* elf/Versions [GLIBC_PRIVATE]: Export __pointer_chk_guard if defined.

	* elf/rtld.c: Define __pointer_chk_guard_local and if necessary
	__pointer_chk_guard.
	(_rtld_global_ro): Initialize _dl_pointer_guard.
	(dl_main): Initialize __pointer_chk_guard_local and either
	__pointer_chk_guard or TLS value if necessary.
	(process_envvars): Recognize and handle LD_POINTER_GUARD.
	* sysdeps/generic/ldsodefs.h (rtld_global_ro): Add _dl_pointer_guard.
	* sysdeps/i386/__longjmp.S: Use PTR_DEMANGLE for PC if defined.
	* sysdeps/x86_64/__longjmp.S: Likewise.
	* sysdeps/i386/bsd-_setjmp.S: Use PTR_MANGLE for PC if defined.
	* sysdeps/i386/bsd-_setjmp.S: Likewise.
	* sysdeps/i386/setjmp.S: Likewise.
	[IS_IN_rtld]: Avoid call to __sigjmp_save.
	* sysdeps/i386/setjmp.S: Likewise.
	* sysdeps/unix/sysv/linux/i386/sysdep.h: Define PTR_MANGLE and
	PTR_DEMANGLE.
	* sysdeps/unix/sysv/linux/x86_64/sysdep.h: Likewise.

	* sysdeps/i386/elf/setjmp.S: Removed.
	* sysdeps/i386/elf/bsd-setjmp.S: Removed.

ChangeLog

@@ -1,5 +1,27 @@
 2005-12-17  Ulrich Drepper  <drepper@redhat.com>
 
+	* elf/Versions [GLIBC_PRIVATE]: Export __pointer_chk_guard if defined.
+	* elf/rtld.c: Define __pointer_chk_guard_local and if necessary
+	__pointer_chk_guard.
+	(_rtld_global_ro): Initialize _dl_pointer_guard.
+	(dl_main): Initialize __pointer_chk_guard_local and either
+	__pointer_chk_guard or TLS value if necessary.
+	(process_envvars): Recognize and handle LD_POINTER_GUARD.
+	* sysdeps/generic/ldsodefs.h (rtld_global_ro): Add _dl_pointer_guard.
+	* sysdeps/i386/__longjmp.S: Use PTR_DEMANGLE for PC if defined.
+	* sysdeps/x86_64/__longjmp.S: Likewise.
+	* sysdeps/i386/bsd-_setjmp.S: Use PTR_MANGLE for PC if defined.
+	* sysdeps/i386/bsd-_setjmp.S: Likewise.
+	* sysdeps/i386/setjmp.S: Likewise.
+	[IS_IN_rtld]: Avoid call to __sigjmp_save.
+	* sysdeps/i386/setjmp.S: Likewise.
+	* sysdeps/unix/sysv/linux/i386/sysdep.h: Define PTR_MANGLE and
+	PTR_DEMANGLE.
+	* sysdeps/unix/sysv/linux/x86_64/sysdep.h: Likewise.
+
+	* sysdeps/i386/elf/setjmp.S: Removed.
+	* sysdeps/i386/elf/bsd-setjmp.S: Removed.
+
 	* elf/dl-error.c (_dl_catch_error): Use __sigsetgjmp instead of
 	setjmp.
 	* elf/dl-error.c (_dl_signal_error): Use __longjmp instead of longjmp.

elf/Versions

@@ -60,5 +60,7 @@ ld {
     _dl_make_stack_executable;
     # Only here for gdb while a better method is developed.
     _dl_debug_state;
+    # Pointer protection.
+    __pointer_chk_guard;
   }
 }

elf/rtld.c

@@ -90,6 +90,15 @@ INTDEF(_dl_argv)
 uintptr_t __stack_chk_guard attribute_relro;
 #endif
 
+/* Only exported for architectures that don't store the pointer guard
+   value in thread local area.  */
+uintptr_t __pointer_chk_guard_local
+     attribute_relro attribute_hidden __attribute__ ((nocommon));
+#ifndef THREAD_SET_POINTER_GUARD
+strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
+#endif
+
+
 /* List of auditing DSOs.  */
 static struct audit_list
 {
@@ -142,6 +151,7 @@ struct rtld_global_ro _rtld_global_ro attribute_relro =
     ._dl_hwcap_mask = HWCAP_IMPORTANT,
     ._dl_lazy = 1,
     ._dl_fpu_control = _FPU_DEFAULT,
+    ._dl_pointer_guard = 1,
 
     /* Function pointers.  */
     ._dl_debug_printf = _dl_debug_printf,
@@ -1823,6 +1833,20 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
   __stack_chk_guard = stack_chk_guard;
 #endif
 
+  /* Set up the pointer guard as well, if necessary.  */
+  if (GLRO(dl_pointer_guard))
+    {
+      // XXX If it is cheap, we should use a separate value.
+      uintptr_t pointer_chk_guard;
+      hp_timing_t now;
+      HP_TIMING_NOW (now);
+      pointer_chk_guard = stack_chk_guard ^ now;
+#ifdef THREAD_SET_POINTER_GUARD
+      THREAD_SET_POINTER_GUARD (pointer_chk_guard);
+#endif
+      __pointer_chk_guard_local = pointer_chk_guard;
+    }
+
   if (__builtin_expect (mode, normal) != normal)
     {
       /* We were run just to list the shared libraries.  It is
@@ -2575,7 +2599,13 @@ process_envvars (enum mode *modep)
 #endif
 	  if (!INTUSE(__libc_enable_secure)
 	      && memcmp (envline, "USE_LOAD_BIAS", 13) == 0)
-	    GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0;
+	    {
+	      GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0;
+	      break;
+	    }
+
+	  if (memcmp (envline, "POINTER_GUARD", 13) == 0)
+	    GLRO(dl_pointer_guard) = envline[14] == '0';
 	  break;
 
 	case 14:

nptl/ChangeLog

@@ -1,3 +1,13 @@
+2005-12-17  Ulrich Drepper  <drepper@redhat.com>
+
+	* pthread_create.c (__pthread_create_2_1): Use
+	THREAD_COPY_POINTER_GUARD if available.
+	* sysdeps/i386/tcb-offsets.sym: Add POINTER_GUARD.
+	* sysdeps/x86_64/tcb-offsets.sym: Likewise.
+	* sysdeps/i386/tls.h (tcbhead_t): Add pointer_guard.
+	Define THREAD_SET_POINTER_GUARD and THREAD_COPY_POINTER_GUARD.
+	* sysdeps/x86_64/tls.h: Likewise.
+
 2005-12-15  Roland McGrath  <roland@redhat.com>
 
 	* sysdeps/unix/sysv/linux/mq_notify.c: Don't use sysdeps/generic.

nptl/pthread_create.c

@@ -415,6 +415,11 @@ __pthread_create_2_1 (newthread, attr, start_routine, arg)
   THREAD_COPY_STACK_GUARD (pd);
 #endif
 
+  /* Copy the pointer guard value.  */
+#ifdef THREAD_COPY_POINTER_GUARD
+  THREAD_COPY_POINTER_GUARD (pd);
+#endif
+
   /* Determine scheduling parameters for the thread.  */
   if (attr != NULL
       && __builtin_expect ((iattr->flags & ATTR_FLAG_NOTINHERITSCHED) != 0, 0)

nptl/sysdeps/i386/tcb-offsets.sym

@@ -11,3 +11,4 @@ SYSINFO_OFFSET		offsetof (tcbhead_t, sysinfo)
 CLEANUP			offsetof (struct pthread, cleanup)
 CLEANUP_PREV		offsetof (struct _pthread_cleanup_buffer, __prev)
 MUTEX_FUTEX		offsetof (pthread_mutex_t, __data.__lock)
+POINTER_GUARD		offsetof (tcbhead_t, pointer_guard)

nptl/sysdeps/i386/tls.h

@@ -50,6 +50,7 @@ typedef struct
   int multiple_threads;
   uintptr_t sysinfo;
   uintptr_t stack_guard;
+  uintptr_t pointer_guard;
 } tcbhead_t;
 
 # define TLS_MULTIPLE_THREADS_IN_TCB 1
@@ -425,6 +426,14 @@ union user_desc_init
    = THREAD_GETMEM (THREAD_SELF, header.stack_guard))
 
 
+/* Set the pointer guard field in the TCB head.  */
+#define THREAD_SET_POINTER_GUARD(value) \
+  THREAD_SETMEM (THREAD_SELF, header.pointer_guard, value)
+#define THREAD_COPY_POINTER_GUARD(descr) \
+  ((descr)->header.pointer_guard					      \
+   = THREAD_GETMEM (THREAD_SELF, header.pointer_guard))
+
+
 #endif /* __ASSEMBLER__ */
 
 #endif	/* tls.h */

nptl/sysdeps/x86_64/tcb-offsets.sym

@@ -10,3 +10,4 @@ CLEANUP			offsetof (struct pthread, cleanup)
 CLEANUP_PREV		offsetof (struct _pthread_cleanup_buffer, __prev)
 MUTEX_FUTEX		offsetof (pthread_mutex_t, __data.__lock)
 MULTIPLE_THREADS_OFFSET	offsetof (tcbhead_t, multiple_threads)
+POINTER_GUARD		offsetof (tcbhead_t, pointer_guard)

nptl/sysdeps/x86_64/tls.h

@@ -49,6 +49,7 @@ typedef struct
   int multiple_threads;
   uintptr_t sysinfo;
   uintptr_t stack_guard;
+  uintptr_t pointer_guard;
 } tcbhead_t;
 
 #else /* __ASSEMBLER__ */
@@ -329,6 +330,15 @@ typedef struct
     ((descr)->header.stack_guard					      \
      = THREAD_GETMEM (THREAD_SELF, header.stack_guard))
 
+
+/* Set the pointer guard field in the TCB head.  */
+#define THREAD_SET_POINTER_GUARD(value) \
+  THREAD_SETMEM (THREAD_SELF, header.pointer_guard, value)
+#define THREAD_COPY_POINTER_GUARD(descr) \
+  ((descr)->header.pointer_guard					      \
+   = THREAD_GETMEM (THREAD_SELF, header.pointer_guard))
+
+
 #endif /* __ASSEMBLER__ */
 
 #endif	/* tls.h */

sysdeps/generic/ldsodefs.h

@@ -623,6 +623,9 @@ struct rtld_global_ro
   /* Expected cache ID.  */
   EXTERN int _dl_correct_cache_id;
 
+  /* 0 if internal pointer values should not be guarded, 1 if they should.  */
+  EXTERN int _dl_pointer_guard;
+
   /* Mask for hardware capabilities that are available.  */
   EXTERN uint64_t _dl_hwcap;
 

sysdeps/i386/__longjmp.S

@@ -1,5 +1,5 @@
 /* longjmp for i386.
-   Copyright (C) 1995,1996,1997,1998,2000,2002 Free Software Foundation, Inc.
+   Copyright (C) 1995-1998,2000,2002,2005 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -44,6 +44,9 @@ ENTRY (BP_SYM (__longjmp))
 	movl (JB_DI*4)(%ecx), %edi
 	movl (JB_BP*4)(%ecx), %ebp
 	movl (JB_SP*4)(%ecx), %esp
+#ifdef PTR_DEMANGLE
+	PTR_DEMANGLE (%edx)
+#endif
 	/* Jump to saved PC.  */
      	jmp *%edx
 END (BP_SYM (__longjmp))

sysdeps/i386/bsd-_setjmp.S

@@ -1,5 +1,5 @@
 /* BSD `_setjmp' entry point to `sigsetjmp (..., 0)'.  i386 version.
-   Copyright (C) 1994-1997,2000,2001,2002 Free Software Foundation, Inc.
+   Copyright (C) 1994-1997,2000-2002,2005 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -46,6 +46,9 @@ ENTRY (BP_SYM (_setjmp))
 	leal JMPBUF(%esp), %ecx	/* Save SP as it will be after we return.  */
      	movl %ecx, (JB_SP*4)(%edx)
 	movl PCOFF(%esp), %ecx	/* Save PC we are returning to now.  */
+#ifdef PTR_MANGLE
+	PTR_MANGLE (%ecx)
+#endif
      	movl %ecx, (JB_PC*4)(%edx)
 	LEAVE
 	movl %ebp, (JB_BP*4)(%edx) /* Save caller's frame pointer.  */

sysdeps/i386/bsd-setjmp.S

@@ -28,6 +28,10 @@
 #include "bp-sym.h"
 #include "bp-asm.h"
 
+#define PARMS  LINKAGE		/* no space for saved regs */
+#define JMPBUF PARMS
+#define SIGMSK JMPBUF+PTR_SIZE
+
 ENTRY (BP_SYM (setjmp))
 	/* Note that we have to use a non-exported symbol in the next
 	   jump since otherwise gas will emit it as a jump through the
@@ -44,6 +48,9 @@ ENTRY (BP_SYM (setjmp))
 	leal JMPBUF(%esp), %ecx	/* Save SP as it will be after we return.  */
      	movl %ecx, (JB_SP*4)(%eax)
 	movl PCOFF(%esp), %ecx	/* Save PC we are returning to now.  */
+#ifdef PTR_MANGLE
+	PTR_MANGLE (%ecx)
+#endif
      	movl %ecx, (JB_PC*4)(%eax)
 	LEAVE /* pop frame pointer to prepare for tail-call.  */
 	movl %ebp, (JB_BP*4)(%eax) /* Save caller's frame pointer.  */