[PATCH] x86: prevent tail call optimization in signal.c

From: Ingo Molnar
Date: Tue Jan 20 2009 - 02:38:47 EST

Next message: Jens Axboe: "Re: [RFC PATCH] block: Fix bio merge induced high I/O latency"
Previous message: Oleg Nesterov: "Re: [PATCH 7/7][v7] proc: Show SIG_DFL signals to init as"ignored" signals"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Impact: fix firefox crash

Another victim of GCC believing that on-stack function arguments are
owned by the callee - while in reality for asmlinkage functions they
are very much owned by the caller. Stomping on them can corrupt the
user-space register state, causing weird crashes.

Reported-by: Justin Madru <jdm64@xxxxxxxxx>
Signed-off-by: Ingo Molnar <mingo@xxxxxxx>
---
arch/x86/kernel/signal.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
index 89bb766..dee83af 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -634,7 +634,11 @@ badframe:
#ifdef CONFIG_X86_32
asmlinkage int sys_rt_sigreturn(struct pt_regs regs)
{
- return do_rt_sigreturn(&regs);
+ int ret = do_rt_sigreturn(&regs);
+
+ asmlinkage_protect(1, ret, regs);
+
+ return ret;
}
#else /* !CONFIG_X86_32 */
asmlinkage long sys_rt_sigreturn(struct pt_regs *regs)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jens Axboe: "Re: [RFC PATCH] block: Fix bio merge induced high I/O latency"
Previous message: Oleg Nesterov: "Re: [PATCH 7/7][v7] proc: Show SIG_DFL signals to init as"ignored" signals"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]