* [PATCH] mips64: fix clobbering s0 in setjmp() [BZ #22624]
@ 2017-12-17 10:02 Sergei Trofimovich
2017-12-18 17:24 ` Joseph Myers
0 siblings, 1 reply; 4+ messages in thread
From: Sergei Trofimovich @ 2017-12-17 10:02 UTC (permalink / raw)
To: libc-alpha, Joseph Myers; +Cc: Sergei Trofimovich
From: Sergei Trofimovich <slyfox@gentoo.org>
When configured as --enable-stack-protector=all glibc
inserts stack checking canary into every function
including __sigsetjmp_aux(). Stack checking code
ends up using s0 register to temporary hold address
of global canary value.
Unfortunately __sigsetjmp_aux assumes no caller' caller-save
registers should be clobbered as it stores them as-is.
The fix is to disable stack protection of __sigsetjmp_aux.
Tested on the following test:
#include <setjmp.h>
#include <stdio.h>
int main() {
jmp_buf jb;
volatile register long s0 asm ("$s0");
s0 = 1234;
if (setjmp(jb) == 0)
longjmp(jb, 1);
printf ("$s0 = %lu\n", s0);
}
Without the fix:
$ qemu-mipsn32 -L . ./mips-longjmp-bug
$s0 = 1082346228
With the fix:
$ qemu-mipsn32 -L . ./mips-longjmp-bug
$s0 = 1234
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
---
sysdeps/mips/mips64/setjmp_aux.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/sysdeps/mips/mips64/setjmp_aux.c b/sysdeps/mips/mips64/setjmp_aux.c
index b43c36a7d5..43fffc74bf 100644
--- a/sysdeps/mips/mips64/setjmp_aux.c
+++ b/sysdeps/mips/mips64/setjmp_aux.c
@@ -24,7 +24,12 @@
pointer. We do things this way because it's difficult to reliably
access them in C. */
+/* Stack protection is disabled to avoid changing s0 (or any other
+ caller-save register) before storing it to environment.
+ See BZ #22624. */
+
int
+inhibit_stack_protector
__sigsetjmp_aux (jmp_buf env, int savemask, long long sp, long long fp,
long long gp)
{
--
2.15.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] mips64: fix clobbering s0 in setjmp() [BZ #22624]
2017-12-17 10:02 [PATCH] mips64: fix clobbering s0 in setjmp() [BZ #22624] Sergei Trofimovich
@ 2017-12-18 17:24 ` Joseph Myers
2017-12-18 18:08 ` Sergei Trofimovich
0 siblings, 1 reply; 4+ messages in thread
From: Joseph Myers @ 2017-12-18 17:24 UTC (permalink / raw)
To: Sergei Trofimovich; +Cc: libc-alpha, Sergei Trofimovich
Thanks, committed.
--
Joseph S. Myers
joseph@codesourcery.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] mips64: fix clobbering s0 in setjmp() [BZ #22624]
2017-12-18 17:24 ` Joseph Myers
@ 2017-12-18 18:08 ` Sergei Trofimovich
2017-12-18 18:28 ` Joseph Myers
0 siblings, 1 reply; 4+ messages in thread
From: Sergei Trofimovich @ 2017-12-18 18:08 UTC (permalink / raw)
To: Joseph Myers; +Cc: libc-alpha, Sergei Trofimovich
[-- Attachment #1.1: Type: text/plain, Size: 244 bytes --]
On Mon, 18 Dec 2017 17:24:03 +0000
Joseph Myers <joseph@codesourcery.com> wrote:
> Thanks, committed.
Thank you! I've also noticed that mips32 has exactly the same problem
as it copies the same code. Attached patch.
--
Sergei
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0001-mips32-fix-clobbering-s0-in-setjmp-BZ-22624.patch --]
[-- Type: text/x-patch, Size: 1191 bytes --]
From bbfc828f8f8404b2d5f37f59a3186e4fc4d278a4 Mon Sep 17 00:00:00 2001
From: Sergei Trofimovich <slyfox@gentoo.org>
Date: Sun, 17 Dec 2017 09:51:34 +0000
Subject: [PATCH] mips32: fix clobbering s0 in setjmp() [BZ #22624]
Similar to commit 1ab47db00dfbc0128119e3503d3ed640ffc4830b
("mips64: fix clobbering s0 in setjmp() [BZ #22624]")
as sysdeps/mips/setjmp_aux.c is almost an identical copy
of sysdeps/mips/mips64/setjmp_aux.c.
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
---
sysdeps/mips/setjmp_aux.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/sysdeps/mips/setjmp_aux.c b/sysdeps/mips/setjmp_aux.c
index 0052e0c4a4..176243bc51 100644
--- a/sysdeps/mips/setjmp_aux.c
+++ b/sysdeps/mips/setjmp_aux.c
@@ -23,7 +23,12 @@
pointer. We do things this way because it's difficult to reliably
access them in C. */
+/* Stack protection is disabled to avoid changing s0 (or any other
+ caller-save register) before storing it to environment.
+ See BZ #22624. */
+
int __attribute__ ((nomips16))
+inhibit_stack_protector
__sigsetjmp_aux (jmp_buf env, int savemask, int sp, int fp)
{
#ifdef __mips_hard_float
--
2.15.1
[-- Attachment #2: æøфрþòðѠÿþôÿøÑÂь OpenPGP --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] mips64: fix clobbering s0 in setjmp() [BZ #22624]
2017-12-18 18:08 ` Sergei Trofimovich
@ 2017-12-18 18:28 ` Joseph Myers
0 siblings, 0 replies; 4+ messages in thread
From: Joseph Myers @ 2017-12-18 18:28 UTC (permalink / raw)
To: Sergei Trofimovich; +Cc: libc-alpha, Sergei Trofimovich
On Mon, 18 Dec 2017, Sergei Trofimovich wrote:
> On Mon, 18 Dec 2017 17:24:03 +0000
> Joseph Myers <joseph@codesourcery.com> wrote:
>
> > Thanks, committed.
>
> Thank you! I've also noticed that mips32 has exactly the same problem
> as it copies the same code. Attached patch.
Thanks, committed that as well.
--
Joseph S. Myers
joseph@codesourcery.com
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-12-18 18:28 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-17 10:02 [PATCH] mips64: fix clobbering s0 in setjmp() [BZ #22624] Sergei Trofimovich
2017-12-18 17:24 ` Joseph Myers
2017-12-18 18:08 ` Sergei Trofimovich
2017-12-18 18:28 ` Joseph Myers
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).