From patchwork Tue Mar  8 13:51:01 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nix <nix@esperi.org.uk>
X-Patchwork-Id: 11264
Received: (qmail 36193 invoked by alias); 8 Mar 2016 13:55:00 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 36173 invoked by uid 89); 8 Mar 2016 13:54:59 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=1.0 required=5.0 tests=AWL, BAYES_20,
	KAM_LAZY_DOMAIN_SECURITY,
	RP_MATCHES_RCVD autolearn=no version=3.3.2 spammy=testsstatic,
	tests-static, sake, Hx-spam-relays-external:sk:mail.es
X-HELO: mail.esperi.org.uk
From: Nix <nix@esperi.org.uk>
To: libc-alpha@sourceware.org
Subject: [PATCH 15/18] Avoid stack-protecting signal-handling functions
	sibcalled from assembly.
Date: Tue,  8 Mar 2016 13:51:01 +0000
Message-Id: <1457445064-7107-16-git-send-email-nix@esperi.org.uk>
In-Reply-To: <1457445064-7107-1-git-send-email-nix@esperi.org.uk>
References: <1457445064-7107-1-git-send-email-nix@esperi.org.uk>
X-DCC--Metrics: spindle 1282; Body=2 Fuz1=2 Fuz2=2

From: Nick Alcock <nick.alcock@oracle.com>

Certain signal-handling functions are sibcalled from assembly on
x86, both on Linux and the Hurd.  As such, they depend on having
the same-shaped stack frame, an assumption it seems likely that
-fstack-protector violates.  More worryingly, setjmp/sigjmp.c lands
in the dynamic linker but is overlooked by the machinery that
rebuilds almost everything else, and is never rebuilt: so we
should compile it witout stack-protection for the sake of ld.so.

v2: de-stack-protect setjmp/sigjmp.c.
v3: Use $(no-stack-protector).
v4: Use inhibit_stack_protector.
v5: Remove inhibition of nptl/pthread_mutex_(un)lock.c now that is
    diagnosed and fixed elsewhere, properly; inhibit _hurd_self_sigstate
    instead.

	* hurd/hurd/signal.h (_hurd_self_sigstate): Add
	inhibit_stack_protector.
	* setjmp/Makefile (CFLAGS-sigjmp.c): Add $(no-stack-protector).
---
 hurd/hurd/signal.h | 2 +-
 setjmp/Makefile    | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/hurd/hurd/signal.h b/hurd/hurd/signal.h
index 85e5152..78a25ae 100644
--- a/hurd/hurd/signal.h
+++ b/hurd/hurd/signal.h
@@ -129,7 +129,7 @@ extern struct hurd_sigstate *_hurd_self_sigstate (void)
 #define _HURD_SIGNAL_H_EXTERN_INLINE __extern_inline
 #endif
 
-_HURD_SIGNAL_H_EXTERN_INLINE struct hurd_sigstate *
+_HURD_SIGNAL_H_EXTERN_INLINE inhibit_stack_protector struct hurd_sigstate *
 _hurd_self_sigstate (void)
 {
   struct hurd_sigstate **location = (struct hurd_sigstate **)
diff --git a/setjmp/Makefile b/setjmp/Makefile
index 5b677cc..b617a84 100644
--- a/setjmp/Makefile
+++ b/setjmp/Makefile
@@ -35,3 +35,7 @@ tests-static	:= tst-setjmp-static
 include ../Rules
 
 $(objpfx)tst-setjmp-fp: $(libm)
+
+# This is sibcalled directly from arch-specific assembly, included in rtld,
+# but never rebuilt, so it must never be built with stack protection.
+CFLAGS-sigjmp.c += $(no-stack-protector)