Declaring __current_thread_info as a global register variable has the effect of preventing GCC from saving & restoring its value in cases where the ABI would typically do so.
To quote GCC documentation:
If the register is a call-saved register, call ABI is affected: the register will not be restored in function epilogue sequences after the variable has been assigned. Therefore, functions cannot safely return to callers that assume standard ABI.
When our position independent VDSO is built for the n32 or n64 ABIs all functions it exposes should be preserving the value of $gp/$28 for their caller, but in the presence of the __current_thread_info global register variable GCC stops doing so & simply clobbers $gp/$28 when calculating the address of the GOT.
In cases where the VDSO returns success this problem will typically be masked by the caller in libc returning & restoring $gp/$28 itself, but that is by no means guaranteed. In cases where the VDSO returns an error libc will typically contain a fallback path which will now fail (typically with a bad memory access) if it attempts anything which relies upon the value of $gp/$28 - eg. accessing anything via the GOT.
Fix this by moving the declaration of __current_thread_info inside the current_thread_info() function, demoting it from global register variable to local register variable & avoiding inadvertently creating a non-standard calling ABI for the VDSO.
Signed-off-by: Paul Burton paulburton@kernel.org Reported-by: "Jason A. Donenfeld" Jason@zx2c4.com Fixes: ebb5e78cc634 ("MIPS: Initial implementation of a VDSO") Cc: Arnd Bergmann arnd@arndb.de Cc: Christian Brauner christian.brauner@canonical.com Cc: Vincenzo Frascino vincenzo.frascino@arm.com Cc: stable@vger.kernel.org # v4.4+ --- arch/mips/include/asm/thread_info.h | 4 ++-- arch/mips/kernel/relocate.c | 1 + 2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h index 4993db40482c..aceefc3f9a1a 100644 --- a/arch/mips/include/asm/thread_info.h +++ b/arch/mips/include/asm/thread_info.h @@ -50,10 +50,10 @@ struct thread_info { }
/* How to get the thread information struct from C. */ -register struct thread_info *__current_thread_info __asm__("$28"); - static inline struct thread_info *current_thread_info(void) { + register struct thread_info *__current_thread_info __asm__("$28"); + return __current_thread_info; }
diff --git a/arch/mips/kernel/relocate.c b/arch/mips/kernel/relocate.c index 3d80a51256de..c9afdc39b003 100644 --- a/arch/mips/kernel/relocate.c +++ b/arch/mips/kernel/relocate.c @@ -296,6 +296,7 @@ static inline int __init relocation_addr_valid(void *loc_new)
void *__init relocate_kernel(void) { + register struct thread_info *__current_thread_info __asm__("$28"); void *loc_new; unsigned long kernel_length; unsigned long bss_length;