This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH] mips64: fix clobbering s0 in setjmp() [BZ #22624]
- From: Sergei Trofimovich <slyich at gmail dot com>
- To: libc-alpha at sourceware dot org, Joseph Myers <jsm28 at gcc dot gnu dot org>
- Cc: Sergei Trofimovich <slyfox at gentoo dot org>
- Date: Sun, 17 Dec 2017 10:01:44 +0000
- Subject: [PATCH] mips64: fix clobbering s0 in setjmp() [BZ #22624]
- Authentication-results: sourceware.org; auth=none
From: Sergei Trofimovich <slyfox@gentoo.org>
When configured as --enable-stack-protector=all glibc
inserts stack checking canary into every function
including __sigsetjmp_aux(). Stack checking code
ends up using s0 register to temporary hold address
of global canary value.
Unfortunately __sigsetjmp_aux assumes no caller' caller-save
registers should be clobbered as it stores them as-is.
The fix is to disable stack protection of __sigsetjmp_aux.
Tested on the following test:
#include <setjmp.h>
#include <stdio.h>
int main() {
jmp_buf jb;
volatile register long s0 asm ("$s0");
s0 = 1234;
if (setjmp(jb) == 0)
longjmp(jb, 1);
printf ("$s0 = %lu\n", s0);
}
Without the fix:
$ qemu-mipsn32 -L . ./mips-longjmp-bug
$s0 = 1082346228
With the fix:
$ qemu-mipsn32 -L . ./mips-longjmp-bug
$s0 = 1234
Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
---
sysdeps/mips/mips64/setjmp_aux.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/sysdeps/mips/mips64/setjmp_aux.c b/sysdeps/mips/mips64/setjmp_aux.c
index b43c36a7d5..43fffc74bf 100644
--- a/sysdeps/mips/mips64/setjmp_aux.c
+++ b/sysdeps/mips/mips64/setjmp_aux.c
@@ -24,7 +24,12 @@
pointer. We do things this way because it's difficult to reliably
access them in C. */
+/* Stack protection is disabled to avoid changing s0 (or any other
+ caller-save register) before storing it to environment.
+ See BZ #22624. */
+
int
+inhibit_stack_protector
__sigsetjmp_aux (jmp_buf env, int savemask, long long sp, long long fp,
long long gp)
{
--
2.15.1