summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2020-10-18 14:28:19 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2020-10-18 14:28:19 +0000
commit81a42b0abcdedc2a5538a98fa140b5c905c37f13 (patch)
tree13de44cacdce2db993f272ce7e0db0df213b0388
parent81c0077baa3d0d74d74a14320f14425416016856 (diff)
SYS___threxit cannot fail, but this integration looks like a gadget.
Put a hard-trap instruction after the syscall instruction. ok kettenis mortimer
-rw-r--r--lib/libc/arch/aarch64/sys/tfork_thread.S3
-rw-r--r--lib/libc/arch/alpha/sys/tfork_thread.S3
-rw-r--r--lib/libc/arch/amd64/sys/tfork_thread.S3
-rw-r--r--lib/libc/arch/arm/sys/tfork_thread.S3
-rw-r--r--lib/libc/arch/hppa/sys/tfork_thread.S3
-rw-r--r--lib/libc/arch/i386/sys/tfork_thread.S3
-rw-r--r--lib/libc/arch/m88k/sys/tfork_thread.S4
-rw-r--r--lib/libc/arch/mips64/sys/tfork_thread.S3
-rw-r--r--lib/libc/arch/powerpc/sys/tfork_thread.S4
-rw-r--r--lib/libc/arch/powerpc64/sys/tfork_thread.S3
-rw-r--r--lib/libc/arch/sparc64/sys/tfork_thread.S3
11 files changed, 24 insertions, 11 deletions
diff --git a/lib/libc/arch/aarch64/sys/tfork_thread.S b/lib/libc/arch/aarch64/sys/tfork_thread.S
index 6dca582bd31..18cb9fa474e 100644
--- a/lib/libc/arch/aarch64/sys/tfork_thread.S
+++ b/lib/libc/arch/aarch64/sys/tfork_thread.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: tfork_thread.S,v 1.4 2020/10/01 01:05:40 guenther Exp $ */
+/* $OpenBSD: tfork_thread.S,v 1.5 2020/10/18 14:28:16 deraadt Exp $ */
/*
* Copyright (c) 2005 Dale Rahn <drahn@openbsd.org>
*
@@ -43,5 +43,6 @@ ENTRY(__tfork_thread)
mov x0, x3
blr x2
SYSTRAP(__threxit)
+ .word 0xa000f7f0 /* illegal on all cpus? */
.cfi_endproc
END(__tfork_thread)
diff --git a/lib/libc/arch/alpha/sys/tfork_thread.S b/lib/libc/arch/alpha/sys/tfork_thread.S
index 9b84cd0158a..ef96a69ba8a 100644
--- a/lib/libc/arch/alpha/sys/tfork_thread.S
+++ b/lib/libc/arch/alpha/sys/tfork_thread.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: tfork_thread.S,v 1.2 2012/06/21 00:56:59 guenther Exp $ */
+/* $OpenBSD: tfork_thread.S,v 1.3 2020/10/18 14:28:17 deraadt Exp $ */
/*
* Copyright (c) 2005, Miodrag Vallat
@@ -52,5 +52,6 @@ LEAF(__tfork_thread,0)
mov zero, a0
CALLSYS_NOERROR(__threxit)
+ halt
END(__tfork_thread)
diff --git a/lib/libc/arch/amd64/sys/tfork_thread.S b/lib/libc/arch/amd64/sys/tfork_thread.S
index 647f070cbcc..b543296b04e 100644
--- a/lib/libc/arch/amd64/sys/tfork_thread.S
+++ b/lib/libc/arch/amd64/sys/tfork_thread.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: tfork_thread.S,v 1.9 2020/10/01 01:05:40 guenther Exp $ */
+/* $OpenBSD: tfork_thread.S,v 1.10 2020/10/18 14:28:17 deraadt Exp $ */
/*-
* Copyright (c) 2000 Peter Wemm <peter@FreeBSD.org>
* Copyright (c) 2003 Alan L. Cox <alc@cs.rice.edu>
@@ -89,6 +89,7 @@ ENTRY(__tfork_thread)
movl $SYS___threxit, %eax
xorl %edi, %edi
syscall
+ int3
/*
* Branch here if the thread creation fails:
diff --git a/lib/libc/arch/arm/sys/tfork_thread.S b/lib/libc/arch/arm/sys/tfork_thread.S
index 6b0a624a62d..b5714d7ac53 100644
--- a/lib/libc/arch/arm/sys/tfork_thread.S
+++ b/lib/libc/arch/arm/sys/tfork_thread.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: tfork_thread.S,v 1.4 2016/08/06 19:16:09 guenther Exp $ */
+/* $OpenBSD: tfork_thread.S,v 1.5 2020/10/18 14:28:17 deraadt Exp $ */
/*
* Copyright (c) 2005 Dale Rahn <drahn@openbsd.org>
*
@@ -37,4 +37,5 @@ ENTRY(__tfork_thread)
mov pc, r2
nop
SYSTRAP(__threxit)
+ .word 0xa000f7f0 /* illegal on all cpus? */
END(__tfork_thread)
diff --git a/lib/libc/arch/hppa/sys/tfork_thread.S b/lib/libc/arch/hppa/sys/tfork_thread.S
index 65a8af3c514..0d51179d3b6 100644
--- a/lib/libc/arch/hppa/sys/tfork_thread.S
+++ b/lib/libc/arch/hppa/sys/tfork_thread.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: tfork_thread.S,v 1.2 2012/06/21 00:56:59 guenther Exp $ */
+/* $OpenBSD: tfork_thread.S,v 1.3 2020/10/18 14:28:17 deraadt Exp $ */
/*
* Copyright (c) 2005, Miodrag Vallat
@@ -45,6 +45,7 @@ ENTRY(__tfork_thread, 0)
copy r0, arg0
SYSCALL(__threxit)
+ break 0, 0
1:
bv r0(rp)
diff --git a/lib/libc/arch/i386/sys/tfork_thread.S b/lib/libc/arch/i386/sys/tfork_thread.S
index f1f82c30d5b..dfafb9139b6 100644
--- a/lib/libc/arch/i386/sys/tfork_thread.S
+++ b/lib/libc/arch/i386/sys/tfork_thread.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: tfork_thread.S,v 1.9 2019/03/15 05:42:38 kevlo Exp $ */
+/* $OpenBSD: tfork_thread.S,v 1.10 2020/10/18 14:28:17 deraadt Exp $ */
/*-
* Copyright (c) 2000 Peter Wemm <peter@FreeBSD.org>
* All rights reserved.
@@ -99,6 +99,7 @@ ENTRY(__tfork_thread)
pushl $0 # slot for return address, ignored by kernel
movl $SYS___threxit, %eax
int $0x80
+ int3
/*
* Branch here if the thread creation fails:
diff --git a/lib/libc/arch/m88k/sys/tfork_thread.S b/lib/libc/arch/m88k/sys/tfork_thread.S
index 4c2ed2ebd83..2ffdb89fe11 100644
--- a/lib/libc/arch/m88k/sys/tfork_thread.S
+++ b/lib/libc/arch/m88k/sys/tfork_thread.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: tfork_thread.S,v 1.5 2013/01/23 18:59:32 miod Exp $ */
+/* $OpenBSD: tfork_thread.S,v 1.6 2020/10/18 14:28:18 deraadt Exp $ */
/*
* Copyright (c) 2005, Miodrag Vallat
@@ -51,4 +51,6 @@ ENTRY(__tfork_thread)
or %r13, %r0, __SYSCALLNAME(SYS_,__threxit)
tb0 0, %r0, 450
+ nop
+ tb0 0, %r0, 130 /* breakpoint */
END(__tfork_thread)
diff --git a/lib/libc/arch/mips64/sys/tfork_thread.S b/lib/libc/arch/mips64/sys/tfork_thread.S
index b0cf318553a..413463fe4e5 100644
--- a/lib/libc/arch/mips64/sys/tfork_thread.S
+++ b/lib/libc/arch/mips64/sys/tfork_thread.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: tfork_thread.S,v 1.2 2012/06/21 00:56:59 guenther Exp $ */
+/* $OpenBSD: tfork_thread.S,v 1.3 2020/10/18 14:28:18 deraadt Exp $ */
/*
* Copyright (c) 2005, Miodrag Vallat
@@ -65,6 +65,7 @@ LEAF(__tfork_thread, FRAMESZ)
move a0, zero
__DO_SYSCALL(__threxit)
+ break 0
9:
/*
diff --git a/lib/libc/arch/powerpc/sys/tfork_thread.S b/lib/libc/arch/powerpc/sys/tfork_thread.S
index 7ec35c34cef..2c218b028e4 100644
--- a/lib/libc/arch/powerpc/sys/tfork_thread.S
+++ b/lib/libc/arch/powerpc/sys/tfork_thread.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: tfork_thread.S,v 1.7 2016/05/15 00:15:10 guenther Exp $ */
+/* $OpenBSD: tfork_thread.S,v 1.8 2020/10/18 14:28:18 deraadt Exp $ */
/*
* Copyright (c) 2005 Tim Wiess <tim@nop.cx>
@@ -38,6 +38,8 @@ ENTRY(__tfork_thread)
/* child returned, call __threxit */
li %r0, SYS___threxit
sc
+ .long 0 /* illegal */
+
1:
stw 0, R2_OFFSET_ERRNO(%r2)
li %r3, -1
diff --git a/lib/libc/arch/powerpc64/sys/tfork_thread.S b/lib/libc/arch/powerpc64/sys/tfork_thread.S
index ba64ca63b4e..32f15b136f7 100644
--- a/lib/libc/arch/powerpc64/sys/tfork_thread.S
+++ b/lib/libc/arch/powerpc64/sys/tfork_thread.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: tfork_thread.S,v 1.2 2020/06/30 11:12:07 kettenis Exp $ */
+/* $OpenBSD: tfork_thread.S,v 1.3 2020/10/18 14:28:18 deraadt Exp $ */
/*
* Copyright (c) 2005 Tim Wiess <tim@nop.cx>
@@ -39,6 +39,7 @@ ENTRY(__tfork_thread)
/* child returned, call __threxit */
li %r0, SYS___threxit
sc
+ .long 0 /* illegal */
1:
stw %r0, R13_OFFSET_ERRNO(%r13)
li %r3, -1
diff --git a/lib/libc/arch/sparc64/sys/tfork_thread.S b/lib/libc/arch/sparc64/sys/tfork_thread.S
index 532fa07c0a6..c879c3e7146 100644
--- a/lib/libc/arch/sparc64/sys/tfork_thread.S
+++ b/lib/libc/arch/sparc64/sys/tfork_thread.S
@@ -1,4 +1,4 @@
-/* $OpenBSD: tfork_thread.S,v 1.3 2015/09/05 06:22:47 guenther Exp $ */
+/* $OpenBSD: tfork_thread.S,v 1.4 2020/10/18 14:28:18 deraadt Exp $ */
/*
* Copyright (c) 2005, Miodrag Vallat
@@ -60,6 +60,7 @@ ENTRY(__tfork_thread)
mov SYS___threxit, %g1
clr %o0
t ST_SYSCALL /* will not return */
+ unimp
9:
/*