Fix arm64 clone stack handling.

Make sure we adjust the stack pointer so a signal can't overwrite data.

Bug: 15195265
Change-Id: I5ab9469a82cb214c32f40a713268a1ab74a4c6fa
This commit is contained in:
Elliott Hughes 2014-12-10 11:08:47 -08:00
parent 0952a5540e
commit 51f5d83237
2 changed files with 13 additions and 10 deletions

View File

@ -42,12 +42,14 @@ ENTRY(__bionic_clone)
# load extra parameters # load extra parameters
ldmfd ip, {r4, r5, r6} ldmfd ip, {r4, r5, r6}
# store 'fn' and 'arg' to the child stack # Push 'fn' and 'arg' onto the child stack.
stmdb r1!, {r5, r6} stmdb r1!, {r5, r6}
# System call # Make the system call.
ldr r7, =__NR_clone ldr r7, =__NR_clone
swi #0 swi #0
# Are we the child?
movs r0, r0 movs r0, r0
beq 1f beq 1f
@ -61,6 +63,7 @@ ENTRY(__bionic_clone)
1: # The child. 1: # The child.
# Setting lr to 0 will make the unwinder stop at __start_thread # Setting lr to 0 will make the unwinder stop at __start_thread
mov lr, #0 mov lr, #0
# Call __start_thread with the 'fn' and 'arg' we stored on the child stack.
pop {r0, r1} pop {r0, r1}
b __start_thread b __start_thread
END(__bionic_clone) END(__bionic_clone)

View File

@ -31,8 +31,8 @@
// pid_t __bionic_clone(int flags, void* child_stack, pid_t* parent_tid, void* tls, pid_t* child_tid, int (*fn)(void*), void* arg); // pid_t __bionic_clone(int flags, void* child_stack, pid_t* parent_tid, void* tls, pid_t* child_tid, int (*fn)(void*), void* arg);
ENTRY(__bionic_clone) ENTRY(__bionic_clone)
# Copy 'fn' and 'arg' onto the child stack. # Push 'fn' and 'arg' onto the child stack.
stp x5, x6, [x1, #-16] stp x5, x6, [x1, #-16]!
# Make the system call. # Make the system call.
mov x8, __NR_clone mov x8, __NR_clone
@ -49,12 +49,12 @@ ENTRY(__bionic_clone)
ret ret
.L_bc_child: .L_bc_child:
# We're in the child now. Set the end of the frame record chain... # We're in the child now. Set the end of the frame record chain.
mov x29, xzr mov x29, #0
# Setting x30 to 0 will make the unwinder stop at __start_thread # Setting x30 to 0 will make the unwinder stop at __start_thread.
mov x30, xzr mov x30, #0
# ...and call __start_thread with the 'fn' and 'arg' we stored on the child stack. # Call __start_thread with the 'fn' and 'arg' we stored on the child stack.
ldp x0, x1, [sp, #-16] ldp x0, x1, [sp], #16
b __start_thread b __start_thread
END(__bionic_clone) END(__bionic_clone)
.hidden __bionic_clone .hidden __bionic_clone