Revision 14322bad
| ID | 14322bad88c46e41b962ff8f4a6f524dd883670c |
linux-user: Define AT_RANDOM to support target stack protection mechanism.
The dynamic linker from the GNU C library v2.10+ uses the ELF
auxiliary vector AT_RANDOM [1] as a pointer to 16 bytes with random
values to initialize the stack protection mechanism. Technically the
emulated GNU dynamic linker crashes due to a NULL pointer
derefencement if it is built with stack protection enabled and if
AT_RANDOM is not defined by the QEMU ELF loader.
[1] This ELF auxiliary vector was introduced in Linux v2.6.29.
This patch can be tested with the code above:
#include <elf.h> /* Elf*_auxv_t, AT_RANDOM, /
#include <stdio.h> / printf(3), /
#include <stdlib.h> / exit(3), EXIT_*, /
#include <stdint.h> / uint8_t, /
#include <string.h> / memcpy(3), */- define Elf_auxv_t Elf64_auxv_t
#else - define Elf_auxv_t Elf32_auxv_t
#endif
main(int argc, char* argv[], char* envp[])
{
Elf_auxv_t *auxv;/* *envp = NULL marks end of envp. */
while (*envp++ != NULL);/* auxv->a_type = AT_NULL marks the end of auxv. */
for (auxv = (Elf_auxv_t *)envp; auxv->a_type != AT_NULL; auxv++) {
if (auxv->a_type == AT_RANDOM) {
int i;
uint8_t rand_bytes[16];printf("AT_RANDOM is: 0x%x\n", auxv->a_un.a_val);
memcpy(rand_bytes, (const uint8_t *)auxv->a_un.a_val, sizeof(rand_bytes));
printf("it points to: ");
for (i = 0; i < 16; i++) {
printf("0x%02x ", rand_bytes[i]);
}
printf("\n");
exit(EXIT_SUCCESS);
}
}
exit(EXIT_FAILURE);
}Changes introduced in v2 and v3:
- Fix typos + thinko (AT_RANDOM is used for stack canary, not for
ASLR)
- AT_RANDOM points to 16 random bytes stored inside the user
stack.
- Add a small test program.
Signed-off-by: Cédric VINCENT <cedric.vincent@st.com>
Signed-off-by: Laurent ALFONSI <laurent.alfonsi@st.com>
Signed-off-by: Riku Voipio <riku.voipio@iki.fi>
Files
- added
- modified
- copied
- renamed
- deleted