[uClibc 0005554]: Flawed inline assembler in libc/sysdeps/linux/i386/sigaction.c

bugs at busybox.net bugs at busybox.net
Sun Oct 19 03:21:14 UTC 2008


The following issue has been SUBMITTED. 
====================================================================== 
http://busybox.net/bugs/view.php?id=5554 
====================================================================== 
Reported By:                michael_d
Assigned To:                uClibc
====================================================================== 
Project:                    uClibc
Issue ID:                   5554
Category:                   Other
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     assigned
====================================================================== 
Date Submitted:             10-18-2008 20:21 PDT
Last Modified:              10-18-2008 20:21 PDT
====================================================================== 
Summary:                    Flawed inline assembler in
libc/sysdeps/linux/i386/sigaction.c
Description: 
The implementation of sigaction on i386 for older kernels makes the system
call using an inline asm element with two flaws:

1. The asm is not marked as depending on the kact structure or modifying
the koact structure.  Thus, GCC is free to assume these structures need
not be kept consistent, allowing it to remove all initialization of kact.

2. The asm allows the signal number to be provided as a memory reference. 
But this allows GCC to provide a stack-relative operand, which will break
because the assembler saves %ebx on the stack before using that operand.

http://busybox.net/bugs/view.php?id=1 didn't use to be a problem in practice
because GCC 4.2.* didn't seize
the optimization opportunity.  GCC 4.3.2, however, optimizes out the
"kact.sa_flags = act->sa_flags | SA_RESTORER;" line, so that the kernel
sees garbage in sa_flags.  This can result in the kernel seeing the
SA_RESETHAND flag, causing erratic behaviour in signal dependent
programs.

http://busybox.net/bugs/view.php?id=2 becomes an issue if "-fomit-frame-pointer"
is provided.  In
uClibc-0.9.29 it isn't, uClibc-0.9.30-rc2 does use the flag by default.

I've attached a patch to fix these issues.
====================================================================== 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
10-18-08 20:21  michael_d      New Issue                                    
10-18-08 20:21  michael_d      Status                   new => assigned     
10-18-08 20:21  michael_d      Assigned To               => uClibc          
10-18-08 20:21  michael_d      File Added: uClibc-0.9.29-sigaction.diff         
          
======================================================================




More information about the uClibc-cvs mailing list