Valgrind: r16458 - in /trunk: NEWS coregrind/m_redir.c coregrind/m_trampoline.S coregrind/pub_core_trampoline.h

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Valgrind: r16458 - in /trunk: NEWS coregrind/m_redir.c coregrind/m_trampoline.S coregrind/pub_core_trampoline.h

svn-2
Author: mjw
Date: Wed Jul  5 10:57:48 2017
New Revision: 16458

Log:
Bug 381805 arm32 needs ld.so index hardwire for new glibc security fixes

glibc added some security hardening adding (optimized) index/strchr
calls in the LD_PRELOAD path:

    commit 6d0ba622891bed9d8394eef1935add53003b12e8
    Author: Florian Weimer <[hidden email]>
    Date:   Mon Jun 19 22:31:04 2017 +0200

        ld.so: Reject overly long LD_PRELOAD path elements

arm32 doesn't have an ld.so hardwire for index/strchr like other
architectures and so will always complain during early startup:

    ==9495== Conditional jump or move depends on uninitialised value(s)
    ==9495==    at 0x401CF84: index (in /usr/lib/ld-2.25.so)
    ==9495==
    ==9495== Conditional jump or move depends on uninitialised value(s)
    ==9495==    at 0x401CF88: index (in /usr/lib/ld-2.25.so)

index/strchr is doing a word load from a partially-written
stack-allocated buffer, therefore accessing uninitialized data.
This is normal for an optimized string function. The uninitialized
data does not affect the function result.

This can be suppressed by adding a index hardwire for ld.so on arm32
like on other arches. There even was already some commented out code
to do that. Enable that code.

Modified:
    trunk/NEWS
    trunk/coregrind/m_redir.c
    trunk/coregrind/m_trampoline.S
    trunk/coregrind/pub_core_trampoline.h

Modified: trunk/NEWS
==============================================================================
--- trunk/NEWS (original)
+++ trunk/NEWS Wed Jul  5 10:57:48 2017
@@ -41,6 +41,7 @@
 381289  epoll_pwait can have a NULL sigmask
 381274  powerpc too chatty even with --sigill-diagnostics=no
 381769  Use ucontext_t instead of struct ucontext
+381805  arm32 needs ld.so index hardwire for new glibc security fixes
 
 
 Release 3.13.0 (15 June 2017)

Modified: trunk/coregrind/m_redir.c
==============================================================================
--- trunk/coregrind/m_redir.c (original)
+++ trunk/coregrind/m_redir.c Wed Jul  5 10:57:48 2017
@@ -1485,6 +1485,17 @@
          (Addr)&VG_(arm_linux_REDIR_FOR_strcmp),
          complain_about_stripped_glibc_ldso
       );
+      /* index */
+      add_hardwired_spec(
+         "ld-linux.so.3", "index",
+         (Addr)&VG_(arm_linux_REDIR_FOR_index),
+         complain_about_stripped_glibc_ldso
+      );
+      add_hardwired_spec(
+         "ld-linux-armhf.so.3", "index",
+         (Addr)&VG_(arm_linux_REDIR_FOR_index),
+         complain_about_stripped_glibc_ldso
+      );
    }
 
 #  elif defined(VGP_arm64_linux)

Modified: trunk/coregrind/m_trampoline.S
==============================================================================
--- trunk/coregrind/m_trampoline.S (original)
+++ trunk/coregrind/m_trampoline.S Wed Jul  5 10:57:48 2017
@@ -625,26 +625,26 @@
  bx lr
  UD2_4
 
-//.global VG_(arm_linux_REDIR_FOR_index)
-//VG_(arm_linux_REDIR_FOR_index):
-// ldrb r3, [r0, #0] @ zero_extendqisi2
-// and r1, r1, #255
-// cmp r3, r1
-// @ lr needed for prologue
-// bne .L9
-// bx lr
-//.L12:
-// ldrb r3, [r0, #1]! @ zero_extendqisi2
-// cmp r3, r1
-// beq .L11
-//.L9:
-// cmp r3, #0
-// bne .L12
-// mov r0, #0
-// bx lr
-//.L11:
-// bx lr
-// UD2_4
+.global VG_(arm_linux_REDIR_FOR_index)
+VG_(arm_linux_REDIR_FOR_index):
+ ldrb r3, [r0, #0] @ zero_extendqisi2
+ and r1, r1, #255
+ cmp r3, r1
+ @ lr needed for prologue
+ bne .L9
+ bx lr
+.L12:
+ ldrb r3, [r0, #1]! @ zero_extendqisi2
+ cmp r3, r1
+ beq .L11
+.L9:
+ cmp r3, #0
+ bne .L12
+ mov r0, #0
+ bx lr
+.L11:
+ bx lr
+ UD2_4
 
 .global VG_(arm_linux_REDIR_FOR_memcpy)
 VG_(arm_linux_REDIR_FOR_memcpy):

Modified: trunk/coregrind/pub_core_trampoline.h
==============================================================================
--- trunk/coregrind/pub_core_trampoline.h (original)
+++ trunk/coregrind/pub_core_trampoline.h Wed Jul  5 10:57:48 2017
@@ -100,7 +100,7 @@
 extern Addr  VG_(arm_linux_SUBST_FOR_sigreturn);
 extern Addr  VG_(arm_linux_SUBST_FOR_rt_sigreturn);
 extern UInt  VG_(arm_linux_REDIR_FOR_strlen)( void* );
-//extern void* VG_(arm_linux_REDIR_FOR_index) ( void*, Int );
+extern void* VG_(arm_linux_REDIR_FOR_index) ( void*, Int );
 extern void* VG_(arm_linux_REDIR_FOR_memcpy)( void*, void*, Int );
 extern void* VG_(arm_linux_REDIR_FOR_strcmp)( void*, void* );
 #endif


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Valgrind-developers mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/valgrind-developers