diff options
author | Theo de Raadt <deraadt@cvs.openbsd.org> | 2020-10-18 14:28:19 +0000 |
---|---|---|
committer | Theo de Raadt <deraadt@cvs.openbsd.org> | 2020-10-18 14:28:19 +0000 |
commit | 81a42b0abcdedc2a5538a98fa140b5c905c37f13 (patch) | |
tree | 13de44cacdce2db993f272ce7e0db0df213b0388 | |
parent | 81c0077baa3d0d74d74a14320f14425416016856 (diff) |
SYS___threxit cannot fail, but this integration looks like a gadget.
Put a hard-trap instruction after the syscall instruction.
ok kettenis mortimer
-rw-r--r-- | lib/libc/arch/aarch64/sys/tfork_thread.S | 3 | ||||
-rw-r--r-- | lib/libc/arch/alpha/sys/tfork_thread.S | 3 | ||||
-rw-r--r-- | lib/libc/arch/amd64/sys/tfork_thread.S | 3 | ||||
-rw-r--r-- | lib/libc/arch/arm/sys/tfork_thread.S | 3 | ||||
-rw-r--r-- | lib/libc/arch/hppa/sys/tfork_thread.S | 3 | ||||
-rw-r--r-- | lib/libc/arch/i386/sys/tfork_thread.S | 3 | ||||
-rw-r--r-- | lib/libc/arch/m88k/sys/tfork_thread.S | 4 | ||||
-rw-r--r-- | lib/libc/arch/mips64/sys/tfork_thread.S | 3 | ||||
-rw-r--r-- | lib/libc/arch/powerpc/sys/tfork_thread.S | 4 | ||||
-rw-r--r-- | lib/libc/arch/powerpc64/sys/tfork_thread.S | 3 | ||||
-rw-r--r-- | lib/libc/arch/sparc64/sys/tfork_thread.S | 3 |
11 files changed, 24 insertions, 11 deletions
diff --git a/lib/libc/arch/aarch64/sys/tfork_thread.S b/lib/libc/arch/aarch64/sys/tfork_thread.S index 6dca582bd31..18cb9fa474e 100644 --- a/lib/libc/arch/aarch64/sys/tfork_thread.S +++ b/lib/libc/arch/aarch64/sys/tfork_thread.S @@ -1,4 +1,4 @@ -/* $OpenBSD: tfork_thread.S,v 1.4 2020/10/01 01:05:40 guenther Exp $ */ +/* $OpenBSD: tfork_thread.S,v 1.5 2020/10/18 14:28:16 deraadt Exp $ */ /* * Copyright (c) 2005 Dale Rahn <drahn@openbsd.org> * @@ -43,5 +43,6 @@ ENTRY(__tfork_thread) mov x0, x3 blr x2 SYSTRAP(__threxit) + .word 0xa000f7f0 /* illegal on all cpus? */ .cfi_endproc END(__tfork_thread) diff --git a/lib/libc/arch/alpha/sys/tfork_thread.S b/lib/libc/arch/alpha/sys/tfork_thread.S index 9b84cd0158a..ef96a69ba8a 100644 --- a/lib/libc/arch/alpha/sys/tfork_thread.S +++ b/lib/libc/arch/alpha/sys/tfork_thread.S @@ -1,4 +1,4 @@ -/* $OpenBSD: tfork_thread.S,v 1.2 2012/06/21 00:56:59 guenther Exp $ */ +/* $OpenBSD: tfork_thread.S,v 1.3 2020/10/18 14:28:17 deraadt Exp $ */ /* * Copyright (c) 2005, Miodrag Vallat @@ -52,5 +52,6 @@ LEAF(__tfork_thread,0) mov zero, a0 CALLSYS_NOERROR(__threxit) + halt END(__tfork_thread) diff --git a/lib/libc/arch/amd64/sys/tfork_thread.S b/lib/libc/arch/amd64/sys/tfork_thread.S index 647f070cbcc..b543296b04e 100644 --- a/lib/libc/arch/amd64/sys/tfork_thread.S +++ b/lib/libc/arch/amd64/sys/tfork_thread.S @@ -1,4 +1,4 @@ -/* $OpenBSD: tfork_thread.S,v 1.9 2020/10/01 01:05:40 guenther Exp $ */ +/* $OpenBSD: tfork_thread.S,v 1.10 2020/10/18 14:28:17 deraadt Exp $ */ /*- * Copyright (c) 2000 Peter Wemm <peter@FreeBSD.org> * Copyright (c) 2003 Alan L. Cox <alc@cs.rice.edu> @@ -89,6 +89,7 @@ ENTRY(__tfork_thread) movl $SYS___threxit, %eax xorl %edi, %edi syscall + int3 /* * Branch here if the thread creation fails: diff --git a/lib/libc/arch/arm/sys/tfork_thread.S b/lib/libc/arch/arm/sys/tfork_thread.S index 6b0a624a62d..b5714d7ac53 100644 --- a/lib/libc/arch/arm/sys/tfork_thread.S +++ b/lib/libc/arch/arm/sys/tfork_thread.S @@ -1,4 +1,4 @@ -/* $OpenBSD: tfork_thread.S,v 1.4 2016/08/06 19:16:09 guenther Exp $ */ +/* $OpenBSD: tfork_thread.S,v 1.5 2020/10/18 14:28:17 deraadt Exp $ */ /* * Copyright (c) 2005 Dale Rahn <drahn@openbsd.org> * @@ -37,4 +37,5 @@ ENTRY(__tfork_thread) mov pc, r2 nop SYSTRAP(__threxit) + .word 0xa000f7f0 /* illegal on all cpus? */ END(__tfork_thread) diff --git a/lib/libc/arch/hppa/sys/tfork_thread.S b/lib/libc/arch/hppa/sys/tfork_thread.S index 65a8af3c514..0d51179d3b6 100644 --- a/lib/libc/arch/hppa/sys/tfork_thread.S +++ b/lib/libc/arch/hppa/sys/tfork_thread.S @@ -1,4 +1,4 @@ -/* $OpenBSD: tfork_thread.S,v 1.2 2012/06/21 00:56:59 guenther Exp $ */ +/* $OpenBSD: tfork_thread.S,v 1.3 2020/10/18 14:28:17 deraadt Exp $ */ /* * Copyright (c) 2005, Miodrag Vallat @@ -45,6 +45,7 @@ ENTRY(__tfork_thread, 0) copy r0, arg0 SYSCALL(__threxit) + break 0, 0 1: bv r0(rp) diff --git a/lib/libc/arch/i386/sys/tfork_thread.S b/lib/libc/arch/i386/sys/tfork_thread.S index f1f82c30d5b..dfafb9139b6 100644 --- a/lib/libc/arch/i386/sys/tfork_thread.S +++ b/lib/libc/arch/i386/sys/tfork_thread.S @@ -1,4 +1,4 @@ -/* $OpenBSD: tfork_thread.S,v 1.9 2019/03/15 05:42:38 kevlo Exp $ */ +/* $OpenBSD: tfork_thread.S,v 1.10 2020/10/18 14:28:17 deraadt Exp $ */ /*- * Copyright (c) 2000 Peter Wemm <peter@FreeBSD.org> * All rights reserved. @@ -99,6 +99,7 @@ ENTRY(__tfork_thread) pushl $0 # slot for return address, ignored by kernel movl $SYS___threxit, %eax int $0x80 + int3 /* * Branch here if the thread creation fails: diff --git a/lib/libc/arch/m88k/sys/tfork_thread.S b/lib/libc/arch/m88k/sys/tfork_thread.S index 4c2ed2ebd83..2ffdb89fe11 100644 --- a/lib/libc/arch/m88k/sys/tfork_thread.S +++ b/lib/libc/arch/m88k/sys/tfork_thread.S @@ -1,4 +1,4 @@ -/* $OpenBSD: tfork_thread.S,v 1.5 2013/01/23 18:59:32 miod Exp $ */ +/* $OpenBSD: tfork_thread.S,v 1.6 2020/10/18 14:28:18 deraadt Exp $ */ /* * Copyright (c) 2005, Miodrag Vallat @@ -51,4 +51,6 @@ ENTRY(__tfork_thread) or %r13, %r0, __SYSCALLNAME(SYS_,__threxit) tb0 0, %r0, 450 + nop + tb0 0, %r0, 130 /* breakpoint */ END(__tfork_thread) diff --git a/lib/libc/arch/mips64/sys/tfork_thread.S b/lib/libc/arch/mips64/sys/tfork_thread.S index b0cf318553a..413463fe4e5 100644 --- a/lib/libc/arch/mips64/sys/tfork_thread.S +++ b/lib/libc/arch/mips64/sys/tfork_thread.S @@ -1,4 +1,4 @@ -/* $OpenBSD: tfork_thread.S,v 1.2 2012/06/21 00:56:59 guenther Exp $ */ +/* $OpenBSD: tfork_thread.S,v 1.3 2020/10/18 14:28:18 deraadt Exp $ */ /* * Copyright (c) 2005, Miodrag Vallat @@ -65,6 +65,7 @@ LEAF(__tfork_thread, FRAMESZ) move a0, zero __DO_SYSCALL(__threxit) + break 0 9: /* diff --git a/lib/libc/arch/powerpc/sys/tfork_thread.S b/lib/libc/arch/powerpc/sys/tfork_thread.S index 7ec35c34cef..2c218b028e4 100644 --- a/lib/libc/arch/powerpc/sys/tfork_thread.S +++ b/lib/libc/arch/powerpc/sys/tfork_thread.S @@ -1,4 +1,4 @@ -/* $OpenBSD: tfork_thread.S,v 1.7 2016/05/15 00:15:10 guenther Exp $ */ +/* $OpenBSD: tfork_thread.S,v 1.8 2020/10/18 14:28:18 deraadt Exp $ */ /* * Copyright (c) 2005 Tim Wiess <tim@nop.cx> @@ -38,6 +38,8 @@ ENTRY(__tfork_thread) /* child returned, call __threxit */ li %r0, SYS___threxit sc + .long 0 /* illegal */ + 1: stw 0, R2_OFFSET_ERRNO(%r2) li %r3, -1 diff --git a/lib/libc/arch/powerpc64/sys/tfork_thread.S b/lib/libc/arch/powerpc64/sys/tfork_thread.S index ba64ca63b4e..32f15b136f7 100644 --- a/lib/libc/arch/powerpc64/sys/tfork_thread.S +++ b/lib/libc/arch/powerpc64/sys/tfork_thread.S @@ -1,4 +1,4 @@ -/* $OpenBSD: tfork_thread.S,v 1.2 2020/06/30 11:12:07 kettenis Exp $ */ +/* $OpenBSD: tfork_thread.S,v 1.3 2020/10/18 14:28:18 deraadt Exp $ */ /* * Copyright (c) 2005 Tim Wiess <tim@nop.cx> @@ -39,6 +39,7 @@ ENTRY(__tfork_thread) /* child returned, call __threxit */ li %r0, SYS___threxit sc + .long 0 /* illegal */ 1: stw %r0, R13_OFFSET_ERRNO(%r13) li %r3, -1 diff --git a/lib/libc/arch/sparc64/sys/tfork_thread.S b/lib/libc/arch/sparc64/sys/tfork_thread.S index 532fa07c0a6..c879c3e7146 100644 --- a/lib/libc/arch/sparc64/sys/tfork_thread.S +++ b/lib/libc/arch/sparc64/sys/tfork_thread.S @@ -1,4 +1,4 @@ -/* $OpenBSD: tfork_thread.S,v 1.3 2015/09/05 06:22:47 guenther Exp $ */ +/* $OpenBSD: tfork_thread.S,v 1.4 2020/10/18 14:28:18 deraadt Exp $ */ /* * Copyright (c) 2005, Miodrag Vallat @@ -60,6 +60,7 @@ ENTRY(__tfork_thread) mov SYS___threxit, %g1 clr %o0 t ST_SYSCALL /* will not return */ + unimp 9: /* |