From patchwork Sat Mar 16 14:32:34 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Florian Weimer <fweimer@redhat.com>
X-Patchwork-Id: 87269
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 9E7DF3858413
	for <patchwork@sourceware.org>; Sat, 16 Mar 2024 14:33:16 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
 by sourceware.org (Postfix) with ESMTPS id 5091A3858D37
 for <libc-alpha@sourceware.org>; Sat, 16 Mar 2024 14:32:44 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5091A3858D37
Authentication-Results: sourceware.org;
 dmarc=pass (p=none dis=none) header.from=redhat.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5091A3858D37
Authentication-Results: server2.sourceware.org;
 arc=none smtp.remote-ip=170.10.133.124
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1710599574; cv=none;
 b=w9BVscTIU8apQKMLe29JQ7brl2uCKaIoDl+06KXJ8v97EJTLXztoWcyIG+EsURhs/nKSmaODmCsQdShfrLLZPDrXPjJnEQ3sBtTcAVK1zTQEO51pSwg6iEVBKNpYQ0Tn3m43rJd+LRneoPEC2OjlJnMbWcNxARjbiQB+YNAWiXw=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
 t=1710599574; c=relaxed/simple;
 bh=/iqDfWbrBlfDC32GXtE5RVt/LcqdUKs/Ru3LznGl24g=;
 h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;
 b=ddq/vqOoq4Fn7h9ucl10mQ41V8jIcbaku5d5HgRSCDvRkClzxMaK2B8+s46v4++6GOle+o0Mq8/OArqH9vYCsb6C92qDbtj74i/QbQUQ7OnLXuTks+NJOh9nBDOtDKRLUwsp6XBGrj1bH6rLv2Ks40IBGWarsCjIytT5vo6vt/U=
ARC-Authentication-Results: i=1; server2.sourceware.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1710599563;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type;
 bh=Fv4nnZB5grv8YC7ch8UOw1GFemxQ4aVZjAQ0IjayAx0=;
 b=LogRiEFNinZcTs1sIROmWhfPj47KnkfR/pgemo/umVaPFOFOr7HD1lnFo6VB9uCQUhVIo2
 NtmXm/Vbu4mfViscX0UwJ39LFllTVK+L9EwnRNdIqD00gq3cm59rsvOd0WzTpp4iQdTzsk
 MtRylU5wb7PMWlBQTeQcicer/vlAT1o=
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-582-l3eKEoiOPqC7Mb9UpHOr8Q-1; Sat, 16 Mar 2024 10:32:41 -0400
X-MC-Unique: l3eKEoiOPqC7Mb9UpHOr8Q-1
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
 [10.11.54.9])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id BB6F2856D23
 for <libc-alpha@sourceware.org>; Sat, 16 Mar 2024 14:32:40 +0000 (UTC)
Received: from oldenburg.str.redhat.com (unknown [10.39.192.38])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 24205492BC6
 for <libc-alpha@sourceware.org>; Sat, 16 Mar 2024 14:32:40 +0000 (UTC)
From: Florian Weimer <fweimer@redhat.com>
To: libc-alpha@sourceware.org
Subject: [PATCH] x86-64: Stack alignment in _dl_tlsdesc_dynamic and red zone
 usage (bug 31501)
Date: Sat, 16 Mar 2024 15:32:34 +0100
Message-ID: <878r2ifdrx.fsf@oldenburg.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.3 (gnu/linux)
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.9
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
X-Spam-Status: No, score=-10.9 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0,
 RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE,
 SPF_NONE, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org

In sysdeps/x86_64/dl-tlsdesc-dynamic.h, the stack pointer is
realigned for some variants (notably _dl_tlsdesc_dynamic_xsavec).
This realignment does not take into account that the function has
already used part of the red zone at this point, thus clobbering
the initally saved register values located there if the stack
alignment inherited from the caller is unfortunate.

(Note: I do not know to write a good test case for this in the existing
framework.  We saw this as a random LTO plugin crash when building GCC
with -mtls-dialect=gnu2.  The existing tests on pass on x86_64-linux-gnu
with this change here.)
---
 sysdeps/x86_64/dl-tlsdesc-dynamic.h | 4 ++++
 1 file changed, 4 insertions(+)


base-commit: 5ebc24f785dc0dff494a93ca82a369497c3cdc68

diff --git a/sysdeps/x86_64/dl-tlsdesc-dynamic.h b/sysdeps/x86_64/dl-tlsdesc-dynamic.h
index 9f02cfc3eb..8e49e7eece 100644
--- a/sysdeps/x86_64/dl-tlsdesc-dynamic.h
+++ b/sysdeps/x86_64/dl-tlsdesc-dynamic.h
@@ -83,6 +83,8 @@ _dl_tlsdesc_dynamic:
 2:
 #if DL_RUNTIME_RESOLVE_REALIGN_STACK
 	movq	%rbx, -24(%rsp)
+	subq    $24, %rsp
+	cfi_adjust_cfa_offset(24)
 	mov	%RSP_LP, %RBX_LP
 	cfi_def_cfa_register(%rbx)
 	and	$-STATE_SAVE_ALIGNMENT, %RSP_LP
@@ -153,6 +155,8 @@ _dl_tlsdesc_dynamic:
 #if DL_RUNTIME_RESOLVE_REALIGN_STACK
 	mov	%RBX_LP, %RSP_LP
 	cfi_def_cfa_register(%rsp)
+	addq    $24, %rsp
+	cfi_adjust_cfa_offset(-24)
 	movq	-24(%rsp), %rbx
 	cfi_restore(%rbx)
 #else