This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.26.9000-998-g368b6c8
- From: jsm28 at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 18 Dec 2017 17:23:52 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.26.9000-998-g368b6c8
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 368b6c8da9f8ae453f5d70f8a62dbf3f1b6d5995 (commit)
from c8e939f12a4fce3bb09a8c4818629ccf76c8658c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=368b6c8da9f8ae453f5d70f8a62dbf3f1b6d5995
commit 368b6c8da9f8ae453f5d70f8a62dbf3f1b6d5995
Author: Sergei Trofimovich <slyfox@gentoo.org>
Date: Mon Dec 18 17:23:02 2017 +0000
mips64: fix clobbering s0 in setjmp() [BZ #22624]
When configured as --enable-stack-protector=all glibc
inserts stack checking canary into every function
including __sigsetjmp_aux(). Stack checking code
ends up using s0 register to temporary hold address
of global canary value.
Unfortunately __sigsetjmp_aux assumes no caller' caller-save
registers should be clobbered as it stores them as-is.
The fix is to disable stack protection of __sigsetjmp_aux.
Tested on the following test:
#include <setjmp.h>
#include <stdio.h>
int main() {
jmp_buf jb;
volatile register long s0 asm ("$s0");
s0 = 1234;
if (setjmp(jb) == 0)
longjmp(jb, 1);
printf ("$s0 = %lu\n", s0);
}
Without the fix:
$ qemu-mipsn32 -L . ./mips-longjmp-bug
$s0 = 1082346228
With the fix:
$ qemu-mipsn32 -L . ./mips-longjmp-bug
$s0 = 1234
[BZ #22624]
* sysdeps/mips/mips64/setjmp_aux.c (__sigsetjmp_aux): Use
inhibit_stack_protector.
diff --git a/ChangeLog b/ChangeLog
index d290d60..4a71643 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-12-18 Sergei Trofimovich <slyfox@gentoo.org>
+
+ [BZ #22624]
+ * sysdeps/mips/mips64/setjmp_aux.c (__sigsetjmp_aux): Use
+ inhibit_stack_protector.
+
2017-12-18 Dmitry V. Levin <ldv@altlinux.org>
[BZ #22627]
diff --git a/sysdeps/mips/mips64/setjmp_aux.c b/sysdeps/mips/mips64/setjmp_aux.c
index b43c36a..43fffc7 100644
--- a/sysdeps/mips/mips64/setjmp_aux.c
+++ b/sysdeps/mips/mips64/setjmp_aux.c
@@ -24,7 +24,12 @@
pointer. We do things this way because it's difficult to reliably
access them in C. */
+/* Stack protection is disabled to avoid changing s0 (or any other
+ caller-save register) before storing it to environment.
+ See BZ #22624. */
+
int
+inhibit_stack_protector
__sigsetjmp_aux (jmp_buf env, int savemask, long long sp, long long fp,
long long gp)
{
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 6 ++++++
sysdeps/mips/mips64/setjmp_aux.c | 5 +++++
2 files changed, 11 insertions(+), 0 deletions(-)
hooks/post-receive
--
GNU C Library master sources