ricarkol/solo5-spt-fs-gs-to-zero

## solo5-spt-fs-gs-to-zero
diff --git a/bindings/spt/start.c b/bindings/spt/start.c
index 4064a41..f9ddede 100644
--- a/bindings/spt/start.c
+++ b/bindings/spt/start.c
@@ -20,10 +20,23 @@

 #include "bindings.h"

+extern uintptr_t __stack_chk_guard;
+
+#if defined(__x86_64__)
+#define READ_CPU_TICKS cpu_rdtsc
+#elif defined(__aarch64__)
+#define READ_CPU_TICKS cpu_cntvct
+#else
+#error Unsupported architecture
+#endif
+
 void _start(void *arg)
 {
     /* XXX TODO, needs TLS setup crt_init_early(); */

+    __stack_chk_guard = READ_CPU_TICKS() + (READ_CPU_TICKS() << 32UL);
+    __stack_chk_guard &= ~(uintptr_t)0xff00;
+
     static struct solo5_start_info si;

     /* console_init(); */
diff --git a/tenders/spt/spt_core.c b/tenders/spt/spt_core.c
index 5b431c6..72bcf12 100644
--- a/tenders/spt/spt_core.c
+++ b/tenders/spt/spt_core.c
@@ -34,6 +34,9 @@
 #include <sys/mman.h>
 #include <time.h>
 #include <seccomp.h>
+#include <asm/prctl.h>
+#include <unistd.h>
+#include <sys/syscall.h>

 #include "spt.h"

@@ -113,6 +116,8 @@ void spt_run(struct spt *spt, uint64_t p_entry)
 #endif

     seccomp_load(spt->sc_ctx);
+    syscall(SYS_arch_prctl, ARCH_SET_FS, 0);
+    syscall(SYS_arch_prctl, ARCH_SET_GS, 0);

     spt_launch(sp, start_fn, spt->mem + SPT_BOOT_INFO_BASE);

@@ -129,6 +134,10 @@ static int setup(struct spt *spt)
             SCMP_A0(SCMP_CMP_EQ, CLOCK_MONOTONIC));
     seccomp_rule_add(spt->sc_ctx, SCMP_ACT_ALLOW, SCMP_SYS(clock_gettime), 1,
             SCMP_A0(SCMP_CMP_EQ, CLOCK_REALTIME));
+    seccomp_rule_add(spt->sc_ctx, SCMP_ACT_ALLOW, SCMP_SYS(arch_prctl), 1,
+            SCMP_A0(SCMP_CMP_EQ, ARCH_SET_FS));
+    seccomp_rule_add(spt->sc_ctx, SCMP_ACT_ALLOW, SCMP_SYS(arch_prctl), 1,
+            SCMP_A0(SCMP_CMP_EQ, ARCH_SET_GS));

     return 0;
 }
diff --git a/tenders/spt/spt_main.c b/tenders/spt/spt_main.c
index fba7def..a7f4321 100644
--- a/tenders/spt/spt_main.c
+++ b/tenders/spt/spt_main.c
@@ -121,7 +121,7 @@ static void usage(const char *prog)

 int main(int argc, char **argv)
 {
-    size_t mem_size = 0x20000000;
+    size_t mem_size = 0x400000;
     uint64_t p_entry, p_end;
     const char *prog;
     const char *elffile;
	diff --git a/bindings/spt/start.c b/bindings/spt/start.c
	index 4064a41..f9ddede 100644
	--- a/bindings/spt/start.c
	+++ b/bindings/spt/start.c
	@@ -20,10 +20,23 @@

	#include "bindings.h"

	+extern uintptr_t __stack_chk_guard;
	+
	+#if defined(__x86_64__)
	+#define READ_CPU_TICKS cpu_rdtsc
	+#elif defined(__aarch64__)
	+#define READ_CPU_TICKS cpu_cntvct
	+#else
	+#error Unsupported architecture
	+#endif
	+
	void _start(void *arg)
	{
	/* XXX TODO, needs TLS setup crt_init_early(); */

	+ __stack_chk_guard = READ_CPU_TICKS() + (READ_CPU_TICKS() << 32UL);
	+ __stack_chk_guard &= ~(uintptr_t)0xff00;
	+
	static struct solo5_start_info si;

	/* console_init(); */
	diff --git a/tenders/spt/spt_core.c b/tenders/spt/spt_core.c
	index 5b431c6..72bcf12 100644
	--- a/tenders/spt/spt_core.c
	+++ b/tenders/spt/spt_core.c
	@@ -34,6 +34,9 @@
	#include <sys/mman.h>
	#include <time.h>
	#include <seccomp.h>
	+#include <asm/prctl.h>
	+#include <unistd.h>
	+#include <sys/syscall.h>

	#include "spt.h"

	@@ -113,6 +116,8 @@ void spt_run(struct spt *spt, uint64_t p_entry)
	#endif

	seccomp_load(spt->sc_ctx);
	+ syscall(SYS_arch_prctl, ARCH_SET_FS, 0);
	+ syscall(SYS_arch_prctl, ARCH_SET_GS, 0);

	spt_launch(sp, start_fn, spt->mem + SPT_BOOT_INFO_BASE);

	@@ -129,6 +134,10 @@ static int setup(struct spt *spt)
	SCMP_A0(SCMP_CMP_EQ, CLOCK_MONOTONIC));
	seccomp_rule_add(spt->sc_ctx, SCMP_ACT_ALLOW, SCMP_SYS(clock_gettime), 1,
	SCMP_A0(SCMP_CMP_EQ, CLOCK_REALTIME));
	+ seccomp_rule_add(spt->sc_ctx, SCMP_ACT_ALLOW, SCMP_SYS(arch_prctl), 1,
	+ SCMP_A0(SCMP_CMP_EQ, ARCH_SET_FS));
	+ seccomp_rule_add(spt->sc_ctx, SCMP_ACT_ALLOW, SCMP_SYS(arch_prctl), 1,
	+ SCMP_A0(SCMP_CMP_EQ, ARCH_SET_GS));

	return 0;
	}
	diff --git a/tenders/spt/spt_main.c b/tenders/spt/spt_main.c
	index fba7def..a7f4321 100644
	--- a/tenders/spt/spt_main.c
	+++ b/tenders/spt/spt_main.c
	@@ -121,7 +121,7 @@ static void usage(const char *prog)

	int main(int argc, char **argv)
	{
	- size_t mem_size = 0x20000000;
	+ size_t mem_size = 0x400000;
	uint64_t p_entry, p_end;
	const char *prog;
	const char *elffile;