mips64: fix clobbering s0 in setjmp() [BZ #22624]

When configured as --enable-stack-protector=all glibc inserts stack checking canary into every function including __sigsetjmp_aux(). Stack checking code ends up using s0 register to temporary hold address of global canary value. Unfortunately __sigsetjmp_aux assumes no caller' caller-save registers should be clobbered as it stores them as-is. The fix is to disable stack protection of __sigsetjmp_aux. Tested on the following test: #include <setjmp.h> #include <stdio.h> int main() { jmp_buf jb; volatile register long s0 asm ("$s0"); s0 = 1234; if (setjmp(jb) == 0) longjmp(jb, 1); printf ("$s0 = %lu\n", s0); } Without the fix: $ qemu-mipsn32 -L . ./mips-longjmp-bug $s0 = 1082346228 With the fix: $ qemu-mipsn32 -L . ./mips-longjmp-bug $s0 = 1234 [BZ #22624] * sysdeps/mips/mips64/setjmp_aux.c (__sigsetjmp_aux): Use inhibit_stack_protector.
2017-12-18 17:23:02 +00:00 · 2017-12-18 17:23:02 +00:00 · 368b6c8da9
parent c8e939f12a
commit 368b6c8da9
2 changed files with 11 additions and 0 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+2017-12-18  Sergei Trofimovich  <slyfox@gentoo.org>
+
+	[BZ #22624]
+	* sysdeps/mips/mips64/setjmp_aux.c (__sigsetjmp_aux): Use
+	inhibit_stack_protector.
+
 2017-12-18  Dmitry V. Levin  <ldv@altlinux.org>

 	[BZ #22627]
--- a/sysdeps/mips/mips64/setjmp_aux.c
+++ b/sysdeps/mips/mips64/setjmp_aux.c
@ -24,7 +24,12 @@
   pointer.  We do things this way because it's difficult to reliably
   access them in C.  */

+/* Stack protection is disabled to avoid changing s0 (or any other
+   caller-save register) before storing it to environment.
+   See BZ #22624.  */
+
 int
+inhibit_stack_protector
 __sigsetjmp_aux (jmp_buf env, int savemask, long long sp, long long fp,
 		 long long gp)
 {