1 // Copyright 2021 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/stack_canary_linux.h"
11 #include "base/bits.h"
12 #include "base/check_op.h"
13 #include "base/compiler_specific.h"
14 #include "base/logging.h"
15 #include "base/memory/page_size.h"
16 #include "base/rand_util.h"
17 #include "build/build_config.h"
21 #if defined(LIBC_GLIBC)
23 #if defined(ARCH_CPU_ARM_FAMILY)
24 // On ARM, Glibc uses a global variable (exported) called __stack_chk_guard.
26 extern uintptr_t __stack_chk_guard;
28 #endif // defined(ARCH_CPU_ARM_FAMILY)
31 // In debug builds, if we detect stack smashing in old stack frames after
32 // changing the canary, it's nice to let someone know that it's because the
33 // canary changed and they should prevent their function from using stack
35 static bool g_emit_debug_message = false;
38 typedef __attribute__((noreturn)) void(GLibcStackChkFailFunction)();
40 // This overrides glibc's version of __stack_chk_fail(), which is called when
41 // the canary doesn't match.
42 __attribute__((visibility("default"), noinline, noreturn)) void
44 if (g_emit_debug_message) {
47 "Stack smashing detected. The canary was changed during runtime "
48 "(see crbug.com/1206626). You may need to mark your function with "
49 "the no_stack_protector attribute, or just exit() before stack "
50 "smashing occurs. You can also disable this canary-changing feature "
51 "by adding --change-stack-guard-on-fork=disable to the command line.");
54 // Call the real __stack_chk_fail().
55 // Note that dlsym may not be safe to perform since this is called during
56 // corruption, but this code purposely only runs in debug builds and in the
57 // normal case might provide better debug information.
58 GLibcStackChkFailFunction* glibc_stack_chk_fail =
59 reinterpret_cast<GLibcStackChkFailFunction*>(
60 dlsym(RTLD_NEXT, "__stack_chk_fail"));
61 (*glibc_stack_chk_fail)();
64 #endif // !defined(NDEBUG)
66 void NO_STACK_PROTECTOR ResetStackCanaryIfPossible() {
68 base::RandBytes(&canary, sizeof(canary));
69 // First byte should be the null byte for string functions.
70 canary &= ~static_cast<uintptr_t>(0xff);
72 // The x86/x64 offsets should work for musl too.
73 #if defined(ARCH_CPU_X86_64)
74 asm volatile("movq %q0,%%fs:%P1" : : "er"(canary), "i"(0x28));
75 #elif defined(ARCH_CPU_X86)
76 asm volatile("movl %0,%%gs:%P1" : : "ir"(canary), "i"(0x14));
77 #elif defined(ARCH_CPU_ARM_FAMILY)
78 // ARM's stack canary is held on a relro page. So, we'll need to make the page
79 // writable, change the stack canary, and then make the page ro again.
80 // We want to be single-threaded when changing page permissions, since it's
81 // reasonable for other threads to assume that page permissions for global
82 // variables don't change.
83 size_t page_size = base::GetPageSize();
84 uintptr_t __stack_chk_guard_page = base::bits::AlignDown(
85 reinterpret_cast<uintptr_t>(&__stack_chk_guard), page_size);
86 PCHECK(0 == mprotect(reinterpret_cast<void*>(__stack_chk_guard_page),
87 page_size, PROT_READ | PROT_WRITE));
88 __stack_chk_guard = canary;
89 PCHECK(0 == mprotect(reinterpret_cast<void*>(__stack_chk_guard_page),
90 page_size, PROT_READ));
94 void SetStackSmashingEmitsDebugMessage() {
96 g_emit_debug_message = true;
97 #endif // !defined(NDEBUG)
100 #else // defined(LIBC_GLIBC)
102 // We don't know how to reset the canary if not compiling for glibc.
103 void ResetStackCanaryIfPossible() {}
105 void SetStackSmashingEmitsDebugMessage() {}
107 #endif // defined(LIBC_GLIBC)
projects / platform / framework / web / chromium-efl.git / blob