diff options
| author | Mark Wielaard <mjw@redhat.com> | 2014-08-27 17:07:58 +0200 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2014-08-28 09:53:08 +0200 |
| commit | 9570bc53fcc11d3cfe028989e611266e8d55bd09 (patch) | |
| tree | b282e160fc7057dcb9b8a5ea9fa3f5c5fea73de7 /ChangeLog | |
| parent | b0f955c9ac70181532e93aa78c49c204c2a31dfd (diff) | |
i386 TLS_INIT_TP might produce bogus asm changing stack pointer [BZ #17319]
TLS_INIT_TP in sysdeps/i386/nptl/tls.h uses some hand written asm to
generate a set_thread_area that might result in exchanging ebx and esp
around the syscall causing introspection tools like valgrind to loose
track of the user stack. Just use INTERNAL_SYSCALL which makes sure
esp isn't changed arbitrarily.
Before the patch the code would generate:
mov $0xf3,%eax
movl $0xfffff,0x8(%esp)
movl $0x51,0xc(%esp)
xchg %esp,%ebx
int $0x80
xchg %esp,%ebx
Using INTERNAL_SYSCALL instead will generate:
movl $0xfffff,0x8(%esp)
movl $0x51,0xc(%esp)
xchg %ecx,%ebx
mov $0xf3,%eax
int $0x80
xchg %ecx,%ebx
Thanks to Florian Weimer for analysing why the original code generated
the bogus esp usage:
_segdescr.desc happens to be at the top of the stack, so its address
is in %esp. The asm statement says that %3 is an input, so its value
will not change, and GCC can use %esp as the input register for the
expression &_segdescr.desc. But the constraints do not fully describe
the asm statement because the %3 register is actually modified, albeit
only temporarily.
[BZ #17319]
* sysdeps/i386/nptl/tls.h (TLS_INIT_TP): Use INTERNAL_SYSCALL
to call set_thread_area instead of hand written asm.
(__NR_set_thread_area): Removed define.
(TLS_FLAG_WRITABLE): Likewise.
(__ASSUME_SET_THREAD_AREA): Remove check.
(TLS_EBX_ARG): Remove define.
(TLS_LOAD_EBX): Likewise.
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -1,3 +1,14 @@ +2014-08-27 Mark Wielaard <mjw@redhat.com> + + [BZ #17319] + * sysdeps/i386/nptl/tls.h (TLS_INIT_TP): Use INTERNAL_SYSCALL + to call set_thread_area instead of hand written asm. + (__NR_set_thread_area): Removed define. + (TLS_FLAG_WRITABLE): Likewise. + (__ASSUME_SET_THREAD_AREA): Remove check. + (TLS_EBX_ARG): Remove define. + (TLS_LOAD_EBX): Likewise. + 2014-08-27 Samuel Thibault <samuel.thibault@ens-lyon.org> Simplify atomicity of socket creation in bind. |