crosstool-ng/packages/gcc/7.3.0/0022-xtensa-fix-PR-target-65416.patch
Max Filippov c41b9641b1 package/gcc: fix xtensa PR target/65416
gcc-8.1 for xtensa miscompiles uClibc dynamic linker due to gcc PR
target/65416. The build completes successfully, but the binary is
non-functional because the following fragment in the _dl_get_ready_to_run
in ld-uClibc.so overwrites register spill area on stack causing register
corruption in the previous call frame and a subsequent crash:

    419f:       f0c1b2          addi    a11, a1, -16
    41a2:       1ba9            s32i.n  a10, a11, 4
    41a4:       0bc9            s32i.n  a12, a11, 0
    41a6:       5127f2          l32i    a15, a7, 0x144
    41a9:       1765b2          s32i    a11, a5, 92
    41ac:       4e2782          l32i    a8, a7, 0x138
    41af:       146af2          s32i    a15, a10, 80
    41b2:       001b10          movsp   a1, a11

The crash terminates the init process and causes kernel panic.
The fix prevents reordering of movsp opcode and any access to the stack
frame memory and is applicable to all existing gcc versions.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2018-06-24 14:40:26 -07:00

102 lines
3.1 KiB
Diff
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 213fda1983bc80fbcc738ecd841a60a078f52111 Mon Sep 17 00:00:00 2001
From: jcmvbkbc <jcmvbkbc@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Tue, 19 Jun 2018 18:26:07 +0000
Subject: [PATCH] xtensa: fix PR target/65416
The issue is caused by reordering of stack pointer update after stack
space allocation with instructions that write to the allocated stack
space. In windowed ABI register spill area for the previous call frame
is located just below the stack pointer and may be reloaded back into
the register file on movsp.
Implement allocate_stack pattern for windowed ABI configuration and
insert an instruction that prevents reordering of frame memory access
and stack pointer update.
gcc/
2018-06-19 Max Filippov <jcmvbkbc@gmail.com>
* config/xtensa/xtensa.md (UNSPEC_FRAME_BLOCKAGE): New unspec
constant.
(allocate_stack, frame_blockage, *frame_blockage): New patterns.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@261755 138bc75d-0d04-0410-961f-82ee72b054a4
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
---
gcc/config/xtensa/xtensa.md | 46 +++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
diff --git a/gcc/config/xtensa/xtensa.md b/gcc/config/xtensa/xtensa.md
index d5596e25d828..0eba10b742cd 100644
--- a/gcc/config/xtensa/xtensa.md
+++ b/gcc/config/xtensa/xtensa.md
@@ -38,6 +38,7 @@
(UNSPEC_MEMW 11)
(UNSPEC_LSETUP_START 12)
(UNSPEC_LSETUP_END 13)
+ (UNSPEC_FRAME_BLOCKAGE 14)
(UNSPECV_SET_FP 1)
(UNSPECV_ENTRY 2)
@@ -1676,6 +1677,32 @@
;; Miscellaneous instructions.
+;; In windowed ABI stack pointer adjustment must happen before any access
+;; to the space allocated on stack is allowed, otherwise register spill
+;; area may be clobbered. That's what frame blockage is supposed to enforce.
+
+(define_expand "allocate_stack"
+ [(set (match_operand 0 "nonimmed_operand")
+ (minus (reg A1_REG) (match_operand 1 "add_operand")))
+ (set (reg A1_REG)
+ (minus (reg A1_REG) (match_dup 1)))]
+ "TARGET_WINDOWED_ABI"
+{
+ if (CONST_INT_P (operands[1]))
+ {
+ rtx neg_op0 = GEN_INT (-INTVAL (operands[1]));
+ emit_insn (gen_addsi3 (stack_pointer_rtx, stack_pointer_rtx, neg_op0));
+ }
+ else
+ {
+ emit_insn (gen_subsi3 (stack_pointer_rtx, stack_pointer_rtx,
+ operands[1]));
+ }
+ emit_move_insn (operands[0], virtual_stack_dynamic_rtx);
+ emit_insn (gen_frame_blockage ());
+ DONE;
+})
+
(define_expand "prologue"
[(const_int 0)]
""
@@ -1767,6 +1794,25 @@
[(set_attr "length" "0")
(set_attr "type" "nop")])
+;; Do not schedule instructions accessing memory before this point.
+
+(define_expand "frame_blockage"
+ [(set (match_dup 0)
+ (unspec:BLK [(match_dup 1)] UNSPEC_FRAME_BLOCKAGE))]
+ ""
+{
+ operands[0] = gen_rtx_MEM (BLKmode, gen_rtx_SCRATCH (Pmode));
+ MEM_VOLATILE_P (operands[0]) = 1;
+ operands[1] = stack_pointer_rtx;
+})
+
+(define_insn "*frame_blockage"
+ [(set (match_operand:BLK 0 "" "")
+ (unspec:BLK [(match_operand:SI 1 "" "")] UNSPEC_FRAME_BLOCKAGE))]
+ ""
+ ""
+ [(set_attr "length" "0")])
+
(define_insn "trap"
[(trap_if (const_int 1) (const_int 0))]
""
--
2.11.0