This patch fixed a broken call/return address prediction in
segmented stack implementation on x86_64 by leveraging the
red-zone under the stack pointer.
2022-01-06 Zhiyao Ma <zhiyao...@yale.edu>
libgcc/ChangeLog:
* config/i386/morestack.S: Modified instructions.
---
libgcc/config/i386/morestack.S | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/libgcc/config/i386/morestack.S b/libgcc/config/i386/morestack.S
index f1cf32dec9f..61c91ce4a35 100644
--- a/libgcc/config/i386/morestack.S
+++ b/libgcc/config/i386/morestack.S
@@ -213,14 +213,19 @@ __morestack_non_split:
cmpl $0x185d8d4c,(%rax)
je 2f
- # This breaks call/return prediction, as described above.
- incq 8(%rsp) # Increment
the return address.
+ movq %rax,-8(%rsp) # Save the incremented
return
+
# address to the red-zone below
+
# the stack pointer. It is
+
# guaranteed not to be corrupted.
popq %rax # Restore
register.
.cfi_adjust_cfa_offset -8 # Adjust for popped
register.
- ret #
Return to caller.
+ callq *-16(%rsp) # Call into the
caller's
+
# function body.
+
+ ret #
Return to caller's prologue.
2:
popq %rax # Restore
register.
--
2.25.1
