[CRIU] [PATCHv2 3/5] pie: provide callbacks for stack-protector

[Dmitry Safonov]

  The other way to solve this is to compile shared between
CRIU and PIEs objects twice: without stack-protection and
with environment choice. But I don't think it worth it.

Cc: Cyrill Gorcunov <gorcunov at openvz.org>
Signed-off-by: Dmitry Safonov <dsafonov at virtuozzo.com>
---
 criu/pie/parasite.c | 18 ++++++++++++++++++
 criu/pie/restorer.c | 11 +++++++++++
 2 files changed, 29 insertions(+)

diff --git a/criu/pie/parasite.c b/criu/pie/parasite.c
index 53985b4352c2..6c556542f6dd 100644
--- a/criu/pie/parasite.c
+++ b/criu/pie/parasite.c
@@ -787,3 +787,21 @@ int __used __parasite_entry parasite_service(unsigned int cmd, void *args)
 	pr_err("Unknown command to parasite: %d\n", cmd);
 	return -EINVAL;
 }
+
+/*
+ * Mainally, -fstack-protector is disabled for parasite.
+ * But we share some object files, compiled for CRIU with parasite.
+ * Those files (like cpu.c) may be compiled with stack protector
+ * support. We can't use gcc-ld provided stackprotector callback,
+ * as Glibc is unmapped. Let's just try to cure application in
+ * case of stack smashing in parasite.
+ */
+void __stack_chk_fail(void)
+{
+	/*
+	 * Smash didn't happen in printing part, as it's not shared
+	 * with CRIU, therefore compiled with -fnostack-protector.
+	 */
+	pr_err("Stack smash detected in parasite\n");
+	fini();
+}
diff --git a/criu/pie/restorer.c b/criu/pie/restorer.c
index d84d316aa441..b18d35a3bfa0 100644
--- a/criu/pie/restorer.c
+++ b/criu/pie/restorer.c
@@ -1562,3 +1562,14 @@ core_restore_end:
 	sys_exit_group(1);
 	return -1;
 }
+
+/*
+ * For most of the restorer's objects -fstack-protector is disabled.
+ * But we share some of them with CRIU, which may have it enabled.
+ */
+void __stack_chk_fail(void)
+{
+	pr_err("Restorer stack smash detected %ld\n", sys_getpid());
+	sys_exit_group(1);
+	BUG();
+}
-- 
2.9.0