* elf/Versions [GLIBC_PRIVATE]: Export __pointer_chk_guard if defined.

	* elf/rtld.c: Define __pointer_chk_guard_local and if necessary
	__pointer_chk_guard.
	(_rtld_global_ro): Initialize _dl_pointer_guard.
	(dl_main): Initialize __pointer_chk_guard_local and either
	__pointer_chk_guard or TLS value if necessary.
	(process_envvars): Recognize and handle LD_POINTER_GUARD.
	* sysdeps/generic/ldsodefs.h (rtld_global_ro): Add _dl_pointer_guard.
	* sysdeps/i386/__longjmp.S: Use PTR_DEMANGLE for PC if defined.
	* sysdeps/x86_64/__longjmp.S: Likewise.
	* sysdeps/i386/bsd-_setjmp.S: Use PTR_MANGLE for PC if defined.
	* sysdeps/i386/bsd-_setjmp.S: Likewise.
	* sysdeps/i386/setjmp.S: Likewise.
	[IS_IN_rtld]: Avoid call to __sigjmp_save.
	* sysdeps/i386/setjmp.S: Likewise.
	* sysdeps/unix/sysv/linux/i386/sysdep.h: Define PTR_MANGLE and
	PTR_DEMANGLE.
	* sysdeps/unix/sysv/linux/x86_64/sysdep.h: Likewise.

	* sysdeps/i386/elf/setjmp.S: Removed.
	* sysdeps/i386/elf/bsd-setjmp.S: Removed.

11 files changed, 68 insertions, 160 deletions

diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
index 67a20cea70..b5f7c3cae5 100644
--- a/sysdeps/generic/ldsodefs.h
+++ b/sysdeps/generic/ldsodefs.h
@@ -623,6 +623,9 @@ struct rtld_global_ro
   /* Expected cache ID.  */
   EXTERN int _dl_correct_cache_id;
 
+  /* 0 if internal pointer values should not be guarded, 1 if they should.  */
+  EXTERN int _dl_pointer_guard;
+
   /* Mask for hardware capabilities that are available.  */
   EXTERN uint64_t _dl_hwcap;
 
diff --git a/sysdeps/i386/__longjmp.S b/sysdeps/i386/__longjmp.S
index 6b590f7f04..aced5f42c9 100644
--- a/sysdeps/i386/__longjmp.S
+++ b/sysdeps/i386/__longjmp.S
@@ -1,5 +1,5 @@
 /* longjmp for i386.
-   Copyright (C) 1995,1996,1997,1998,2000,2002 Free Software Foundation, Inc.
+   Copyright (C) 1995-1998,2000,2002,2005 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -44,6 +44,9 @@ ENTRY (BP_SYM (__longjmp))
 	movl (JB_DI*4)(%ecx), %edi
 	movl (JB_BP*4)(%ecx), %ebp
 	movl (JB_SP*4)(%ecx), %esp
+#ifdef PTR_DEMANGLE
+	PTR_DEMANGLE (%edx)
+#endif
 	/* Jump to saved PC.  */
      	jmp *%edx
 END (BP_SYM (__longjmp))
diff --git a/sysdeps/i386/bsd-_setjmp.S b/sysdeps/i386/bsd-_setjmp.S
index aa8df167d0..f80d239323 100644
--- a/sysdeps/i386/bsd-_setjmp.S
+++ b/sysdeps/i386/bsd-_setjmp.S
@@ -1,5 +1,5 @@
 /* BSD `_setjmp' entry point to `sigsetjmp (..., 0)'.  i386 version.
-   Copyright (C) 1994-1997,2000,2001,2002 Free Software Foundation, Inc.
+   Copyright (C) 1994-1997,2000-2002,2005 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -46,6 +46,9 @@ ENTRY (BP_SYM (_setjmp))
 	leal JMPBUF(%esp), %ecx	/* Save SP as it will be after we return.  */
      	movl %ecx, (JB_SP*4)(%edx)
 	movl PCOFF(%esp), %ecx	/* Save PC we are returning to now.  */
+#ifdef PTR_MANGLE
+	PTR_MANGLE (%ecx)
+#endif
      	movl %ecx, (JB_PC*4)(%edx)
 	LEAVE
 	movl %ebp, (JB_BP*4)(%edx) /* Save caller's frame pointer.  */
diff --git a/sysdeps/i386/bsd-setjmp.S b/sysdeps/i386/bsd-setjmp.S
index b6934dc548..f4257a0dc5 100644
--- a/sysdeps/i386/bsd-setjmp.S
+++ b/sysdeps/i386/bsd-setjmp.S
@@ -28,6 +28,10 @@
 #include "bp-sym.h"
 #include "bp-asm.h"
 
+#define PARMS  LINKAGE		/* no space for saved regs */
+#define JMPBUF PARMS
+#define SIGMSK JMPBUF+PTR_SIZE
+
 ENTRY (BP_SYM (setjmp))
 	/* Note that we have to use a non-exported symbol in the next
 	   jump since otherwise gas will emit it as a jump through the
@@ -44,6 +48,9 @@ ENTRY (BP_SYM (setjmp))
 	leal JMPBUF(%esp), %ecx	/* Save SP as it will be after we return.  */
      	movl %ecx, (JB_SP*4)(%eax)
 	movl PCOFF(%esp), %ecx	/* Save PC we are returning to now.  */
+#ifdef PTR_MANGLE
+	PTR_MANGLE (%ecx)
+#endif
      	movl %ecx, (JB_PC*4)(%eax)
 	LEAVE /* pop frame pointer to prepare for tail-call.  */
 	movl %ebp, (JB_BP*4)(%eax) /* Save caller's frame pointer.  */
diff --git a/sysdeps/i386/elf/bsd-setjmp.S b/sysdeps/i386/elf/bsd-setjmp.S
deleted file mode 100644
index c421791fe0..0000000000
--- a/sysdeps/i386/elf/bsd-setjmp.S
+++ /dev/null
@@ -1,82 +0,0 @@
-/* BSD `setjmp' entry point to `sigsetjmp (..., 1)'.  i386 version.
-   Copyright (C) 1995-1997,2000-2003,2005 Free Software Foundation, Inc.
-   This file is part of the GNU C Library.
-
-   The GNU C Library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 2.1 of the License, or (at your option) any later version.
-
-   The GNU C Library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with the GNU C Library; if not, write to the Free
-   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-   02111-1307 USA.  */
-
-#include <sysdep.h>
-#define _ASM
-#define _SETJMP_H
-#include <bits/setjmp.h>
-#include "bp-sym.h"
-#include "bp-asm.h"
-
-#define PARMS	LINKAGE		/* no space for saved regs */
-#define JMPBUF	PARMS
-#define SIGMSK	JMPBUF+PTR_SIZE
-
-ENTRY (BP_SYM (setjmp))
-	/* Note that we have to use a non-exported symbol in the next
-	   jump since otherwise gas will emit it as a jump through the
-	   PLT which is what we cannot use here.  */
-	ENTER
-
-	movl JMPBUF(%esp), %eax
-	CHECK_BOUNDS_BOTH_WIDE (%eax, JMPBUF(%esp), $JB_SIZE)
-
-     	/* Save registers.  */
-	movl %ebx, (JB_BX*4)(%eax)
-	movl %esi, (JB_SI*4)(%eax)
-	movl %edi, (JB_DI*4)(%eax)
-	leal JMPBUF(%esp), %ecx	/* Save SP as it will be after we return.  */
-     	movl %ecx, (JB_SP*4)(%eax)
-	movl PCOFF(%esp), %ecx	/* Save PC we are returning to now.  */
-     	movl %ecx, (JB_PC*4)(%eax)
-	LEAVE /* pop frame pointer to prepare for tail-call.  */
-	movl %ebp, (JB_BP*4)(%eax) /* Save caller's frame pointer.  */
-
-	/* Call __sigjmp_save.  */
-	pushl $1
-	cfi_adjust_cfa_offset (4)
-	pushl 8(%esp)
-	cfi_adjust_cfa_offset (4)
-#ifdef	PIC
-	/* We cannot use the PLT, because it requires that %ebx be set, but
-           we can't save and restore our caller's value.  Instead, we do an
-           indirect jump through the GOT, using for the temporary register
-           %ecx, which is call-clobbered.  */
-	call __i686.get_pc_thunk.cx
-	addl $_GLOBAL_OFFSET_TABLE_, %ecx
-	leal C_SYMBOL_NAME (BP_SYM (__sigjmp_save)@GOTOFF)(%ecx), %ecx
-	call *%ecx
-#else
-	call BP_SYM (__sigjmp_save)
-#endif
-	popl %ecx
-	cfi_adjust_cfa_offset (-4)
-	popl %edx
-	cfi_adjust_cfa_offset (-4)
-	ret
-END (BP_SYM (setjmp))
-
-	.section .gnu.linkonce.t.__i686.get_pc_thunk.cx,"ax",@progbits
-	.globl __i686.get_pc_thunk.cx
-	.hidden __i686.get_pc_thunk.cx
-	.type __i686.get_pc_thunk.cx,@function
-__i686.get_pc_thunk.cx:
-	movl (%esp), %ecx
-	ret
-	.size __i686.get_pc_thunk.cx, . - __i686.get_pc_thunk.cx
diff --git a/sysdeps/i386/elf/setjmp.S b/sysdeps/i386/elf/setjmp.S
deleted file mode 100644
index d6ae98b8b4..0000000000
--- a/sysdeps/i386/elf/setjmp.S
+++ /dev/null
@@ -1,70 +0,0 @@
-/* setjmp for i386, ELF version.
-   Copyright (C) 1995-1997,2000,2001,2002,2003 Free Software Foundation, Inc.
-   This file is part of the GNU C Library.
-
-   The GNU C Library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 2.1 of the License, or (at your option) any later version.
-
-   The GNU C Library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with the GNU C Library; if not, write to the Free
-   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
-   02111-1307 USA.  */
-
-#include <sysdep.h>
-#define _ASM
-#define _SETJMP_H
-#include <bits/setjmp.h>
-#include "bp-sym.h"
-#include "bp-asm.h"
-
-#define PARMS	LINKAGE		/* no space for saved regs */
-#define JMPBUF	PARMS
-#define SIGMSK	JMPBUF+PTR_SIZE
-
-ENTRY (BP_SYM (__sigsetjmp))
-	ENTER
-
-	movl JMPBUF(%esp), %eax
-	CHECK_BOUNDS_BOTH_WIDE (%eax, JMPBUF(%esp), $JB_SIZE)
-
-     	/* Save registers.  */
-	movl %ebx, (JB_BX*4)(%eax)
-	movl %esi, (JB_SI*4)(%eax)
-	movl %edi, (JB_DI*4)(%eax)
-	leal JMPBUF(%esp), %ecx	/* Save SP as it will be after we return.  */
-     	movl %ecx, (JB_SP*4)(%eax)
-	movl PCOFF(%esp), %ecx	/* Save PC we are returning to now.  */
-     	movl %ecx, (JB_PC*4)(%eax)
-	LEAVE /* pop frame pointer to prepare for tail-call.  */
-	movl %ebp, (JB_BP*4)(%eax) /* Save caller's frame pointer.  */
-
-	/* Make a tail call to __sigjmp_save; it takes the same args.  */
-#ifdef	PIC
-	/* We cannot use the PLT, because it requires that %ebx be set, but
-           we can't save and restore our caller's value.  Instead, we do an
-           indirect jump through the GOT, using for the temporary register
-           %ecx, which is call-clobbered.  */
-	call __i686.get_pc_thunk.cx
-	addl $_GLOBAL_OFFSET_TABLE_, %ecx
-	leal C_SYMBOL_NAME (BP_SYM (__sigjmp_save)@GOTOFF)(%ecx), %ecx
-	jmp *%ecx
-#else
-	jmp BP_SYM (__sigjmp_save)
-#endif
-END (BP_SYM (__sigsetjmp))
-
-	.section .gnu.linkonce.t.__i686.get_pc_thunk.cx,"ax",@progbits
-	.globl __i686.get_pc_thunk.cx
-	.hidden __i686.get_pc_thunk.cx
-	.type __i686.get_pc_thunk.cx,@function
-__i686.get_pc_thunk.cx:
-	movl (%esp), %ecx
-	ret
-	.size __i686.get_pc_thunk.cx, . - __i686.get_pc_thunk.cx
diff --git a/sysdeps/i386/setjmp.S b/sysdeps/i386/setjmp.S
index e01d32b66c..747499adc2 100644
--- a/sysdeps/i386/setjmp.S
+++ b/sysdeps/i386/setjmp.S
@@ -1,5 +1,5 @@
 /* setjmp for i386.
-   Copyright (C) 1995, 1996, 1997, 2000, 2001 Free Software Foundation, Inc.
+   Copyright (C) 1995,1996,1997,2000,2001,2005 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -42,10 +42,19 @@ ENTRY (BP_SYM (__sigsetjmp))
 	leal JMPBUF(%esp), %ecx	/* Save SP as it will be after we return.  */
      	movl %ecx, (JB_SP*4)(%eax)
 	movl PCOFF(%esp), %ecx	/* Save PC we are returning to now.  */
+#ifdef PTR_MANGLE
+	PTR_MANGLE (%ecx)
+#endif
      	movl %ecx, (JB_PC*4)(%eax)
 	LEAVE /* pop frame pointer to prepare for tail-call.  */
 	movl %ebp, (JB_BP*4)(%eax) /* Save caller's frame pointer.  */
 
+#if defined NOT_IN_libc && defined IS_IN_rtld
+	/* In ld.so we never save the signal mask.  */
+	xorl %eax, %eax
+	ret
+#else
 	/* Make a tail call to __sigjmp_save; it takes the same args.  */
-	jmp BP_SYM (__sigjmp_save)
+	jmp __sigjmp_save
+#endif
 END (BP_SYM (__sigsetjmp))
diff --git a/sysdeps/unix/sysv/linux/i386/sysdep.h b/sysdeps/unix/sysv/linux/i386/sysdep.h
index 99f9bf1edf..929c6e5191 100644
--- a/sysdeps/unix/sysv/linux/i386/sysdep.h
+++ b/sysdeps/unix/sysv/linux/i386/sysdep.h
@@ -558,4 +558,15 @@ asm (".L__X'%ebx = 1\n\t"
 
 #endif	/* __ASSEMBLER__ */
 
+
+/* Pointer mangling support.  */
+#if defined NOT_IN_libc && defined IS_IN_rtld
+/* We cannot use the thread descriptor because in ld.so we use setjmp
+   earlier than the descriptor is initialized.  Using a global variable
+   is too complicated here since we have no PC-relative addressing mode.  */
+#else
+# define PTR_MANGLE(reg)	xorl %gs:POINTER_GUARD, reg
+# define PTR_DEMANGLE(reg)	PTR_MANGLE (reg)
+#endif
+
 #endif /* linux/i386/sysdep.h */
diff --git a/sysdeps/unix/sysv/linux/x86_64/sysdep.h b/sysdeps/unix/sysv/linux/x86_64/sysdep.h
index 0dc2f2750e..2ea69c3bfd 100644
--- a/sysdeps/unix/sysv/linux/x86_64/sysdep.h
+++ b/sysdeps/unix/sysv/linux/x86_64/sysdep.h
@@ -311,4 +311,16 @@
 
 #endif	/* __ASSEMBLER__ */
 
+
+/* Pointer mangling support.  */
+#if defined NOT_IN_libc && defined IS_IN_rtld
+/* We cannot use the thread descriptor because in ld.so we use setjmp
+   earlier than the descriptor is initialized.  */
+# define PTR_MANGLE(reg)	xorq __pointer_chk_guard_local(%rip), reg
+# define PTR_DEMANGLE(reg)	PTR_MANGLE (reg)
+#else
+# define PTR_MANGLE(reg)	xorq %fs:POINTER_GUARD, reg
+# define PTR_DEMANGLE(reg)	PTR_MANGLE (reg)
+#endif
+
 #endif /* linux/x86_64/sysdep.h */
diff --git a/sysdeps/x86_64/__longjmp.S b/sysdeps/x86_64/__longjmp.S
index 9ed480c540..becfb4f79d 100644
--- a/sysdeps/x86_64/__longjmp.S
+++ b/sysdeps/x86_64/__longjmp.S
@@ -1,4 +1,4 @@
-/* Copyright (C) 2001, 2004 Free Software Foundation, Inc.
+/* Copyright (C) 2001, 2004, 2005 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -50,5 +50,8 @@ ENTRY(__longjmp)
 	mov %esi, %eax
 	movq (JB_PC*8)(%rdi),%rdx
 	movq (JB_RSP*8)(%rdi),%rsp
+#ifdef PTR_DEMANGLE
+	PTR_DEMANGLE (%rdx)
+#endif
 	jmpq *%rdx
 END (BP_SYM (__longjmp))
diff --git a/sysdeps/x86_64/setjmp.S b/sysdeps/x86_64/setjmp.S
index 811ab1d913..8af5502042 100644
--- a/sysdeps/x86_64/setjmp.S
+++ b/sysdeps/x86_64/setjmp.S
@@ -1,5 +1,5 @@
 /* setjmp for x86-64.
-   Copyright (C) 2001, 2003 Free Software Foundation, Inc.
+   Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -34,13 +34,22 @@ ENTRY (__sigsetjmp)
 	leaq 8(%rsp), %rdx	/* Save SP as it will be after we return.  */
 	movq %rdx, (JB_RSP*8)(%rdi)
 	movq (%rsp), %rax	/* Save PC we are returning to now.  */
+#ifdef PTR_MANGLE
+	PTR_MANGLE (%rax)
+#endif
 	movq %rax, (JB_PC*8)(%rdi)
 
+#if defined NOT_IN_libc && defined IS_IN_rtld
+	/* In ld.so we never save the signal mask.  */
+	xorl %eax, %eax
+	retq
+#else
 	/* Make a tail call to __sigjmp_save; it takes the same args.  */
-#ifdef	PIC
+# ifdef	PIC
 	jmp C_SYMBOL_NAME (BP_SYM (__sigjmp_save))@PLT
-#else
+# else
 	jmp BP_SYM (__sigjmp_save)
+# endif
 #endif
 END (BP_SYM (__sigsetjmp))
 hidden_def (__sigsetjmp)