From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-hacker-return-9465-listarch-libc-hacker=sources.redhat.com@sourceware.org>
Received: (qmail 10678 invoked by alias); 3 Nov 2008 12:45:53 -0000
Received: (qmail 10641 invoked by uid 22791); 3 Nov 2008 12:45:53 -0000
X-Spam-Check-By: sourceware.org
Received: from mtagate3.de.ibm.com (HELO mtagate3.de.ibm.com) (195.212.29.152)
    by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 03 Nov 2008 12:45:07 +0000
Received: from d12nrmr1607.megacenter.de.ibm.com (d12nrmr1607.megacenter.de.ibm.com [9.149.167.49])
	by mtagate3.de.ibm.com (8.13.8/8.13.8) with ESMTP id mA3Cj3Or192618
	for <libc-hacker@sources.redhat.com>; Mon, 3 Nov 2008 12:45:03 GMT
Received: from d12av02.megacenter.de.ibm.com (d12av02.megacenter.de.ibm.com [9.149.165.228])
	by d12nrmr1607.megacenter.de.ibm.com (8.13.8/8.13.8/NCO v9.1) with ESMTP id mA3CixYC1233054
	for <libc-hacker@sources.redhat.com>; Mon, 3 Nov 2008 13:45:00 +0100
Received: from d12av02.megacenter.de.ibm.com (loopback [127.0.0.1])
	by d12av02.megacenter.de.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id mA3Cixdv029022
	for <libc-hacker@sources.redhat.com>; Mon, 3 Nov 2008 13:44:59 +0100
Received: from [9.152.212.40] (dyn-9-152-212-40.boeblingen.de.ibm.com [9.152.212.40])
	by d12av02.megacenter.de.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id mA3Ciwp0029010
	for <libc-hacker@sources.redhat.com>; Mon, 3 Nov 2008 13:44:59 +0100
Subject: [PATCH] s390: fix stack frame handling in _dl_runtime_profile.
From: Martin Schwidefsky <schwidefsky@de.ibm.com>
Reply-To: schwidefsky@de.ibm.com
To: Glibc hackers <libc-hacker@sources.redhat.com>
Content-Type: text/plain
Date: Mon, 03 Nov 2008 12:45:00 -0000
Message-Id: <1225715759.24817.6.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.22.3.1 
Content-Transfer-Encoding: 7bit
Mailing-List: contact libc-hacker-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-hacker.sourceware.org>
List-Subscribe: <mailto:libc-hacker-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-hacker/>
List-Post: <mailto:libc-hacker@sourceware.org>
List-Help: <mailto:libc-hacker-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-hacker-owner@sourceware.org
X-SW-Source: 2008-11/txt/msg00000.txt.bz2

Greetings,
a code inspection done by Curtis Taylor found a problem with the stack
pointer handling in _dl_runtime_profile. The stack frame is created with
a "aghi %r15,-160" which is fine but it is removed by a "lr %r15,%r12".
If the stack pointer in %r15 crossed a 4GB boundary with the aghi then
the stack will be off by 4GB after the lr. Not likely to happen but fatal
for the application if it does.

-- 
blue skies,
  Martin.

"Reality continues to ruin my life." - Calvin.
--

2008-11-03  Martin Schwidefsky  <schwidefsky@de.ibm.com>

	* sysdeps/s390/s390-64/dl-trampoline.S: use the correct instruction
	to remove the stack frame in _dl_runtime_profile.

diff -urpN libc/sysdeps/s390/s390-64/dl-trampoline.S libc-s390/sysdeps/s390/s390-64/dl-trampoline.S
--- libc/sysdeps/s390/s390-64/dl-trampoline.S	2005-07-11 10:54:40.000000000 +0200
+++ libc-s390/sysdeps/s390/s390-64/dl-trampoline.S	2008-11-03 13:24:03.000000000 +0100
@@ -91,7 +91,7 @@ _dl_runtime_profile:
 	ld     %f4,120(%r12)
 	ld     %f6,128(%r12)
 	basr   %r14,%r1			# call resolved function
-0:	lr     %r15,%r12		# remove stack frame
+0:	lgr    %r15,%r12		# remove stack frame
 	cfi_def_cfa_register (15)
 	lg     %r14,32(%r15)		# restore registers
 	lg     %r12,24(%r15)