Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 1 Jan 2018 14:57:02 -0800
From: John Reiser <jreiser@...wagon.com>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] Add comments to i386 assembly source

There's a bug.  clone() is a user-level function that can be used
independently of the musl internal implementation of threads.
Thus when clone() in musl/src/linux/clone.c calls
         return __syscall_ret(__clone(func, stack, flags, arg, ptid, tls, ctid));
then the i386 implementation of __clone has no guarantee about
the value in %gs, and it is a bug to assume that (%gs >> 3)
fits in 8 bits.

The code in musl/src/thread/i386/clone.s wastes up to 12 bytes
when aligning the new stack, by aligning before [pre-]allocating
space for the one argument to the thread function.

This code fixes the %gs bug, wastes no stack space in the new thread,
and is 6 bytes smaller (83 ==> 77; -7.2%):

===== musl/src/thread/i386/clone.s
__NR_clone = 120
NBPW = 4  /* Number of Bytes Per Word */

.text
.global __clone
.type   __clone,@function

__clone:  /* clone(func, stack, flags, arg, ptid, tls, ctid) */
	push %esi  /* non-standard; save .text space */
	lea 2*NBPW(%esp),%esi  /* &func */
	push %ebx
	push %ebp
	push %edi

/* 'cld' must be in effect upon entry to a .globl function */
	lodsl; xchg %eax,%ebp  /* func (save) */
	lodsl; lea -NBPW(%eax),%ecx  /* stack; pre-allocate space for 1 arg */
	lodsl; xchg %eax,%ebx  /* flags */
		and $-16,%ecx  /* 16-byte align new stack */
	lodsl; mov %eax,(%ecx)  /* arg to new thread */
	lodsl; xchg %eax,%edx  /* ptid */

	push $0x51  /* flags */
	push $0xffff  /* limit */
	lodsl; push %eax  /* tls */
	xor %eax,%eax; mov %gs,%ax; shr $3,%eax; push %eax  /* segment # */

	mov (%esi),%edi  /* ctid */
	mov %esp,%esi  /* &segment_descriptor on current stack */
	push $__NR_clone; pop %eax
	int $128
	test %eax,%eax
	jnz 1f

	mov %ebp,%eax  /* func */
	xor %ebp,%ebp  /* end chain of stack frames */
	call *%eax  /* func(arg) */
	mov %eax,%ebx  /* rv is arg1 to syscall */
	xor %eax,%eax
	inc %eax  /* __NR_exit */
	int $128
	hlt

1:	add $16,%esp
	pop %edi
	pop %ebp
	pop %ebx
	pop %esi
	ret
=====

-- 

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.