpp b/libc/bionic/libc_init_dynamic.cpp
index edf6a44..97d9e39 100644
--- a/libc/bionic/libc_init_dynamic.cpp
+++ b/libc/bionic/libc_init_dynamic.cpp
@@ -25,6 +25,7 @@
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
+
/*
* libc_init_dynamic.c
*
diff --git a/libc/bionic/libc_init_static.cpp b/libc/bionic/libc_init_static.cpp
index 2fe86d0..3cda1a2 100644
--- a/libc/bionic/libc_init_static.cpp
+++ b/libc/bionic/libc_init_static.cpp
@@ -25,17 +25,6 @@
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
-/*
- * libc_init_static.c
- *
- * The program startup function __libc_init() defined here is
- * used for static executables only (i.e. those that don't depend
- * on shared libraries). It is called from arch-$ARCH/bionic/crtbegin_static.S
- * which is directly invoked by the kernel when the program is launched.
- *
- * The 'structors' parameter contains pointers to various initializer
- * arrays that must be run before the program's 'main' routine is launched.
- */
#include <elf.h>
#include <errno.h>
@@ -79,12 +68,19 @@
}
}
+// The program startup function __libc_init() defined here is
+// used for static executables only (i.e. those that don't depend
+// on shared libraries). It is called from arch-$ARCH/bionic/crtbegin_static.S
+// which is directly invoked by the kernel when the program is launched.
+//
+// The 'structors' parameter contains pointers to various initializer
+// arrays that must be run before the program's 'main' routine is launched.
+
__noreturn void __libc_init(void* raw_args,
void (*onexit)(void) __unused,
int (*slingshot)(int, char**, char**),
structors_array_t const * const structors) {
KernelArgumentBlock args(raw_args);
-
__libc_init_main_thread(args);
// Initializing the globals requires TLS to be available for errno.
diff --git a/libc/bionic/pthread_internal.h b/libc/bionic/pthread_internal.h
index f96e9d2..e8be4ae 100644
--- a/libc/bionic/pthread_internal.h
+++ b/libc/bionic/pthread_internal.h
@@ -40,7 +40,8 @@
/* Has the thread been joined by another thread? */
#define PTHREAD_ATTR_FLAG_JOINED 0x00000002
-struct pthread_key_data_t {
+class pthread_key_data_t {
+ public:
uintptr_t seq; // Use uintptr_t just for alignment, as we use pointer below.
void* data;
};
@@ -52,11 +53,12 @@
THREAD_DETACHED
};
-struct thread_local_dtor;
+class thread_local_dtor;
-struct pthread_internal_t {
- struct pthread_internal_t* next;
- struct pthread_internal_t* prev;
+class pthread_internal_t {
+ public:
+ class pthread_internal_t* next;
+ class pthread_internal_t* prev;
pid_t tid;
diff --git a/libc/private/bionic_tls.h b/libc/private/bionic_tls.h
index 2ca7728..9d3f4c5 100644
--- a/libc/private/bionic_tls.h
+++ b/libc/private/bionic_tls.h
@@ -121,7 +121,7 @@
#if defined(__cplusplus)
class KernelArgumentBlock;
-extern __LIBC_HIDDEN__ void __libc_init_main_thread(KernelArgumentBlock& args);
+extern __LIBC_HIDDEN__ void __libc_init_main_thread(KernelArgumentBlock&);
#endif
#endif /* __BIONIC_PRIVATE_BIONIC_TLS_H_ */