GCC's optimizer is getting more aggressive. It is no longer good

enough to just pass the address of a structure as an input parameter
to assembly code. The assembly code must also mark "memory" as getting
clobbered, even if it only wants to read from the structure. This
seems to be a result of strict aliasing and the lack of an ability for
the assembly code to clearly say which pointers it dereferences.

Furthermore, if the assembly code touches the stack (e.g. uses
"push"), it must now mark the stack pointer as getting
clobbered. Otherwise, GCC assumes that the red zone won't be
clobbered, and that it is possible to use the stack pointer as an
input register.

BUG=none
TEST=none
Review URL: http://codereview.chromium.org/320008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@29829 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 14 insertions, 7 deletions

diff --git a/sandbox/linux/seccomp/linux_syscall_support.h b/sandbox/linux/seccomp/linux_syscall_support.h
index 0d2e529..ee1c657 100644
--- a/sandbox/linux/seccomp/linux_syscall_support.h
+++ b/sandbox/linux/seccomp/linux_syscall_support.h
@@ -1446,7 +1446,7 @@ struct kernel_statfs {
                            "int $0x80\n"                                      \
                            "pop %%ebx"                                        \
                            args                                               \
-                           : "memory");                                       \
+                           : "esp", "memory");                                \
       LSS_RETURN(type,__res)
     #undef  _syscall0
     #define _syscall0(type,name)                                              \
@@ -1503,7 +1503,7 @@ struct kernel_statfs {
                              : "i" (__NR_##name), "ri" ((long)(arg1)),        \
                                "c" ((long)(arg2)), "d" ((long)(arg3)),        \
                                "S" ((long)(arg4)), "D" ((long)(arg5))         \
-                             : "memory");                                     \
+                             : "esp", "memory");                              \
         LSS_RETURN(type,__res);                                               \
       }
     #undef  _syscall6
@@ -1525,7 +1525,7 @@ struct kernel_statfs {
                              : "i" (__NR_##name),  "0" ((long)(&__s)),        \
                                "c" ((long)(arg2)), "d" ((long)(arg3)),        \
                                "S" ((long)(arg4)), "D" ((long)(arg5))         \
-                             : "memory");                                     \
+                             : "esp", "memory");                              \
         LSS_RETURN(type,__res);                                               \
       }
     LSS_INLINE int LSS_NAME(clone)(int (*fn)(void *), void *child_stack,
@@ -1611,7 +1611,7 @@ struct kernel_statfs {
                            : "0"(-EINVAL), "i"(__NR_clone),
                              "m"(fn), "m"(child_stack), "m"(flags), "m"(arg),
                              "m"(parent_tidptr), "m"(newtls), "m"(child_tidptr)
-                           : "memory", "ecx", "edx", "esi", "edi");
+                           : "esp", "memory", "ecx", "edx", "esi", "edi");
       LSS_RETURN(int, __res);
     }
 
@@ -1820,7 +1820,7 @@ struct kernel_statfs {
                              : "0"(-EINVAL), "i"(__NR_clone), "i"(__NR_exit),
                                "r"(fn), "S"(child_stack), "D"(flags), "r"(arg),
                                "d"(parent_tidptr), "r"(__tls), "r"(__ctid)
-                             : "memory", "r11", "rcx");
+                             : "rsp", "memory", "r11", "rcx");
       }
       LSS_RETURN(int, __res);
     }
diff --git a/sandbox/linux/seccomp/sandbox.cc b/sandbox/linux/seccomp/sandbox.cc
index 810f295..1da17d3 100644
--- a/sandbox/linux/seccomp/sandbox.cc
+++ b/sandbox/linux/seccomp/sandbox.cc
@@ -329,6 +329,13 @@ void (*Sandbox::segv())(int signo) {
       ".popsection\n"
   "999:pop  %0\n"
       : "=g"(fnc)
+      :
+      : "memory"
+#if defined(__x86_64__)
+        , "rsp"
+#elif defined(__i386__)
+        , "esp"
+#endif
   );
   return fnc;
 }
diff --git a/sandbox/linux/seccomp/trusted_thread.cc b/sandbox/linux/seccomp/trusted_thread.cc
index 25797cc..6edc05d 100644
--- a/sandbox/linux/seccomp/trusted_thread.cc
+++ b/sandbox/linux/seccomp/trusted_thread.cc
@@ -586,7 +586,7 @@ void Sandbox::createTrustedThread(int processFdPub, int cloneFdPub,
       :
       : "g"(&args)
       : "rax", "rcx", "rdx", "rdi", "rsi", "r8", "r9", "r10", "r11", "r12",
-        "r13", "r14", "r15"
+        "r13", "r14", "r15", "rsp", "memory"
 #elif defined(__i386__)
   struct user_desc u;
   u.entry_number    = (typeof u.entry_number)-1;
@@ -1197,7 +1197,7 @@ void Sandbox::createTrustedThread(int processFdPub, int cloneFdPub,
       "pop  %%ebx\n"
       :
       : "g"(&args)
-      : "eax", "ecx", "edx", "edi", "esi"
+      : "eax", "ecx", "edx", "edi", "esi", "esp", "memory"
 #else
 #error Unsupported target platform
 #endif