commit f4b1cbda4a6fa15b0223b952a343f87523b8578d
author Stephen Crane <sjc@immunant.com> Tue May 09 14:27:43 2017 -0700
committer Elliott Hughes <enh@google.com> Wed Jun 21 23:53:46 2017 +0000
tree 44fb71a2252acb9f4c024eb779b6283b87ba2cc3
parent d411524609186dc6b243156e4df43617ab33d0f4

Disable stack protector for __libc_preinit

__libc_preinit sets up the stack protector global cookie value, and thus
cannot intialize a stack protector cookie for itself in the function
prologue. LTO compilation can inline functions requiring a stack
protector into __libc_preinit. This patch disables stack protection for
__libc_preinit and forces all potentially inlined functions into a
helper that can have a stack protector.

Test: run bionic-unit-tests

Change-Id: I45911611190f216c91eb6feff722967214c5f99f

libc/Android.bp

diff --git a/libc/Android.bp b/libc/Android.bp
index 5a1c287..4f6ff1a 100644
--- a/libc/Android.bp
+++ b/libc/Android.bp
@@ -123,6 +123,12 @@
     cflags: ["-fno-stack-protector"],
 }
 
+cc_library_static {
+    name: "libc_init_dynamic",
+    defaults: ["libc_defaults"],
+    srcs: ["bionic/libc_init_dynamic.cpp"],
+    cflags: ["-fno-stack-protector"],
+}
 
 // ========================================================
 // libc_tzcode.a - upstream 'tzcode' code
@@ -1757,10 +1763,10 @@
             "arch-common/bionic/crtbrand.S",
             "bionic/icu.cpp",
             "bionic/malloc_common.cpp",
-            "bionic/libc_init_dynamic.cpp",
             "bionic/NetdClient.cpp",
             "arch-common/bionic/crtend_so.S",
         ],
+        whole_static_libs: ["libc_init_dynamic"],
     },
 
     required: ["tzdata"],

libc/bionic/libc_init_dynamic.cpp

diff --git a/libc/bionic/libc_init_dynamic.cpp b/libc/bionic/libc_init_dynamic.cpp
index 43bca30..7c73950 100644
--- a/libc/bionic/libc_init_dynamic.cpp
+++ b/libc/bionic/libc_init_dynamic.cpp
@@ -61,6 +61,21 @@
   extern int __cxa_atexit(void (*)(void *), void *, void *);
 };
 
+// We need a helper function for __libc_preinit because compiling with LTO may
+// inline functions requiring a stack protector check, but __stack_chk_guard is
+// not initialized at the start of __libc_preinit. __libc_preinit_impl will run
+// after __stack_chk_guard is initialized and therefore can safely have a stack
+// protector.
+__attribute__((noinline))
+static void __libc_preinit_impl(KernelArgumentBlock& args) {
+  __libc_init_globals(args);
+  __libc_init_common(args);
+
+  // Hooks for various libraries to let them know that we're starting up.
+  __libc_globals.mutate(__libc_init_malloc);
+  netdClientInit();
+}
+
 // We flag the __libc_preinit function as a constructor to ensure
 // that its address is listed in libc.so's .init_array section.
 // This ensures that the function is called by the dynamic linker
@@ -79,12 +94,7 @@
   // thread's TLS slot with that value. Initialize the local global stack guard with its value.
   __stack_chk_guard = reinterpret_cast<uintptr_t>(tls[TLS_SLOT_STACK_GUARD]);
 
-  __libc_init_globals(*args);
-  __libc_init_common(*args);
-
-  // Hooks for various libraries to let them know that we're starting up.
-  __libc_globals.mutate(__libc_init_malloc);
-  netdClientInit();
+  __libc_preinit_impl(*args);
 }
 
 // This function is called from the executable's _start entry point