Add XOR cookies for r1 (stack) and lr. Switch from calling obsolete

sig{block,setmask} to directly using the sigprocmask syscall. Rewrite sig{set,long}jmp based on {set,long}jmp to avoid the deprecated store/load-multiple instructions. in snaps; ok deraadt@
author: guenther <guenther@openbsd.org> 2016-05-22 23:56:30 +0000
committer: guenther <guenther@openbsd.org> 2016-05-22 23:56:30 +0000
commit: 31f02ad1a19b3bee49d8578f585f2312143285f9 (patch)
tree: ae9d9b89aca0e14c5048b709d443eb994dc65820 /lib/libc
parent: cope with simplified chared/read interface (diff)
download: wireguard-openbsd-31f02ad1a19b3bee49d8578f585f2312143285f9.tar.xz
wireguard-openbsd-31f02ad1a19b3bee49d8578f585f2312143285f9.zip
2 files changed, 209 insertions, 108 deletions
diff --git a/lib/libc/arch/powerpc/gen/setjmp.S b/lib/libc/arch/powerpc/gen/setjmp.S
index 0474184f857..90b6c11428b 100644
--- a/lib/libc/arch/powerpc/gen/setjmp.S
+++ b/lib/libc/arch/powerpc/gen/setjmp.S
@@ -1,4 +1,4 @@
-/*	$OpenBSD: setjmp.S,v 1.10 2016/05/15 05:48:24 guenther Exp $ */
+/*	$OpenBSD: setjmp.S,v 1.11 2016/05/22 23:56:30 guenther Exp $ */
 /*
  * Copyright (c) 1996 Dale Rahn. All rights reserved.
  *
@@ -54,36 +54,37 @@
 #define JMP_xer	0x5c
 #define JMP_sig	0x60
 
+	.section	.openbsd.randomdata,"aw",@progbits
+	.align	8
+	.globl	__jmpxor
+	.hidden	__jmpxor
+__jmpxor:
+	.zero	4*2		# (r1, lr)
+	END(__jmpxor)
+	.type	__jmpxor,@object
 
-.extern _libc_sigblock
 
 ENTRY(setjmp)
-	/* r31, mask */
-	stw 31, JMP_r31(3)
-	mflr 0
-	stw 0, JMP_lr(3)
-#ifdef __PIC__
-	stw 30, JMP_r30(3)
-	bcl 20, 31, 1f
-1:	mflr 30
-	addis 30, 30, _GLOBAL_OFFSET_TABLE_-1b@ha
-	addi 30, 30, _GLOBAL_OFFSET_TABLE_-1b@l
-#endif
-	mr 31, 3
-	li 3, 0
-	bl PIC_PLT(_libc_sigblock)
-	stw 3, JMP_sig(31)
-	mr 3, 31
-#ifdef __PIC__
-	lwz 30, JMP_r30(3)
-#endif
-	lwz 0, JMP_lr(3)
-	mtlr 0
-	lwz 31, JMP_r31(3)
+	mr	5, 3			/* save jmpbuf addr in r5 */
+	li	3, 1			/* how = SIG_BLOCK */
+	li	4, 0			/* oset = empty */
+	li	0, SYS_sigprocmask
+	sc
+	stw	3, JMP_sig(5)
+	mr	3, 5
 ENTRY(_setjmp)
-	stw 31, JMP_r31(3)
-	/* r1, r14-r30 */
-	stw 1,  JMP_r1 (3)
+	mflr	6
+	bcl	20, 31, 1f
+1:	mflr	7
+	addis	7, 7, __jmpxor-1b@ha
+	addi	7, 7, __jmpxor-1b@l
+	mtlr	6
+	lwz	0, 0(7)			/* xor for r1 */
+	lwz	7, 4(7)			/* xor for lr, overwrite addr */
+
+	/* r1, r14-r31 */
+	xor  0, 0, 1			/* use and overwrite the r1 xor */
+	stw  0, JMP_r1 (3)
 	stw 14, JMP_r14(3)
 	stw 15, JMP_r15(3)
 	stw 16, JMP_r16(3)
@@ -101,11 +102,13 @@ ENTRY(_setjmp)
 	stw 28, JMP_r28(3)
 	stw 29, JMP_r29(3)
 	stw 30, JMP_r30(3)
+	stw 31, JMP_r31(3)
 	/* cr, lr, ctr, xer */
 	mfcr 0
 	stw 0, JMP_cr(3)
-	mflr 0
-	stw 0, JMP_lr(3)
+	/* "mflr 6" done at start of _setjmp() */
+	xor  7, 6, 7			/* use and overwrite the lr xor */
+	stw 7, JMP_lr(3)
 	mfctr 0
 	stw 0, JMP_ctr(3)
 	mfxer 0
@@ -116,28 +119,28 @@ ENTRY(_setjmp)
 END(_setjmp)
 END(setjmp)
 
-.extern _libc_sigsetmask
+
 ENTRY(longjmp)
-	/* r31, mask */
-	mr 29, 3
-	mr 31, 4
-#ifdef __PIC__
-	mflr 0
-	bcl 20, 31, 1f
-1:	mflr 30
-	addis 30, 30, _GLOBAL_OFFSET_TABLE_-1b@ha
-	addi 30, 30, _GLOBAL_OFFSET_TABLE_-1b@l
-	mtlr 0
-#endif
-	lwz 3, JMP_sig(3)
-	bl PIC_PLT(_libc_sigsetmask)
-	/* should we deal with sigonstack here ?? */
-	mr 4, 31
-	mr 3, 29
+	mr	5, 3			/* save jmpbuf addr in r5 */
+	mr	6, 4			/* save val in r6 */
+	li	3, 3			/* how = SIG_SETMASK */
+	lwz	4, JMP_sig(5)		/* oset from the jmpbuf */
+	li	0, SYS_sigprocmask
+	sc
+	mr	3, 5			/* restore jmpbuf and val to r3,r4 */
+	mr	4, 6
+
 ENTRY(_longjmp)
-	lwz 31, JMP_r31(3)
+	bcl	20, 31, 1f
+1:	mflr	9
+	addis	9, 9, __jmpxor-1b@ha
+	addi	9, 9, __jmpxor-1b@l
+	lwz	8, 0(9)			/* xor for r1 */
+	lwz	9, 4(9)			/* xor for lr, overwrite addr */
+
 	/* r1, r14-r30 */
-	lwz 1,  JMP_r1 (3)
+	lwz  0, JMP_r1 (3)
+	xor  1, 0, 8			/* use the r1 xor */
 	lwz 14, JMP_r14(3)
 	lwz 15, JMP_r15(3)
 	lwz 16, JMP_r16(3)
@@ -155,23 +158,24 @@ ENTRY(_longjmp)
 	lwz 28, JMP_r28(3)
 	lwz 29, JMP_r29(3)
 	lwz 30, JMP_r30(3)
+	lwz 31, JMP_r31(3)
 	/* cr, lr, ctr, xer */
-	lwz 0, JMP_cr(3)
-	mtcr 0
+	lwz 8, JMP_cr(3)		/* overwrite the r1 xor */
+	mtcr 8
 	lwz 0, JMP_lr(3)
+	xor  0, 0, 9			/* use the lr xor */
 	mtlr 0
-	lwz 0, JMP_ctr(3)
-	mtctr 0
+	lwz 9, JMP_ctr(3)		/* overwrite the lr xor */
+	mtctr 9
 	lwz 0, JMP_xer(3)
 	mtxer 0
 	/* f14-f31, fpscr */
 
 	/* if r4 == 0, return 1, not 0 */
 	mr	3, 4
-	cmpwi	4,0
-	bne	1f
+	cmpwi	4, 0
+	bnelr
 	li	3, 1
-1:
 	blr
 END(_longjmp)
 END(longjmp)
diff --git a/lib/libc/arch/powerpc/gen/sigsetjmp.S b/lib/libc/arch/powerpc/gen/sigsetjmp.S
index 1136d689bfb..2667c711705 100644
--- a/lib/libc/arch/powerpc/gen/sigsetjmp.S
+++ b/lib/libc/arch/powerpc/gen/sigsetjmp.S
@@ -1,12 +1,8 @@
-/*	$OpenBSD: sigsetjmp.S,v 1.6 2016/05/15 05:48:24 guenther Exp $	*/
-
-/*-
- * Copyright (c) 1990 The Regents of the University of California.
- * All rights reserved.
- *
- * This code is derived from software contributed to Berkeley by
- * William Jolitz.
+/*	$OpenBSD: sigsetjmp.S,v 1.7 2016/05/22 23:56:30 guenther Exp $ */
+/*
+ * Copyright (c) 1996 Dale Rahn. All rights reserved.
  *
+ *   
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -15,63 +11,164 @@
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the University nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
  *
- *	from: @(#)setjmp.s	5.1 (Berkeley) 4/23/90"
- */
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */  
 
 #include "SYS.h"
 #include <machine/asm.h>
 
+#define JMP_sigflag	0x00
+#define JMP_r1		0x04
+#define JMP_r14		0x08
+#define JMP_r15		0x0c
+#define JMP_r16		0x10
+#define JMP_r17		0x14
+#define JMP_r18		0x18
+#define JMP_r19		0x1c
+#define JMP_r20		0x20
+#define JMP_r21		0x24
+#define JMP_r22		0x28
+#define JMP_r23		0x2c
+#define JMP_r24		0x30
+#define JMP_r25		0x34
+#define JMP_r26		0x38
+#define JMP_r27		0x3c
+#define JMP_r28		0x40
+#define JMP_r29		0x44
+#define JMP_r30		0x48
+#define JMP_r31		0x4c
+#define JMP_lr		0x50
+#define JMP_cr		0x54
+#define JMP_ctr		0x58
+#define JMP_xer		0x5c
+#define JMP_sigmask	0x60
+
+	.extern	__jmpxor
+
+/* int sigsetjmp(sigjmp_buf env, int savemask) */
 ENTRY(sigsetjmp)
-	mr	6,3
-	or.	7,4,4
+	mr	5, 3			/* save jmpbuf addr in r5 */
+	stw	4, JMP_sigflag(5)
+	or.	4, 4, 4
 	beq	1f
-	li	3,1			# SIG_BLOCK
-	li	4,0
-	li	0,SYS_sigprocmask
-	sc				# assume no error	XXX
-1:
-	mflr	11
-	mfcr	12
-	mr	10,1
-	mr	9,2
-	mr	8,3
-	stmw	7,0(6)
-	li	3,0
+	li	3, 1			/* how = SIG_BLOCK */
+	li	4, 0			/* oset = empty */
+	li	0, SYS_sigprocmask
+	sc
+	stw	3, JMP_sigmask(5)
+1:	mflr	6
+	bcl	20, 31, 2f
+2:	mflr	7
+	addis	7, 7, __jmpxor-2b@ha
+	addi	7, 7, __jmpxor-2b@l
+	mtlr	6
+	lwz	0, 0(7)			/* xor for r1 */
+	lwz	7, 4(7)			/* xor for lr, overwrite addr */
+
+	/* r1, r14-r31 */
+	xor  0, 0, 1			/* use and overwrite the r1 xor */
+	/* "mflr 6" done at 1: above */
+	xor  7, 6, 7			/* use and overwrite the lr xor */
+	stw 7, JMP_lr(5)
+	stw  0, JMP_r1 (5)
+	stw 14, JMP_r14(5)
+	stw 15, JMP_r15(5)
+	stw 16, JMP_r16(5)
+	stw 17, JMP_r17(5)
+	stw 18, JMP_r18(5)
+	stw 19, JMP_r19(5)
+	stw 20, JMP_r20(5)
+	stw 21, JMP_r21(5)
+	stw 22, JMP_r22(5)
+	stw 23, JMP_r23(5)
+	stw 24, JMP_r24(5)
+	stw 25, JMP_r25(5)
+	stw 26, JMP_r26(5)
+	stw 27, JMP_r27(5)
+	stw 28, JMP_r28(5)
+	stw 29, JMP_r29(5)
+	stw 30, JMP_r30(5)
+	stw 31, JMP_r31(5)
+	/* cr, lr, ctr, xer */
+	mfcr 0
+	stw 0, JMP_cr(5)
+	mfctr 0
+	stw 0, JMP_ctr(5)
+	mfxer 0
+	stw 0, JMP_xer(5)
+	/* f14-f31, fpscr */
+	li 3, 0
 	blr
 END(sigsetjmp)
 
+
+/* int siglongjmp(sigjmp_buf env, int val) */
 ENTRY(siglongjmp)
-	lmw	7,0(3)
-	mr	6,4
-	mtlr	11
-	mtcr	12
-	mr	2,9
-	mr	1,10
-	or.	7,7,7
+	mr	5, 3			/* save jmpbuf addr in r5 */
+	mr	6, 4			/* save val in r6 */
+	lwz	4, JMP_sigflag(5)	/* do we need to restore sigmask? */
+	or.	4, 4, 4
 	beq	1f
-	mr	4,8
-	li	3,3			# SIG_SETMASK
-	li	0,SYS_sigprocmask
-	sc				# assume no error	XXX
-1:
-	or.	3,6,6
+
+	li	3, 3			/* how = SIG_SETMASK */
+	lwz	4, JMP_sigmask(5)	/* oset from the jmpbuf */
+	li	0, SYS_sigprocmask
+	sc
+
+1:	bcl	20, 31, 2f
+2:	mflr	9
+	addis	9, 9, __jmpxor-2b@ha
+	addi	9, 9, __jmpxor-2b@l
+	lwz	8, 0(9)			/* xor for r1 */
+	lwz	9, 4(9)			/* xor for lr, overwrite addr */
+
+	/* r1, r14-r31 */
+	lwz  0, JMP_r1(5)
+	xor  1, 0, 8			/* use the r1 xor */
+	lwz 14, JMP_r14(5)
+	lwz 15, JMP_r15(5)
+	lwz 16, JMP_r16(5)
+	lwz 17, JMP_r17(5)
+	lwz 18, JMP_r18(5)
+	lwz 19, JMP_r19(5)
+	lwz 20, JMP_r20(5)
+	lwz 21, JMP_r21(5)
+	lwz 22, JMP_r22(5)
+	lwz 23, JMP_r23(5)
+	lwz 24, JMP_r24(5)
+	lwz 25, JMP_r25(5)
+	lwz 26, JMP_r26(5)
+	lwz 27, JMP_r27(5)
+	lwz 28, JMP_r28(5)
+	lwz 29, JMP_r29(5)
+	lwz 30, JMP_r30(5)
+	lwz 31, JMP_r31(5)
+	/* cr, lr, ctr, xer */
+	lwz 8, JMP_cr(5)		/* overwrite the r1 xor */
+	mtcr 8
+	lwz 0, JMP_lr(5)
+	xor  0, 0, 9			/* use the lr xor */
+	mtlr 0
+	lwz 9, JMP_ctr(5)		/* overwrite the lr xor */
+	mtctr 9
+	lwz 0, JMP_xer(5)
+	mtxer 0
+	/* f14-f31, fpscr */
+
+	/* if r6 == 0, return 1, not 0 */
+	mr	3, 6
+	cmpwi	6, 0
 	bnelr
-	li	3,1
+	li	3, 1
 	blr
 END(siglongjmp)
author	guenther <guenther@openbsd.org>	2016-05-22 23:56:30 +0000
committer	guenther <guenther@openbsd.org>	2016-05-22 23:56:30 +0000
commit	31f02ad1a19b3bee49d8578f585f2312143285f9 (patch)
tree	ae9d9b89aca0e14c5048b709d443eb994dc65820 /lib/libc
parent	cope with simplified chared/read interface (diff)
download	wireguard-openbsd-31f02ad1a19b3bee49d8578f585f2312143285f9.tar.xz wireguard-openbsd-31f02ad1a19b3bee49d8578f585f2312143285f9.zip