ShuriZma
/
xqemu
mirror of https://github.com/xqemu/xqemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xqemu/linux-user
History
Laurent ALFONSI 14322bad88 linux-user: Define AT_RANDOM to support target stack protection mechanism. 
The dynamic linker from the GNU C library v2.10+ uses the ELF
auxiliary vector AT_RANDOM [1] as a pointer to 16 bytes with random
values to initialize the stack protection mechanism.  Technically the
emulated GNU dynamic linker crashes due to a NULL pointer
derefencement if it is built with stack protection enabled and if
AT_RANDOM is not defined by the QEMU ELF loader.

[1] This ELF auxiliary vector was introduced in Linux v2.6.29.

This patch can be tested with the code above:

    #include <elf.h>       /* Elf*_auxv_t, AT_RANDOM, */
    #include <stdio.h>     /* printf(3), */
    #include <stdlib.h>    /* exit(3), EXIT_*, */
    #include <stdint.h>    /* uint8_t, */
    #include <string.h>    /* memcpy(3), */

    #if defined(__LP64__) || defined(__ILP64__) || defined(__LLP64__)
    #    define Elf_auxv_t Elf64_auxv_t
    #else
    #    define Elf_auxv_t Elf32_auxv_t
    #endif

    main(int argc, char* argv[], char* envp[])
    {
        Elf_auxv_t *auxv;

        /* *envp = NULL marks end of envp. */
        while (*envp++ != NULL);

        /* auxv->a_type = AT_NULL marks the end of auxv. */
        for (auxv = (Elf_auxv_t *)envp; auxv->a_type != AT_NULL; auxv++) {
            if (auxv->a_type == AT_RANDOM) {
                int i;
                uint8_t rand_bytes[16];

                printf("AT_RANDOM is: 0x%x\n", auxv->a_un.a_val);
                memcpy(rand_bytes, (const uint8_t *)auxv->a_un.a_val, sizeof(rand_bytes));
                printf("it points to: ");
                for (i = 0; i < 16; i++) {
                    printf("0x%02x ", rand_bytes[i]);
                }
                printf("\n");
                exit(EXIT_SUCCESS);
            }
        }
        exit(EXIT_FAILURE);
    }

Changes introduced in v2 and v3:

    * Fix typos + thinko (AT_RANDOM is used for stack canary, not for
      ASLR)

    * AT_RANDOM points to 16 random bytes stored inside the user
      stack.

    * Add a small test program.

Signed-off-by: Cédric VINCENT <cedric.vincent@st.com>
Signed-off-by: Laurent ALFONSI <laurent.alfonsi@st.com>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
 		2011-06-21 20:30:09 +03:00
..
alpha linux-user: untie syscalls from UID16 2011-04-26 10:15:41 +03:00
arm linux-user/arm/nwfpe: rename REG_PC to ARM_REG_PC 2011-04-25 22:15:31 +02:00
cris Revert "Get rid of _t suffix" 2009-10-01 16:12:16 -05:00
i386 Revert "Get rid of _t suffix" 2009-10-01 16:12:16 -05:00
m68k Revert "Get rid of _t suffix" 2009-10-01 16:12:16 -05:00
microblaze Revert "Get rid of _t suffix" 2009-10-01 16:12:16 -05:00
mips linux-user: fix mips and ppc to use UID16 2010-12-03 15:10:08 +02:00
mips64 Revert "Get rid of _t suffix" 2009-10-01 16:12:16 -05:00
mipsn32 Revert "Get rid of _t suffix" 2009-10-01 16:12:16 -05:00
ppc linux-user: fix mips and ppc to use UID16 2010-12-03 15:10:08 +02:00
s390x s390x: s390x-linux-user support 2011-05-20 17:35:12 +02:00
sh4 Revert "Get rid of _t suffix" 2009-10-01 16:12:16 -05:00
sparc Revert "Get rid of _t suffix" 2009-10-01 16:12:16 -05:00
sparc64 Revert "Get rid of _t suffix" 2009-10-01 16:12:16 -05:00
unicore32 unicore32: add necessry headers in linux-user/unicore32 for unicore32 support 2011-04-12 18:48:43 +00:00
x86_64 Revert "Get rid of _t suffix" 2009-10-01 16:12:16 -05:00
cpu-uname.c linux-user: adapt uname machine to emulated CPU 2010-02-06 17:19:43 +01:00
cpu-uname.h linux-user: adapt uname machine to emulated CPU 2010-02-06 17:19:43 +01:00
elfload.c linux-user: Define AT_RANDOM to support target stack protection mechanism. 2011-06-21 20:30:09 +03:00
errno_defs.h Remove unnecessary trailing newlines 2008-12-13 09:32:43 +00:00
flat.h Support for 32 bit ABI on 64 bit targets (only enabled Sparc64) 2007-10-14 16:27:31 +00:00
flatload.c linux-user/FLAT: allow targets to override FLAT processing 2011-02-09 10:33:54 +02:00
ioctls.h linux-user: add ioctl(SIOCGIWNAME, ...) support. 2011-04-26 10:15:41 +03:00
linux_loop.h Fix build failure with old kernel headers (loop.h is incompatible with 2008-05-23 16:06:43 +00:00
linuxload.c Remove dead code for ARM semihosting commandline handling 2011-01-07 18:20:57 +02:00
m68k-sim.c linux-user: Fix typo m86k -> m68k 2010-10-05 13:53:56 -05:00
main.c Command line support for altering the log file location 2011-06-15 16:51:24 +00:00
mmap.c Fix typo in comment (truely -> truly) 2011-05-08 10:02:18 +01:00
qemu-types.h linux-user: Move abi_* typedefs into qemu-types.h 2008-12-08 18:12:04 +00:00
qemu.h Fix typos in comments (neccessary -> necessary) 2011-05-08 10:02:18 +01:00
signal.c Don't translate pointer when in restore_sigcontext 2011-06-20 17:00:18 +03:00
socket.h Various linux-user structures and definitions fixes for PowerPC targets. 2007-12-10 08:24:59 +00:00
strace.c linux-user: Fix compilation for "old" linux versions 2011-05-02 10:00:01 +03:00
strace.list linux-user: improve traces 2011-04-26 10:15:40 +03:00
syscall.c linux-user: add pselect6 syscall support 2011-06-21 20:30:09 +03:00
syscall_defs.h s390x: s390x-linux-user support 2011-05-20 17:35:12 +02:00
syscall_types.h linux-user: Implement FS_IOC_FIEMAP ioctl 2011-01-07 17:20:58 +02:00
target_flat.h linux-user/FLAT: allow targets to override FLAT processing 2011-02-09 10:33:54 +02:00
uaccess.c Fix missing strnlen problems 2009-07-01 18:24:44 +00:00
vm86.c Update to a hopefully more future proof FSF address 2009-07-16 20:47:01 +00:00