Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 08 Nov 2021 09:30:03 +0100
From: Florian Weimer <fweimer@...hat.com>
To: Markus Wichmann <nullplan@....net>
Cc: musl@...ts.openwall.com
Subject: Re: add noexcept to all functions please

* Markus Wichmann:

> On Sun, Nov 07, 2021 at 07:20:21PM +0100, Florian Weimer wrote:
>> I believe the musl cancellation implementation does not use DWARF
>> unwinding.  I do not know if it cancellation handlers have the same
>> hardening gap as glibc's with setjmp-based unwinding.

> I presume you mean the cancel cleanup handling. In that case, musl uses
> a simple linked list, with nodes allocated on stack. No gaps of any
> kind.

The __f function pointer is stored in the node on the stack, along with
the __x argument that is passed by _pthread_cleanup_pop.  This looks
like a convenient on-stack gadget for exploitation purposes.  In musl,
the invocation is in the library itself, so there isn't much choice
there.  In glibc, with -fno-exceptions, we try to avoid this by inlining
the non-cancellation path at the pthread_cleanup_pop point.  But even if
the function pointer is constant, current GCC is no longer able to
produce a direct call.  But with -fexceptions, we do get a direct call.

Thanks,
Florian

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.