|
Message-ID: <CAH9TF6ORtP9X2SkhLXdj+K6sAxNQnT6OHCgh-KvuqWeC=_z0Fg@mail.gmail.com> Date: Fri, 6 Dec 2024 19:51:52 +0100 From: Alex Rønne Petersen <alex@...xrp.com> To: musl@...ts.openwall.com Subject: Re: [PATCH] clone: clear the frame pointer in the child process on relevant ports On Fri, Dec 6, 2024 at 7:49 PM Alex Rønne Petersen <alex@...xrp.com> wrote: > > This just mirrors what is done in the start code for the affected ports, as well > as what is already done for the three x86 ports. For consistency, I also changed > the x86 ports and the powerpc port to have the child process portion at the end > of clone(). > > Clearing the frame pointer helps protect FP-based unwinders which have no way of > knowing that the FP register should be considered undefined in the child process > portion of clone(). In practice, we found this change to be necessary when > running the Zig standard library tests under qemu-aarch64_be with musl linked. I made some observations in musl's startup code while putting this patch together. As far as I can tell, musl doesn't clear... * r7 (non-ABI FP) on arm; * $ra on loongarch64; * fp and ra on riscv32/riscv64; * r9 (LR) on or1k; * r31 (non-ABI FP) on powerpc/powerpc64; * r11 (non-ABI FP) and r14 (LR) on s390x; * r14 (FP) and pr (LR) on sh. Accordingly, I didn't make such changes to clone(). The question is, *should* musl clear these? For what it's worth, in Zig's non-libc startup code, we're clearing all link and frame pointer registers, both ABI and non-ABI, because it doesn't really cost us much and we'd rather be safe than sorry. I think it's also notable that musl *does* clear the non-ABI FP register (r14) on microblaze, so there's some precedent there. Here's what glibc does, for comparison: * arm: Same as musl. * loongarch64: Sets $ra to a sensible return address so it can abort(). * riscv32/riscv64: Same as musl. * or1k: Clears r2 (same as musl), clears r9. * powerpc/powerpc64: Same as musl. * s390x: Sets r14 to a sensible return address so it can trigger a crash right after the brasl. * sh: Clears r14, sets pr to a sensible return address to it can abort(). If changes are desired for these ports, I can do a separate patch to change the startup code and clone() code for them.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.