Ticket #10509: 10509_x86_64.patch

src/system/kernel/arch/x86/64/thread.cpp

@@ -100 +100 @@
 {
     STATIC_ASSERT(MAX_RANDOM_VALUE >= B_PAGE_SIZE - 1);
     value -= random_value() & (B_PAGE_SIZE - 1);
-    return value & ~addr_t(0xf);
+    return (value & ~addr_t(0xf)) - 8;
+        // This means, result % 16 == 8, which is what rsp should adhere to
+        // when a function is entered for the stack to be considered aligned to
+        // 16 byte.
 }
 
 
 static uint8*
-get_signal_stack(Thread* thread, iframe* frame, struct sigaction* action)
+get_signal_stack(Thread* thread, iframe* frame, struct sigaction* action,
+    size_t spaceNeeded)
 {
     // Use the alternate signal stack if we should and can.
     if (thread->signal_stack_enabled
@@ -114 +118 @@
                 || frame->user_sp >= thread->signal_stack_base
                     + thread->signal_stack_size)) {
         addr_t stackTop = thread->signal_stack_base + thread->signal_stack_size;
-        return (uint8*)arch_randomize_stack_pointer(stackTop);
+        return (uint8*)arch_randomize_stack_pointer(stackTop - spaceNeeded);
     }
 
     // We are going to use the stack that we are already on. We must not touch
     // the red zone (128 byte area below the stack pointer, reserved for use
     // by functions to store temporary data and guaranteed not to be modified
     // by signal handlers).
-    return (uint8*)(frame->user_sp - 128);
+    return (uint8*)((frame->user_sp - 128 - spaceNeeded) & ~addr_t(0xf)) - 8;
+        // align stack pointer (cf. arch_randomize_stack_pointer())
 }
 
 
@@ -215 +220 @@
     void* args2)
 {
     addr_t stackTop = thread->user_stack_base + thread->user_stack_size;
+    addr_t codeAddr;
 
     TRACE("arch_thread_enter_userspace: entry %#lx, args %p %p, "
         "stackTop %#lx\n", entry, args1, args2, stackTop);
 
-    stackTop = arch_randomize_stack_pointer(stackTop);
+    stackTop = arch_randomize_stack_pointer(stackTop - sizeof(codeAddr));
 
     // Copy the address of the stub that calls exit_thread() when the thread
     // entry function returns to the top of the stack to act as the return
     // address. The stub is inside commpage.
     addr_t commPageAddress = (addr_t)thread->team->commpage_address;
-    addr_t codeAddr = ((addr_t*)commPageAddress)[COMMPAGE_ENTRY_X86_THREAD_EXIT]
+    codeAddr = ((addr_t*)commPageAddress)[COMMPAGE_ENTRY_X86_THREAD_EXIT]
         + commPageAddress;
-    stackTop -= sizeof(codeAddr);
     if (user_memcpy((void*)stackTop, (const void*)&codeAddr, sizeof(codeAddr))
             != B_OK)
         return B_BAD_ADDRESS;
@@ -324 +329 @@
     signalFrameData->syscall_restart_return_value = frame->orig_rax;
 
     // Get the stack to use and copy the frame data to it.
-    uint8* userStack = get_signal_stack(thread, frame, action);
+    uint8* userStack = get_signal_stack(thread, frame, action,
+        sizeof(*signalFrameData) + sizeof(frame->ip));
 
-    userStack -= sizeof(*signalFrameData);
-    signal_frame_data* userSignalFrameData = (signal_frame_data*)userStack;
+    signal_frame_data* userSignalFrameData
+        = (signal_frame_data*)(userStack + sizeof(frame->ip));
 
     if (user_memcpy(userSignalFrameData, signalFrameData,
             sizeof(*signalFrameData)) != B_OK) {
@@ -335 +341 @@
     }
 
     // Copy a return address to the stack so that backtraces will be correct.
-    userStack -= sizeof(frame->ip);
     if (user_memcpy(userStack, &frame->ip, sizeof(frame->ip)) != B_OK)
         return B_BAD_ADDRESS;