From patchwork Thu Apr  8 17:47:24 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Szabolcs Nagy <szabolcs.nagy@arm.com>
X-Patchwork-Id: 42932
Return-Path: <libc-alpha-bounces@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 3015F3947C00;
	Thu,  8 Apr 2021 17:47:46 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3015F3947C00
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1617904066;
	bh=Ad8A97QFVJo7ncK3wOmxlhBWtX2Ez2AxLFaMpzAvtzE=;
	h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=Bv5gORUp7L2tJSrI2hnauaSTqfcpC0X/PBQ7rW8GjEP9yJj5l3oTOkj+VJiJQD9S/
	 9eYqPeuYJvdyMMbKiKUcxZRrmFSc6P8pP4OGboRoVl15vRPDWHswrIaFieotQljcGD
	 5wTEZ7Bb8MZxnydW5xmhBrmcPFsq5rWKiX3ZcZlQ=
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from EUR04-VI1-obe.outbound.protection.outlook.com
 (mail-eopbgr80083.outbound.protection.outlook.com [40.107.8.83])
 by sourceware.org (Postfix) with ESMTPS id 8A1943945C38
 for <libc-alpha@sourceware.org>; Thu,  8 Apr 2021 17:47:42 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 8A1943945C38
Received: from DB6PR07CA0067.eurprd07.prod.outlook.com (2603:10a6:6:2a::29) by
 AM0PR08MB5490.eurprd08.prod.outlook.com (2603:10a6:208:184::23) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.18; Thu, 8 Apr
 2021 17:47:40 +0000
Received: from DB5EUR03FT007.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:6:2a:cafe::d4) by DB6PR07CA0067.outlook.office365.com
 (2603:10a6:6:2a::29) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4042.6 via Frontend
 Transport; Thu, 8 Apr 2021 17:47:40 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123)
 smtp.mailfrom=arm.com; sourceware.org; dkim=pass (signature was verified)
 header.d=armh.onmicrosoft.com;sourceware.org; dmarc=pass action=none
 header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 63.35.35.123 as permitted sender) receiver=protection.outlook.com;
 client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
 DB5EUR03FT007.mail.protection.outlook.com (10.152.20.148) with
 Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4020.17 via Frontend Transport; Thu, 8 Apr 2021 17:47:40 +0000
Received: ("Tessian outbound 9bcb3c8d6cb1:v90");
 Thu, 08 Apr 2021 17:47:40 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: a47bb9fae794eea9
X-CR-MTA-TID: 64aa7808
Received: from 4c277df67a6d.1
 by 64aa7808-outbound-1.mta.getcheckrecipient.com id
 29ABF5EC-3674-4F2B-BA5A-EA514928859E.1;
 Thu, 08 Apr 2021 17:47:33 +0000
Received: from EUR05-VI1-obe.outbound.protection.outlook.com
 by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id
 4c277df67a6d.1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
 Thu, 08 Apr 2021 17:47:33 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=D8qO+9H3Hm7981Zrok9+ra5iqFlegP/r1HWK9Dr+d6xCuVPG+J75cflCo/nBePmCX10UDnzKdlY6KLe0d9lF2hdTd1h8YJIv4jQZuru9vIVGpQ3ZG4vECJcUsT1V2aHzKJSH065SjZiMZbem9HGfl/t1rdgoPXuSGcbpyC1pbk+R+XysvCC8WMLZaNYNauiOrJHd5VZ/DTyQJEcI5XBud3cQPr7TEwNR+zuyl+8s/eCGBUEPghYBeSVLuRbWRYgSjETYrxaw8uaP3I/5YQsREgupPo2T8NgUw/uRjorlBgcEpttZ/8vckEfBIBfCypcC3QzX8Zk44olPBjB2mI4DuA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Ad8A97QFVJo7ncK3wOmxlhBWtX2Ez2AxLFaMpzAvtzE=;
 b=DuYeyOqIs0wNFBEYxa2h23bGQspPClVEMJQm8iwnZRYa8y3NHL2l/xrF2rSYyXyjFiXkD9CqPCNWFpgmeNe0xmR+VVVmpycj7dLLxxnTmF1vnAY2thFo8dBRJh7SdPOulHFYyx4TXAZbLb7LTZDKYMRScJLfHsWeXXrannRaU5hRIaWZinC4Rk33suI0xH4A7zSr7Eg1/UIDE6/nS/Ps49KLF+c/J7Gi3iABaWwaZi61NCBblPWo9EGqc8WkD8um4AgMUxzOB6UOsuzMmKjbC7zhH0ouLw0okFwtSvN3XOFf36/2kpedU9LoKcRblcm3eAbk2+GpU8S1iL6p+lB0RA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass
 header.d=arm.com; arc=none
Authentication-Results-Original: sourceware.org; dkim=none (message not
 signed) header.d=none;sourceware.org; dmarc=none action=none
 header.from=arm.com;
Received: from PA4PR08MB6320.eurprd08.prod.outlook.com (2603:10a6:102:e5::9)
 by PR3PR08MB5641.eurprd08.prod.outlook.com (2603:10a6:102:91::20) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4020.20; Thu, 8 Apr
 2021 17:47:32 +0000
Received: from PA4PR08MB6320.eurprd08.prod.outlook.com
 ([fe80::c99f:671d:bb2c:f20b]) by PA4PR08MB6320.eurprd08.prod.outlook.com
 ([fe80::c99f:671d:bb2c:f20b%7]) with mapi id 15.20.4020.017; Thu, 8 Apr 2021
 17:47:31 +0000
To: libc-alpha@sourceware.org
Subject: [PATCH] arm: Fix an incorrect check in ____longjmp_chk [BZ #27709]
Date: Thu,  8 Apr 2021 18:47:24 +0100
Message-Id: <20210408174724.19063-1-szabolcs.nagy@arm.com>
X-Mailer: git-send-email 2.17.1
X-Originating-IP: [217.140.106.54]
X-ClientProxiedBy: LO4P123CA0221.GBRP123.PROD.OUTLOOK.COM
 (2603:10a6:600:1a6::10) To PA4PR08MB6320.eurprd08.prod.outlook.com
 (2603:10a6:102:e5::9)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
Received: from localhost.localdomain (217.140.106.54) by
 LO4P123CA0221.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:1a6::10) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.3999.32 via Frontend Transport; Thu, 8 Apr 2021 17:47:31 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 217bfcce-db66-4a0e-7cdd-08d8fab667f3
X-MS-TrafficTypeDiagnostic: PR3PR08MB5641:|AM0PR08MB5490:
X-Microsoft-Antispam-PRVS: 
 <AM0PR08MB5490310B91AF0311FB861CFCED749@AM0PR08MB5490.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
NoDisclaimer: true
X-MS-Oob-TLC-OOBClassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 
 zU60A+6tIgQs3EJAtm9E3YwATPfWKWgDgpbojqsa40yvg/L1oHWZ2XtdIpk/FmIEyeERHvjF3SxE9L4eAxflgLceo/Xq58AgdVZeTr9LoMXYwcPqJax/WPiyl+dmboX8MSEVD70n7p9HftEklxrU/5LTZWl4wi2P/r/b48DL6hESb7cnI9cw5zxzE9K3fRckz5GkbJ2W5bAbJmAs9evFnHnq7Y/tuOwOL56wvrRXOVuVpGIkIp6RZVZpDS2r8zR03k1HlFZu1/pAT2T4z3T7kWNGlYVcX85985oMntJl8rkf4+AEv81mx4UzCLE5RcsqzP2kxiatd+I3nJ62xLyfPHHPLaanqRYjcC6qFQk7lre91HH9jVrzIGai80GOl7WW4pqBAT5+xzTanDeDEMAln5xoJ5/iN5ys2CXX74b+10iXKXLL3vngwKQcY5kNXtwYl/khZaNQKqO+ggFtyzXQvxvpfsTnZjuMflkV4y9UB0LSynfZFWIjwPO/Ina79dPAqsDxqzHaiXM8lGWx1auAoV3v3SADUnECcqfAIXEUfPR1Rf/mRhbqwrouTLpgm57KkfhydUX0tqz+r5P52T+zzJqMoAmhsbLYzrRulHXcoEpiykpRx1X5sI8BXTF+pimAqM2T6KdCDfTF7GmpDCelopLRMZTyuqmQSaM8cOeUzj1KPs1ubgFnu67JOtW5edKrYwMIGbdYE/RGJydmivL/Z4GeINKONljHuQEJsZiA75ewv1CnYFqTN97p8fuvPwQk
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
 SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PA4PR08MB6320.eurprd08.prod.outlook.com;
 PTR:; CAT:NONE;
 SFS:(4636009)(366004)(136003)(39850400004)(396003)(376002)(346002)(66556008)(38350700001)(38100700001)(2616005)(1076003)(66946007)(66476007)(69590400012)(5660300002)(186003)(16526019)(26005)(2906002)(86362001)(478600001)(83380400001)(6506007)(36756003)(316002)(8936002)(6486002)(8676002)(6916009)(44832011)(6512007)(52116002)(956004)(6666004)(101420200003);
 DIR:OUT; SFP:1101;
X-MS-Exchange-AntiSpam-MessageData: 
 474jCY38hq0H1EJx6/3XMbOuUoYJM2QE2sFy2Rj8eNExddf88rV90m7Z3O8m8TEmBorcPLlTFnrfnxXHm8rBL0mvTTKktWwCkJ2ZdbK5GKwgfJwy1ndmm8POPWwHNCarcGoQoMr1V3YwOn1C/KafrZ9+Zzk0KGgghtq616t4U7aVJK4a/T6tjBXZYeNDEqLjNOQfHSvvqSNrdfVk7rm/t+JJ2yqkDjvpfdNrpJmUU/7dPOd7nzYsM6G7VqvxWP+f90j1LS8W2ouLk3cdC8VEPrCIBB7HPOyhMKeeFhfsvMuLkJKjtY2a/jyRtRTROgKOlG6L3dUXrurfsmdNw6PDl98CCaxq+0GxmGwC1TVE5F30JDObec7bncCeIMHNhahkji8/p+C1Q6Q1yAOaZ3v9sP8u9SMwqsv1BcWrwDN2uUouaE0AMP2qAGpeLtkZ4LPVmxh0eSzk2v6rEUMLr9d3sNjkWvj0raVYHZ1XBJ/kU5lZDFpc8U+nqQFkLIgQsAi/XAt9Rl3OBCcQojimmXq9wbms1lZJ0QyvjppbqZSarRMU4Wow9p/v/NxHkG/LoFlXCPfLhLyazF6oBgGmfdOY9ijBZVfznXc67AVCWDlIUn+ly1U8CWJMAe86BqzSdqTVrLSmQ2vnMg0KKnzJOuGV5+TkxSxyqM3qVZsLsYbJEJN/rNG24QYQ87FkmnoUZI2nN2Gk8gPdXoxwSrAva2PhEahubjKJKZ+ZqRmhcSvLVsQyBxz6BRUnRYKkk6aOR9OVBSNboocz67vsSC42Ya5oc0/AzFToR66H6/gfC1fch7COzZnAc/N4Crex/CBROwe8rLgGVx6SWGH/p6pvdbp2yeTbieNSGDnpY7FIvcRpszHAmDMKPI1GjW9+hvLLnOLesRx0X7QrVz6Muh3sTyGgiC9+2kKvfbSc57L6oZFxoLg0MUWifnfr1Q7bTkcCOvY/j8wpvOs31Suhp3/fiUwrkvM52LOtYOtoRuEas1ysWmUtPR/4BqOMWa3LtuDWzMhmFwWNj7qrbFElnmWbBqGw6yl4TBSrwBJc0c7VjA4eYDySYnbvFO66zoPWz3qafkp/cOq78mVvzCRpfCwojGP3jH963TG8mS+ACgwaAO6awG2sQuKDM1K9vxGdB7Jv5Lpu/pMvieZfhSqj+5EhpnifXM1KxeU5NucPCZzq76axjCCrEwSMVEqIkN3RmYMWIfapU+034+8t4tCt//bf9benJLubMvJHZTWK2KlPUif4GbsX0mh67ImM2mr4Z1lAe9qfAyzvQ8wgGKIw7hSieFicwZyYI1iZGQszwMQ0UK9xd49evx+m8iaCUk5h0BFHs5M6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR08MB5641
Original-Authentication-Results: sourceware.org;
 dkim=none (message not signed)
 header.d=none; sourceware.org;
 dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: 
 DB5EUR03FT007.eop-EUR03.prod.protection.outlook.com
X-MS-Office365-Filtering-Correlation-Id-Prvs: 
 2d19b2e8-e5f2-4897-4bb3-08d8fab66249
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 Qii4T4QZ0MjDiMRwbXyjY6Q5LKLjnDix/b2uvhABjuypzrz8AtRES0FHDGHsun8f3lcGx/P8TDpYdkU2ElUp6QjcbbpbnDya65WqxdRqJqafdFn24MrDIMwNMyYVnI6feZ501ObSCjXSjl3PSLcq5UVhK36wCqEVAgdSfePbjhsUyXlhtIQ5W7vjlwsg2dD4OABEjwPS014lRuAlH6VUj9+McYpGaaEGtsDrxq+xag4YGohgVLlhNDE4dG+VX7ClOoOYq35YkCVAOi3s39NBxic59oomxPjDgnOyGaFtIswW8kh1lC/SamUh5GBscT41GtqmXf9qsJ9hm/++yp+YAORt0mOnU72I7y/cVByl4/6q2X1qwr5rTUw9oYBXkNvtC/MCg71sBwGvmStLVyl+q0WqyBP4yRsy70wePk4qalspDvT3G2rtvHmvhyflm+9R5+as4AiSKnjlRnUKxu3ZSrmFw1xGPap0W2fzUqEhZeTbS7X5VHiFjp9wt4qNRC9OBAB45rbUvRyCNZC6LFOt+fM/61DE/9v7VI8cacke4hR/FfG8VXNgN7lCt90p57447AqC9a5C0STg4HktAOrK4b83PPKpw6xdC8Qh5P6gDztZGy1cnZkDOCvJKw6WGfOSp2FCcKdeIId5KuQJmVOvJuQ/ujtnNXrNufm7uHSVx1JXxih/d4ouHSbqg8aXxtNmywXBE73dRKVfaPCUaqbD2RdTwYOYezkTA894kx0CZFU=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:;
 IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com;
 PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE;
 SFS:(4636009)(396003)(136003)(376002)(39850400004)(346002)(36840700001)(46966006)(186003)(8676002)(16526019)(69590400012)(36756003)(82740400003)(8936002)(26005)(478600001)(6916009)(86362001)(316002)(2906002)(6512007)(6506007)(36860700001)(44832011)(5660300002)(6666004)(47076005)(1076003)(81166007)(83380400001)(336012)(82310400003)(356005)(956004)(2616005)(70586007)(6486002)(70206006)(101420200003);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Apr 2021 17:47:40.7857 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 217bfcce-db66-4a0e-7cdd-08d8fab667f3
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123];
 Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DB5EUR03FT007.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB5490
X-Spam-Status: No, score=-14.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, GIT_PATCH_0, MSGID_FROM_MTA_HEADER, RCVD_IN_DNSWL_LOW,
 RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP,
 UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-Patchwork-Original-From: Szabolcs Nagy via Libc-alpha
 <libc-alpha@sourceware.org>
From: Szabolcs Nagy <szabolcs.nagy@arm.com>
Reply-To: Szabolcs Nagy <szabolcs.nagy@arm.com>
Errors-To: libc-alpha-bounces@sourceware.org
Sender: "Libc-alpha" <libc-alpha-bounces@sourceware.org>

An incorrect check in __longjmp_chk could fail on valid code causing

FAIL: debug/tst-longjmp_chk2

The original check was

  altstack_sp + altstack_size - setjmp_sp > altstack_size

i.e. sp at setjmp was outside of the altstack range. Here we know that
longjmp is called from a signal handler on the altstack (SS_ONSTACK),
and that it jumps in the wrong direction (sp decreases), so the check
wants to ensure the jump goes to another stack.

The check is wrong when altstack_sp == setjmp_sp which can happen
when the altstack is a local buffer in the function that calls setjmp,
so the patch allows == too. This fixes bug 27709.

Note that the generic __longjmp_chk check seems to be different.
(it checks if longjmp was on the altstack but does not check setjmp,
so it would not catch incorrect longjmp use within the signal handler).
---
 sysdeps/unix/sysv/linux/arm/____longjmp_chk.S | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sysdeps/unix/sysv/linux/arm/____longjmp_chk.S b/sysdeps/unix/sysv/linux/arm/____longjmp_chk.S
index 7f35b4da7e..a26315b7cf 100644
--- a/sysdeps/unix/sysv/linux/arm/____longjmp_chk.S
+++ b/sysdeps/unix/sysv/linux/arm/____longjmp_chk.S
@@ -72,8 +72,8 @@ longjmp_msg:
 	ldr	r3, [sp, #8];			\
 	add	r2, r2, r3;			\
 	sub	r2, r2, reg;			\
-	cmp	r2, r3;				\
-	bhi	.Lok2;				\
+	cmp	r3, r2;				\
+	bls	.Lok2;				\
 .Lfail:						\
 	add	sp, sp, #12;			\
 	cfi_adjust_cfa_offset (-12);		\