ricarkol · January 9, 2019 21:39
diff --git a/solo5-spt-fs-gs-to-zero b/solo5-spt-fs-gs-to-zero
 diff --git a/bindings/spt/start.c b/bindings/spt/start.c
 index 4064a41..f9ddede 100644
 --- a/bindings/spt/start.c
 +++ b/bindings/spt/start.c
 @@ -20,10 +20,23 @@
 
 #include "bindings.h"
 
 +extern uintptr_t __stack_chk_guard;
 +
 +#if defined(__x86_64__)
 +#define READ_CPU_TICKS cpu_rdtsc
 +#elif defined(__aarch64__)
 +#define READ_CPU_TICKS cpu_cntvct
 +#else
 +#error Unsupported architecture
 +#endif
 +
 void _start(void *arg)
 {
     /* XXX TODO, needs TLS setup crt_init_early(); */
 
 +    __stack_chk_guard = READ_CPU_TICKS() + (READ_CPU_TICKS() << 32UL);
 +    __stack_chk_guard &= ~(uintptr_t)0xff00;
 +
     static struct solo5_start_info si;
 
     /* console_init(); */
 diff --git a/tenders/spt/spt_core.c b/tenders/spt/spt_core.c
 index 5b431c6..72bcf12 100644
 --- a/tenders/spt/spt_core.c
 +++ b/tenders/spt/spt_core.c
 @@ -34,6 +34,9 @@
 #include <sys/mman.h>
 #include <time.h>
 #include <seccomp.h>
 +#include <asm/prctl.h>
 +#include <unistd.h>
 +#include <sys/syscall.h>
 
 #include "spt.h"
 
 @@ -113,6 +116,8 @@ void spt_run(struct spt *spt, uint64_t p_entry)
 #endif
 
     seccomp_load(spt->sc_ctx);
 +    syscall(SYS_arch_prctl, ARCH_SET_FS, 0);
 +    syscall(SYS_arch_prctl, ARCH_SET_GS, 0);
 
     spt_launch(sp, start_fn, spt->mem + SPT_BOOT_INFO_BASE);
 
 @@ -129,6 +134,10 @@ static int setup(struct spt *spt)
             SCMP_A0(SCMP_CMP_EQ, CLOCK_MONOTONIC));
     seccomp_rule_add(spt->sc_ctx, SCMP_ACT_ALLOW, SCMP_SYS(clock_gettime), 1,
             SCMP_A0(SCMP_CMP_EQ, CLOCK_REALTIME));
 +    seccomp_rule_add(spt->sc_ctx, SCMP_ACT_ALLOW, SCMP_SYS(arch_prctl), 1,
 +            SCMP_A0(SCMP_CMP_EQ, ARCH_SET_FS));
 +    seccomp_rule_add(spt->sc_ctx, SCMP_ACT_ALLOW, SCMP_SYS(arch_prctl), 1,
 +            SCMP_A0(SCMP_CMP_EQ, ARCH_SET_GS));
     
     return 0;
 }
 diff --git a/tenders/spt/spt_main.c b/tenders/spt/spt_main.c
 index fba7def..a7f4321 100644
 --- a/tenders/spt/spt_main.c
 +++ b/tenders/spt/spt_main.c
 @@ -121,7 +121,7 @@ static void usage(const char *prog)
 
 int main(int argc, char **argv)
 {
 -    size_t mem_size = 0x20000000;
 +    size_t mem_size = 0x400000;
     uint64_t p_entry, p_end;
     const char *prog;
     const char *elffile;
	diff --git a/bindings/spt/start.c b/bindings/spt/start.c
	index 4064a41..f9ddede 100644
	--- a/bindings/spt/start.c
	+++ b/bindings/spt/start.c
	@@ -20,10 +20,23 @@

	#include "bindings.h"

	+extern uintptr_t __stack_chk_guard;
	+
	+#if defined(__x86_64__)
	+#define READ_CPU_TICKS cpu_rdtsc
	+#elif defined(__aarch64__)
	+#define READ_CPU_TICKS cpu_cntvct
	+#else
	+#error Unsupported architecture
	+#endif
	+
	void _start(void *arg)
	{
	/* XXX TODO, needs TLS setup crt_init_early(); */

	+ __stack_chk_guard = READ_CPU_TICKS() + (READ_CPU_TICKS() << 32UL);
	+ __stack_chk_guard &= ~(uintptr_t)0xff00;
	+
	static struct solo5_start_info si;

	/* console_init(); */
	diff --git a/tenders/spt/spt_core.c b/tenders/spt/spt_core.c
	index 5b431c6..72bcf12 100644
	--- a/tenders/spt/spt_core.c
	+++ b/tenders/spt/spt_core.c
	@@ -34,6 +34,9 @@
	#include <sys/mman.h>
	#include <time.h>
	#include <seccomp.h>
	+#include <asm/prctl.h>
	+#include <unistd.h>
	+#include <sys/syscall.h>

	#include "spt.h"

	@@ -113,6 +116,8 @@ void spt_run(struct spt *spt, uint64_t p_entry)
	#endif

	seccomp_load(spt->sc_ctx);
	+ syscall(SYS_arch_prctl, ARCH_SET_FS, 0);
	+ syscall(SYS_arch_prctl, ARCH_SET_GS, 0);

	spt_launch(sp, start_fn, spt->mem + SPT_BOOT_INFO_BASE);

	@@ -129,6 +134,10 @@ static int setup(struct spt *spt)
	SCMP_A0(SCMP_CMP_EQ, CLOCK_MONOTONIC));
	seccomp_rule_add(spt->sc_ctx, SCMP_ACT_ALLOW, SCMP_SYS(clock_gettime), 1,
	SCMP_A0(SCMP_CMP_EQ, CLOCK_REALTIME));
	+ seccomp_rule_add(spt->sc_ctx, SCMP_ACT_ALLOW, SCMP_SYS(arch_prctl), 1,
	+ SCMP_A0(SCMP_CMP_EQ, ARCH_SET_FS));
	+ seccomp_rule_add(spt->sc_ctx, SCMP_ACT_ALLOW, SCMP_SYS(arch_prctl), 1,
	+ SCMP_A0(SCMP_CMP_EQ, ARCH_SET_GS));

	return 0;
	}
	diff --git a/tenders/spt/spt_main.c b/tenders/spt/spt_main.c
	index fba7def..a7f4321 100644
	--- a/tenders/spt/spt_main.c
	+++ b/tenders/spt/spt_main.c
	@@ -121,7 +121,7 @@ static void usage(const char *prog)

	int main(int argc, char **argv)
	{
	- size_t mem_size = 0x20000000;
	+ size_t mem_size = 0x400000;
	uint64_t p_entry, p_end;
	const char *prog;
	const char *elffile;