#endif
+static void
+security_init (void)
+{
+ /* Set up the stack checker's canary. */
+ uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+#ifdef THREAD_SET_STACK_GUARD
+ THREAD_SET_STACK_GUARD (stack_chk_guard);
+#else
+ __stack_chk_guard = stack_chk_guard;
+#endif
+
+ /* Set up the pointer guard as well, if necessary. */
+ if (GLRO(dl_pointer_guard))
+ {
+ // XXX If it is cheap, we should use a separate value.
+ uintptr_t pointer_chk_guard = stack_chk_guard;
+#ifndef HP_TIMING_NONAVAIL
+ hp_timing_t now;
+ HP_TIMING_NOW (now);
+ pointer_chk_guard ^= now;
+#endif
+#ifdef THREAD_SET_POINTER_GUARD
+ THREAD_SET_POINTER_GUARD (pointer_chk_guard);
+#endif
+ __pointer_chk_guard_local = pointer_chk_guard;
+ }
+}
+
+
/* The library search path. */
static const char *library_path attribute_relro;
/* The list preloaded objects. */
initialize the data structures now. */
tcbp = init_tls ();
+ /* Initialize security features. We need to do it this early
+ since otherwise the constructors of the audit libraries will
+ use different values (especially the pointer guard) and will
+ fail later on. */
+ security_init ();
+
do
{
int tls_idx = GL(dl_tls_max_dtv_idx);
if (tcbp == NULL)
tcbp = init_tls ();
- /* Set up the stack checker's canary. */
- uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
-#ifdef THREAD_SET_STACK_GUARD
- THREAD_SET_STACK_GUARD (stack_chk_guard);
-#else
- __stack_chk_guard = stack_chk_guard;
-#endif
-
- /* Set up the pointer guard as well, if necessary. */
- if (GLRO(dl_pointer_guard))
- {
- // XXX If it is cheap, we should use a separate value.
- uintptr_t pointer_chk_guard = stack_chk_guard;
-#ifndef HP_TIMING_NONAVAIL
- hp_timing_t now;
- HP_TIMING_NOW (now);
- pointer_chk_guard ^= now;
-#endif
-#ifdef THREAD_SET_POINTER_GUARD
- THREAD_SET_POINTER_GUARD (pointer_chk_guard);
-#endif
- __pointer_chk_guard_local = pointer_chk_guard;
- }
+ if (__builtin_expect (audit_list == NULL, 1))
+ /* Initialize security features. But only if we have not done it
+ earlier. */
+ security_init ();
if (__builtin_expect (mode, normal) != normal)
{