Use read_volatile for stack_check_guard.
Its whole point is that it will be aliased if the stack overflows, so it
doesn't make sense to use a reference. In fact the compiler might
optimise away the reads. Reading a pointer is still a bit dodgy, but
better.
Test: m vmbase_example_bin
Change-Id: I23e83d2b83d945d0fe66bcbd909cd5e04a609e12
diff --git a/vmbase/src/bionic.rs b/vmbase/src/bionic.rs
index 69da521..937105e 100644
--- a/vmbase/src/bionic.rs
+++ b/vmbase/src/bionic.rs
@@ -23,13 +23,9 @@
use crate::console;
use crate::eprintln;
-use crate::linker;
const EOF: c_int = -1;
-/// Reference to __stack_chk_guard.
-pub static STACK_CHK_GUARD: &u64 = unsafe { &linker::__stack_chk_guard };
-
#[no_mangle]
extern "C" fn __stack_chk_fail() -> ! {
panic!("stack guard check failed");
diff --git a/vmbase/src/layout/mod.rs b/vmbase/src/layout/mod.rs
index 21c113a..00d7f9a 100644
--- a/vmbase/src/layout/mod.rs
+++ b/vmbase/src/layout/mod.rs
@@ -17,6 +17,7 @@
pub mod crosvm;
use crate::console::BASE_ADDRESS;
+use crate::linker::__stack_chk_guard;
use core::ops::Range;
use core::ptr::addr_of;
@@ -97,3 +98,11 @@
pub fn binary_end() -> usize {
linker_addr!(bin_end)
}
+
+/// Value of __stack_chk_guard.
+pub fn stack_chk_guard() -> u64 {
+ // SAFETY: __stack_chk_guard shouldn't have any mutable aliases unless the stack overflows. If
+ // it does, then there could be undefined behaviour all over the program, but we want to at
+ // least have a chance at catching it.
+ unsafe { addr_of!(__stack_chk_guard).read_volatile() }
+}
diff --git a/vmbase/src/lib.rs b/vmbase/src/lib.rs
index 88bad8b..7e47968 100644
--- a/vmbase/src/lib.rs
+++ b/vmbase/src/lib.rs
@@ -35,8 +35,6 @@
pub mod util;
pub mod virtio;
-pub use bionic::STACK_CHK_GUARD;
-
use core::panic::PanicInfo;
use power::reboot;