From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-stable-return-876-listarch-libc-stable=sourceware.org@sourceware.org>
Received: (qmail 64623 invoked by alias); 3 Jan 2019 15:03:50 -0000
Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:libc-stable@sourceware.org>
List-Help: <mailto:libc-stable-help@sourceware.org>
List-Subscribe: <mailto:libc-stable-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-stable/>
Sender: libc-stable-owner@sourceware.org
Received: (qmail 64606 invoked by uid 89); 3 Jan 2019 15:03:47 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Checked: by ClamAV 0.100.2 on sourceware.org
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LAZY_DOMAIN_SECURITY autolearn=ham version=3.3.2 spammy=trick, exchange, assisted
X-Spam-Status: No, score=-25.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LAZY_DOMAIN_SECURITY autolearn=ham version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org
X-Spam-Level:
X-HELO: hall.aurel32.net
Received: from hall.aurel32.net (HELO hall.aurel32.net) (163.172.24.10) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 03 Jan 2019 15:03:44 +0000
Received: from [78.30.4.160] (helo=ohm.local)	by hall.aurel32.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)	(Exim 4.89)	(envelope-from <aurelien@aurel32.net>)	id 1gf4X8-0001t3-JV; Thu, 03 Jan 2019 16:03:42 +0100
Received: from aurel32 by ohm.local with local (Exim 4.91)	(envelope-from <aurelien@aurel32.net>)	id 1gf4X1-0006c7-JH; Thu, 03 Jan 2019 16:03:35 +0100
From: Aurelien Jarno <aurelien@aurel32.net>
To: libc-stable@sourceware.org
Cc: Aurelien Jarno <aurelien@aurel32.net>
Subject: [2.28 COMMITTED] ARM: fix kernel assisted atomics with GCC 8 (bug 24034)
Date: Tue, 01 Jan 2019 00:00:00 -0000
Message-Id: <20190103150322.25360-1-aurelien@aurel32.net>
X-Mailer: git-send-email 2.19.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-IsSubscribed: yes
X-SW-Source: 2019-01/txt/msg00012.txt.bz2

The pre-ARMv7 CPUs are missing atomic compare and exchange and/or
barrier instructions. Therefore those are implemented using kernel
assistance, calling a kernel function at a specific address, and passing
the arguments in the r0 to r4 registers. This is done by specifying
registers for local variables. The a_ptr variable is placed in the r2
register and declared with __typeof (mem). According to the GCC
documentation on local register variables, if mem is a constant pointer,
the compiler may substitute the variable with its initializer in asm
statements, which may cause the corresponding operand to appear in a
different register.

This happens in __libc_start_main with the pointer to the thread counter
for static binaries (but not the shared ones):

  # ifdef SHARED
        unsigned int *ptr = __libc_pthread_functions.ptr_nthreads;
  #  ifdef PTR_DEMANGLE
        PTR_DEMANGLE (ptr);
  #  endif
  # else
        extern unsigned int __nptl_nthreads __attribute ((weak));
        unsigned int *const ptr = &__nptl_nthreads;
  # endif

This causes static binaries using threads to crash when the GNU libc is
built with GCC 8 and most notably tst-cancel21-static.

To fix that, use the same trick than for the volatile qualifier,
defining a_ptr as a union.

Changelog:
	[BZ #24034]
	* sysdeps/unix/sysv/linux/arm/atomic-machine.h
	(__arm_assisted_compare_and_exchange_val_32_acq): Use uint32_t rather
	than __typeof (...) for the a_ptr variable.
(cherry picked from commit fe20bb1d6084bbf38fef587b0fb33eb6257cc1ed)
---
 ChangeLog                                    |  7 +++++++
 NEWS                                         |  1 +
 sysdeps/unix/sysv/linux/arm/atomic-machine.h | 18 +++++++++++++-----
 3 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 967050e2c9..54b37a6ccf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2019-01-02  Aurelien Jarno  <aurelien@aurel32.net>
+
+	[BZ #24034]
+	* sysdeps/unix/sysv/linux/arm/atomic-machine.h
+	(__arm_assisted_compare_and_exchange_val_32_acq): Use uint32_t rather
+	than __typeof (...) for the a_ptr variable.
+
 2018-12-31  H.J. Lu  <hongjiu.lu@intel.com>
 
 	[BZ #24022]
diff --git a/NEWS b/NEWS
index 388ac09060..13b8795e6e 100644
--- a/NEWS
+++ b/NEWS
@@ -31,6 +31,7 @@ The following bugs are resolved with this release:
   [24018] gettext may return NULL
   [24022] riscv may lack <asm/syscalls.h>
   [24027] malloc: Integer overflow in realloc
+  [24034] tst-cancel21-static fails with SIGBUS on pre-ARMv7 when using GCC 8
 
 Security related changes:
 
diff --git a/sysdeps/unix/sysv/linux/arm/atomic-machine.h b/sysdeps/unix/sysv/linux/arm/atomic-machine.h
index ad165274d8..a5d244e65e 100644
--- a/sysdeps/unix/sysv/linux/arm/atomic-machine.h
+++ b/sysdeps/unix/sysv/linux/arm/atomic-machine.h
@@ -49,16 +49,23 @@
    declarations of A_OLDVAL et al because when NEWVAL or OLDVAL is of the
    form *PTR and PTR has a 'volatile ... *' type, then __typeof (*PTR) has
    a 'volatile ...' type and this triggers -Wvolatile-register-var to
-   complain about 'register volatile ... asm ("reg")'.  */
+   complain about 'register volatile ... asm ("reg")'.
+
+   We use the same union trick in the declaration of A_PTR because when
+   MEM is of the from *PTR and PTR has a 'const ... *' type, then __typeof
+   (*PTR) has a 'const ...' type and this enables the compiler to substitute
+   the variable with its initializer in asm statements, which may cause the
+   corresponding operand to appear in a different register.  */
 #ifdef __thumb2__
 /* Thumb-2 has ldrex/strex.  However it does not have barrier instructions,
    so we still need to use the kernel helper.  */
 # define __arm_assisted_compare_and_exchange_val_32_acq(mem, newval, oldval) \
-  ({ union { __typeof (oldval) a; uint32_t v; } oldval_arg = { .a = (oldval) };\
+  ({ union { __typeof (mem) a; uint32_t v; } mem_arg = { .a = (mem) };       \
+     union { __typeof (oldval) a; uint32_t v; } oldval_arg = { .a = (oldval) };\
      union { __typeof (newval) a; uint32_t v; } newval_arg = { .a = (newval) };\
      register uint32_t a_oldval asm ("r0");				      \
      register uint32_t a_newval asm ("r1") = newval_arg.v;		      \
-     register __typeof (mem) a_ptr asm ("r2") = (mem);			      \
+     register uint32_t a_ptr asm ("r2") = mem_arg.v;			      \
      register uint32_t a_tmp asm ("r3");				      \
      register uint32_t a_oldval2 asm ("r4") = oldval_arg.v;		      \
      __asm__ __volatile__						      \
@@ -79,11 +86,12 @@
      (__typeof (oldval)) a_tmp; })
 #else
 # define __arm_assisted_compare_and_exchange_val_32_acq(mem, newval, oldval) \
-  ({ union { __typeof (oldval) a; uint32_t v; } oldval_arg = { .a = (oldval) };\
+  ({ union { __typeof (mem) a; uint32_t v; } mem_arg = { .a = (mem) };       \
+     union { __typeof (oldval) a; uint32_t v; } oldval_arg = { .a = (oldval) };\
      union { __typeof (newval) a; uint32_t v; } newval_arg = { .a = (newval) };\
      register uint32_t a_oldval asm ("r0");				      \
      register uint32_t a_newval asm ("r1") = newval_arg.v;		      \
-     register __typeof (mem) a_ptr asm ("r2") = (mem);			      \
+     register uint32_t a_ptr asm ("r2") = mem_arg.v;			      \
      register uint32_t a_tmp asm ("r3");				      \
      register uint32_t a_oldval2 asm ("r4") = oldval_arg.v;		      \
      __asm__ __volatile__						      \
-- 
2.19.2