Switch to using AT_RANDOM for the stack guards.

Bug: 7959813
Change-Id: I8db4b8912ba649bfe668c6f22aa44690ddd401a2

4 files changed, 13 insertions, 11 deletions

diff --git a/libc/bionic/libc_init_common.cpp b/libc/bionic/libc_init_common.cpp
index 71acc45..881b091 100644
--- a/libc/bionic/libc_init_common.cpp
+++ b/libc/bionic/libc_init_common.cpp
@@ -48,7 +48,7 @@ extern "C" int __system_properties_init(void);
 // Not public, but well-known in the BSDs.
 const char* __progname;
 
-// Declared in <unistd.h>
+// Declared in <unistd.h>.
 char** environ;
 
 // Declared in <asm/page.h>.
@@ -66,7 +66,9 @@ unsigned int __page_shift = PAGE_SHIFT;
  * This function also stores a pointer to the kernel argument block in a TLS slot to be
  * picked up by the libc constructor.
  */
-extern "C" void __libc_init_tls(void* kernel_argument_block) {
+void __libc_init_tls(KernelArgumentBlock& args) {
+  __libc_auxv = args.auxv;
+
   unsigned stack_top = (__get_sp() & ~(PAGE_SIZE - 1)) + PAGE_SIZE;
   unsigned stack_size = 128 * 1024;
   unsigned stack_bottom = stack_top - stack_size;
@@ -80,7 +82,7 @@ extern "C" void __libc_init_tls(void* kernel_argument_block) {
 
   static void* tls_area[BIONIC_TLS_SLOTS];
   __init_tls(tls_area, &thread);
-  tls_area[TLS_SLOT_BIONIC_PREINIT] = kernel_argument_block;
+  tls_area[TLS_SLOT_BIONIC_PREINIT] = &args;
 }
 
 void __libc_init_common(KernelArgumentBlock& args) {
diff --git a/libc/bionic/libc_init_static.cpp b/libc/bionic/libc_init_static.cpp
index e5506d1..a6b20eb 100644
--- a/libc/bionic/libc_init_static.cpp
+++ b/libc/bionic/libc_init_static.cpp
@@ -87,9 +87,8 @@ __noreturn void __libc_init(void* raw_args,
                             void (*onexit)(void),
                             int (*slingshot)(int, char**, char**),
                             structors_array_t const * const structors) {
-  __libc_init_tls(NULL);
-
   KernelArgumentBlock args(raw_args);
+  __libc_init_tls(args);
   __libc_init_common(args);
 
   apply_gnu_relro();
diff --git a/libc/bionic/pthread.c b/libc/bionic/pthread.c
index f2a7ebe..88a972d 100644
--- a/libc/bionic/pthread.c
+++ b/libc/bionic/pthread.c
@@ -170,13 +170,12 @@ void  __init_tls(void** tls, void* thread) {
   }
 
   // Slot 0 must point to itself. The x86 Linux kernel reads the TLS from %fs:0.
-  tls[TLS_SLOT_SELF]      = (void*) tls;
+  tls[TLS_SLOT_SELF] = tls;
   tls[TLS_SLOT_THREAD_ID] = thread;
+  // GCC looks in the TLS for the stack guard on x86, so copy it there from our global.
+  tls[TLS_SLOT_STACK_GUARD] = (void*) __stack_chk_guard;
 
-  // Stack guard generation may make system calls, and those system calls may fail.
-  // If they do, they'll try to set errno, so we can only do this after calling __set_tls.
   __set_tls((void*) tls);
-  tls[TLS_SLOT_STACK_GUARD] = __generate_stack_chk_guard();
 }
 
 
diff --git a/libc/bionic/ssp.cpp b/libc/bionic/ssp.cpp
index 08c36c5..f01fee6 100644
--- a/libc/bionic/ssp.cpp
+++ b/libc/bionic/ssp.cpp
@@ -32,15 +32,17 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <sys/auxv.h>
 #include <unistd.h>
 
 #include "bionic_ssp.h"
 #include "logd.h"
 
-void* __stack_chk_guard = NULL;
+uintptr_t __stack_chk_guard = NULL;
 
 static void __attribute__((constructor)) __init_stack_check_guard() {
-  __stack_chk_guard = __generate_stack_chk_guard();
+  // AT_RANDOM is a pointer to 16 bytes of randomness on the stack.
+  __stack_chk_guard = *reinterpret_cast<uintptr_t*>(getauxval(AT_RANDOM));
 }
 
 // This is the crash handler.