James Le Cuirot reports that glibc-2.28 for m68k-unknown-linux-gnu when built with --enable-stack-protector=all setjmp()/longjmp() breaks 'dash -c exit'. Here is the minimal reproducer or a failure (dash's 'exit' uses 'longjmp'): // cat m68k-longjmp-bug.c #include <setjmp.h> #include <stdio.h> int main() { jmp_buf jb; volatile register int r asm ("a2"); r = 0x1234; if (setjmp(jb) == 0) longjmp(jb, 1); printf ("r = %x\n", r); } $ m68k-unknown-linux-gnu-gcc m68k-longjmp-bug.c -fstack-protector-all -o a && ./a *** stack smashing detected ***: <unknown> terminated The bug is very similar in nature to https://sourceware.org/PR22624 where setjmp() was written in C and inserted by compiler canary clobbered to-be-saved register. This fix is enough to make the example work: --- a/sysdeps/m68k/setjmp.c +++ b/sysdeps/m68k/setjmp.c @@ -17,10 +17,11 @@ #include <setjmp.h> /* Save the current program position in ENV and return 0. */ int +inhibit_stack_protector #if defined BSD_SETJMP # undef setjmp # define savemask 1 setjmp (jmp_buf env) #elif defined BSD__SETJMP
Created attachment 11602 [details] 0001-m68k-fix-clobbering-a5-in-setjmp-BZ-24202.patch Attached patch and sent to ML for review as: https://sourceware.org/ml/libc-alpha/2019-02/msg00243.html
Fixed in master: commit 6eb7e1da0e805e2893a0b70a5813641529d8c7e2 (HEAD -> master) Author: Sergei Trofimovich <slyfox@gentoo.org> Date: Mon Dec 21 10:24:34 2020 +0530 m68k: fix clobbering a5 in setjmp() [BZ #24202] setjmp() uses C code to store current registers into jmp_buf environment. -fstack-protector-all places canary into setjmp() prologue and clobbers 'a5' before it gets saved. The change inhibits stack canary injection to avoid clobber.