From patchwork Sun Dec 17 10:01:44 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sergei Trofimovich X-Patchwork-Id: 24979 Received: (qmail 13313 invoked by alias); 17 Dec 2017 10:02:25 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 13295 invoked by uid 89); 17 Dec 2017 10:02:25 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00, FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.2 spammy=HTo:U*jsm28, Hx-languages-length:1578, s0 X-HELO: mail-wr0-f196.google.com X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=eT0mf4tewo42tbXNOuRhPYL0+moq9mxDsyx4t7HKA/I=; b=AqK7UMT7ROBYMGvoMldBqH1vS7k6oY9kPZ/Kc1YZOVpxrbHSYE0QOnOVDap/NAOeQ3 oflST1ZxFEXrOwNfi+nv24X59NXxBbiVRqbJm9w+/jSz5tXenJBH70EFL7ZxVh0NHFvI apjX2gWsfYp15zDIvyRlk957Ahkp4+FBslz5uHfNq+heGcbSh1jlUkzjd9nxynlSE8nB TiCxu7lZgGicrsnFjGUR1ERtBnfIij3txmWlc9dH5SQenS5P6fpYYfdl0LotB+N3FXsg Fqktl+xyFv2YdjzHEmX5a15tGy16kFTVmDgqFzkpFFKaov8FCOfsm5t1Lsn8+rkyjlR2 drrw== X-Gm-Message-State: AKGB3mIWa9+Ro7R7To7KqxTrnqsg+884r9aHtcuW0Q0eMYQLhM6ZACV+ L1VN65FywQ6lbvxluF/lqUmmgw== X-Google-Smtp-Source: ACJfBosspQzm26olGpy7UXGs5ikbr01zDbEpo79fe8yLcErvQtcVp6S/41X3IWMtntb5OwIfW3d6PQ== X-Received: by 10.223.177.217 with SMTP id r25mr2628558wra.191.1513504941693; Sun, 17 Dec 2017 02:02:21 -0800 (PST) From: Sergei Trofimovich To: libc-alpha@sourceware.org, Joseph Myers Cc: Sergei Trofimovich Subject: [PATCH] mips64: fix clobbering s0 in setjmp() [BZ #22624] Date: Sun, 17 Dec 2017 10:01:44 +0000 Message-Id: <20171217100144.27689-1-slyich@gmail.com> From: Sergei Trofimovich When configured as --enable-stack-protector=all glibc inserts stack checking canary into every function including __sigsetjmp_aux(). Stack checking code ends up using s0 register to temporary hold address of global canary value. Unfortunately __sigsetjmp_aux assumes no caller' caller-save registers should be clobbered as it stores them as-is. The fix is to disable stack protection of __sigsetjmp_aux. Tested on the following test: #include #include int main() { jmp_buf jb; volatile register long s0 asm ("$s0"); s0 = 1234; if (setjmp(jb) == 0) longjmp(jb, 1); printf ("$s0 = %lu\n", s0); } Without the fix: $ qemu-mipsn32 -L . ./mips-longjmp-bug $s0 = 1082346228 With the fix: $ qemu-mipsn32 -L . ./mips-longjmp-bug $s0 = 1234 Signed-off-by: Sergei Trofimovich --- sysdeps/mips/mips64/setjmp_aux.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sysdeps/mips/mips64/setjmp_aux.c b/sysdeps/mips/mips64/setjmp_aux.c index b43c36a7d5..43fffc74bf 100644 --- a/sysdeps/mips/mips64/setjmp_aux.c +++ b/sysdeps/mips/mips64/setjmp_aux.c @@ -24,7 +24,12 @@ pointer. We do things this way because it's difficult to reliably access them in C. */ +/* Stack protection is disabled to avoid changing s0 (or any other + caller-save register) before storing it to environment. + See BZ #22624. */ + int +inhibit_stack_protector __sigsetjmp_aux (jmp_buf env, int savemask, long long sp, long long fp, long long gp) {