This is an archive of the discontinued LLVM Phabricator instance.

[libunwind][AArch64] Fix libunwind::Registers_arm64::jumpto
ClosedPublic

Authored by miyuki on Jun 7 2019, 7:17 AM.

Download Raw Diff

Details

Reviewers

phosek
chill

Commits

rUNW363545: [libunwind][AArch64] Fix libunwind::Registers_arm64::jumpto
rGd5323f6a707e: [libunwind][AArch64] Fix libunwind::Registers_arm64::jumpto
rL363545: [libunwind][AArch64] Fix libunwind::Registers_arm64::jumpto

Summary

The AArch64 version of the libunwind function which restores the
CPU state and resumes execution is not interrupt-safe. It restores
the target value of SP before loading the floating-point registers
from the context struct, but that struct is allocated on the stack
which is being deallocated. This means that if an interrupt occurs
during this function, and uses a lot of stack space, it could
overwrite the values about to be loaded into the floating-point
registers.

This patch fixes the issue.

Patch by Oliver Stannard.

Diff Detail

Event Timeline

miyuki created this revision.Jun 7 2019, 7:17 AM

Herald added a project: Restricted Project. · View Herald TranscriptJun 7 2019, 7:17 AM

Herald added subscribers: christof, kristof.beyls, javed.absar. · View Herald Transcript

LGTM. r17 and r18 are be clobbered by a calls, according to AAPCS-64 (5.1.1) and I couldn't find any indication that some Apple ABI would deviate from that.

This revision is now accepted and ready to land.Jun 17 2019, 3:47 AM

Closed by commit rL363545: [libunwind][AArch64] Fix libunwind::Registers_arm64::jumpto (authored by miyuki). · Explain WhyJun 17 2019, 3:57 AM

This revision was automatically updated to reflect the committed changes.

Herald added a project: Restricted Project. · View Herald TranscriptJun 17 2019, 3:57 AM

Herald added a subscriber: llvm-commits. · View Herald Transcript

Revision Contents

Path

Size

libunwind/

src/

UnwindRegistersRestore.S

11 lines

Diff 203554

libunwind/src/UnwindRegistersRestore.S

Show First 20 Lines • Show All 569 Lines • ▼ Show 20 Lines	DEFINE_LIBUNWIND_FUNCTION(_ZN9libunwind15Registers_arm646jumptoEv)
// skip restore of x0,x1 for now		// skip restore of x0,x1 for now
ldp x2, x3, [x0, #0x010]		ldp x2, x3, [x0, #0x010]
ldp x4, x5, [x0, #0x020]		ldp x4, x5, [x0, #0x020]
ldp x6, x7, [x0, #0x030]		ldp x6, x7, [x0, #0x030]
ldp x8, x9, [x0, #0x040]		ldp x8, x9, [x0, #0x040]
ldp x10,x11, [x0, #0x050]		ldp x10,x11, [x0, #0x050]
ldp x12,x13, [x0, #0x060]		ldp x12,x13, [x0, #0x060]
ldp x14,x15, [x0, #0x070]		ldp x14,x15, [x0, #0x070]
ldp x16,x17, [x0, #0x080]		// x16 and x17 were clobbered by the call into the unwinder, so no point in
		// restoring them.
ldp x18,x19, [x0, #0x090]		ldp x18,x19, [x0, #0x090]
ldp x20,x21, [x0, #0x0A0]		ldp x20,x21, [x0, #0x0A0]
ldp x22,x23, [x0, #0x0B0]		ldp x22,x23, [x0, #0x0B0]
ldp x24,x25, [x0, #0x0C0]		ldp x24,x25, [x0, #0x0C0]
ldp x26,x27, [x0, #0x0D0]		ldp x26,x27, [x0, #0x0D0]
ldp x28,x29, [x0, #0x0E0]		ldp x28,x29, [x0, #0x0E0]
ldr x30, [x0, #0x100] // restore pc into lr		ldr x30, [x0, #0x100] // restore pc into lr
ldr x1, [x0, #0x0F8]
mov sp,x1 // restore sp

ldp d0, d1, [x0, #0x110]		ldp d0, d1, [x0, #0x110]
ldp d2, d3, [x0, #0x120]		ldp d2, d3, [x0, #0x120]
ldp d4, d5, [x0, #0x130]		ldp d4, d5, [x0, #0x130]
ldp d6, d7, [x0, #0x140]		ldp d6, d7, [x0, #0x140]
ldp d8, d9, [x0, #0x150]		ldp d8, d9, [x0, #0x150]
ldp d10,d11, [x0, #0x160]		ldp d10,d11, [x0, #0x160]
ldp d12,d13, [x0, #0x170]		ldp d12,d13, [x0, #0x170]
ldp d14,d15, [x0, #0x180]		ldp d14,d15, [x0, #0x180]
ldp d16,d17, [x0, #0x190]		ldp d16,d17, [x0, #0x190]
ldp d18,d19, [x0, #0x1A0]		ldp d18,d19, [x0, #0x1A0]
ldp d20,d21, [x0, #0x1B0]		ldp d20,d21, [x0, #0x1B0]
ldp d22,d23, [x0, #0x1C0]		ldp d22,d23, [x0, #0x1C0]
ldp d24,d25, [x0, #0x1D0]		ldp d24,d25, [x0, #0x1D0]
ldp d26,d27, [x0, #0x1E0]		ldp d26,d27, [x0, #0x1E0]
ldp d28,d29, [x0, #0x1F0]		ldp d28,d29, [x0, #0x1F0]
ldr d30, [x0, #0x200]		ldr d30, [x0, #0x200]
ldr d31, [x0, #0x208]		ldr d31, [x0, #0x208]

		// Finally, restore sp. This must be done after the the last read from the
		// context struct, because it is allocated on the stack, and an exception
		// could clobber the de-allocated portion of the stack after sp has been
		// restored.
		ldr x16, [x0, #0x0F8]
ldp x0, x1, [x0, #0x000] // restore x0,x1		ldp x0, x1, [x0, #0x000] // restore x0,x1
		mov sp,x16 // restore sp
ret x30 // jump to pc		ret x30 // jump to pc

#elif defined(__arm__) && !defined(__APPLE__)		#elif defined(__arm__) && !defined(__APPLE__)

#if !defined(__ARM_ARCH_ISA_ARM)		#if !defined(__ARM_ARCH_ISA_ARM)
#if (__ARM_ARCH_ISA_THUMB == 2)		#if (__ARM_ARCH_ISA_THUMB == 2)
.syntax unified		.syntax unified
#endif		#endif
▲ Show 20 Lines • Show All 417 Lines • Show Last 20 Lines