arm64 反汇编分析分析了armv8的stack check原理, 这里分析下arm32的原理 基本流程和arm64一致,我们看下arm32如何保存canary值, __set_tls
ENTRY(__set_tls) mov ip, r7 ldr r7, =__ARM_NR_set_tls swi #0 mov r7, ip cmn r0, #(MAX_ERRNO + 1) bxls lr neg r0, r0 b __set_errno_internal END(__set_tls) # define __get_tls() ({ void** __val; __asm__("mrc p15, 0, %0, c13, c0, 3" : "=r"(__val)); __val; })//cp1513_val13 Read User read-only Thread and Process ID Register extern "C" void** __get_tls() { #include "private/__get_tls.h" return __get_tls(); }也就是通过系统调用去设置tls的指针值, __get_tlstls
参考 http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0344k/Babeihid.html
