From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15963 invoked by alias); 28 Aug 2014 08:20:37 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 15876 invoked by uid 55); 28 Aug 2014 08:20:33 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug libc/17319] init_tls switches around esp during set_thread_area syscall Date: Thu, 28 Aug 2014 08:20:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: 2.20 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-08/txt/msg00120.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=17319 --- Comment #2 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via 9570bc53fcc11d3cfe028989e611266e8d55bd09 (commit) from b0f955c9ac70181532e93aa78c49c204c2a31dfd (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9570bc53fcc11d3cfe028989e611266e8d55bd09 commit 9570bc53fcc11d3cfe028989e611266e8d55bd09 Author: Mark Wielaard Date: Wed Aug 27 17:07:58 2014 +0200 i386 TLS_INIT_TP might produce bogus asm changing stack pointer [BZ #17319] TLS_INIT_TP in sysdeps/i386/nptl/tls.h uses some hand written asm to generate a set_thread_area that might result in exchanging ebx and esp around the syscall causing introspection tools like valgrind to loose track of the user stack. Just use INTERNAL_SYSCALL which makes sure esp isn't changed arbitrarily. Before the patch the code would generate: mov $0xf3,%eax movl $0xfffff,0x8(%esp) movl $0x51,0xc(%esp) xchg %esp,%ebx int $0x80 xchg %esp,%ebx Using INTERNAL_SYSCALL instead will generate: movl $0xfffff,0x8(%esp) movl $0x51,0xc(%esp) xchg %ecx,%ebx mov $0xf3,%eax int $0x80 xchg %ecx,%ebx Thanks to Florian Weimer for analysing why the original code generated the bogus esp usage: _segdescr.desc happens to be at the top of the stack, so its address is in %esp. The asm statement says that %3 is an input, so its value will not change, and GCC can use %esp as the input register for the expression &_segdescr.desc. But the constraints do not fully describe the asm statement because the %3 register is actually modified, albeit only temporarily. [BZ #17319] * sysdeps/i386/nptl/tls.h (TLS_INIT_TP): Use INTERNAL_SYSCALL to call set_thread_area instead of hand written asm. (__NR_set_thread_area): Removed define. (TLS_FLAG_WRITABLE): Likewise. (__ASSUME_SET_THREAD_AREA): Remove check. (TLS_EBX_ARG): Remove define. (TLS_LOAD_EBX): Likewise. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 11 +++++++++++ NEWS | 2 +- sysdeps/i386/nptl/tls.h | 31 ++----------------------------- 3 files changed, 14 insertions(+), 30 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug.