arm64 反汇编分析分析了armv8的stack check原理, 这里分析下arm32的原理
基本流程和arm64一致,我们看下arm32如何保存canary值,
__set_tls
ENTRY(__set_tls)
mov ip, r7
ldr r7, =__ARM_NR_set_tls
swi #0
mov r7, ip
cmn r0, #(MAX_ERRNO + 1)
bxls lr
neg r0, r0
b __set_errno_internal
END(__set_tls)
# define __get_tls() ({ void** __val; __asm__("mrc p15, 0, %0, c13, c0, 3"
: "=r"(__val)); __val; })//cp1513_val13
Read User read-only Thread and Process ID Register
extern "C" void** __get_tls() {
#include "private/__get_tls.h"
return __get_tls();
}
也就是通过系统调用去设置tls的指针值,
__get_tlstls
参考
http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0344k/Babeihid.html