musl: Add unwinding protection in clone() implementations.

Whatever was in the frame pointer register prior to clone() will no longer be
valid in the child process, so zero it to protect FP-based unwinders. This is
just an extension of what was already done for i386 and x86_64. Only applied
to architectures where the _start() code also zeroes the frame pointer.

lib/libc/musl/src/thread/aarch64/clone.s

@@ -24,7 +24,8 @@ __clone:
 	// parent
 	ret
 	// child
-1:	ldp x1,x0,[sp],#16
+1:	mov fp, 0
+	ldp x1,x0,[sp],#16
 	blr x1
 	mov x8,#93 // SYS_exit
 	svc #0

lib/libc/musl/src/thread/arm/clone.s

@@ -19,7 +19,8 @@ __clone:
 	ldmfd sp!,{r4,r5,r6,r7}
 	bx lr
 
-1:	mov r0,r6
+1:	mov fp,#0
+	mov r0,r6
 	bl 3f
 2:	mov r7,#1
 	svc 0

lib/libc/musl/src/thread/i386/clone.s

@@ -30,9 +30,15 @@ __clone:
 	mov 8(%ebp),%ebp
 	int $128
 	test %eax,%eax
-	jnz 1f
+	jz 1f
+	add $16,%esp
+	pop %edi
+	pop %esi
+	pop %ebx
+	pop %ebp
+	ret
 
-	mov %ebp,%eax
+1:	mov %ebp,%eax
 	xor %ebp,%ebp
 	call *%eax
 	mov %eax,%ebx
@@ -40,10 +46,3 @@ __clone:
 	inc %eax
 	int $128
 	hlt
-
-1:	add $16,%esp
-	pop %edi
-	pop %esi
-	pop %ebx
-	pop %ebp
-	ret

lib/libc/musl/src/thread/loongarch64/clone.s

@@ -22,6 +22,7 @@ __clone:
 	beqz    $a0, 1f         # whether child process
 	jirl    $zero, $ra, 0   # parent process return
 1:
+	move    $fp, $zero
 	ld.d    $t8, $sp, 0     # function pointer
 	ld.d    $a0, $sp, 8     # argument pointer
 	jirl    $ra, $t8, 0     # call the user's function

lib/libc/musl/src/thread/m68k/clone.s

@@ -18,7 +18,8 @@ __clone:
 	beq 1f
 	movem.l (%sp)+,%d2-%d5
 	rts
-1:	move.l %a1,-(%sp)
+1:	suba.l %%fp,%%fp
+	move.l %a1,-(%sp)
 	jsr (%a0)
 	move.l #1,%d0
 	trap #0

lib/libc/musl/src/thread/microblaze/clone.s

@@ -22,7 +22,8 @@ __clone:
 	rtsd    r15, 8
 	nop
 
-1:	lwi     r3, r1, 0
+1:	add     r19, r0, r0
+	lwi     r3, r1, 0
 	lwi     r5, r1, 4
 	brald   r15, r3
 	nop

lib/libc/musl/src/thread/mips/clone.s

@@ -27,7 +27,8 @@ __clone:
 	addu $sp, $sp, 16
 	jr $ra
 	nop
-1:	lw $25, 0($sp)
+1:	move $fp, $0
+	lw $25, 0($sp)
 	lw $4, 4($sp)
 	jalr $25
 	nop

lib/libc/musl/src/thread/mips64/clone.s

@@ -25,7 +25,8 @@ __clone:
 	nop
 	jr	$ra
 	nop
-1:	ld	$25, 0($sp)	# function pointer
+1:	move	$fp, $0
+	ld	$25, 0($sp)	# function pointer
 	ld	$4, 8($sp)	# argument pointer
 	jalr	$25		# call the user's function
 	nop

lib/libc/musl/src/thread/mipsn32/clone.s

@@ -25,7 +25,8 @@ __clone:
 	nop
 	jr	$ra
 	nop
-1:	lw	$25, 0($sp)	# function pointer
+1:	move	$fp, $0
+	lw	$25, 0($sp)	# function pointer
 	lw	$4, 4($sp)	# argument pointer
 	jalr	$25		# call the user's function
 	nop

lib/libc/musl/src/thread/or1k/clone.s

@@ -23,7 +23,8 @@ __clone:
 	l.jr	r9
 	 l.nop
 
-1:	l.lwz	r11, 0(r1)
+1:	l.ori	r2, r0, 0
+	l.lwz	r11, 0(r1)
 	l.jalr	r11
 	 l.lwz	r3, 4(r1)
 

lib/libc/musl/src/thread/powerpc/clone.s

@@ -48,9 +48,16 @@ neg 3, 3 #negate the result (errno)
 # compare sc result with 0
 cmpwi cr7, 3, 0
 
-# if not 0, jump to end
-bne cr7, 2f
+# if not 0, restore stack and return
+beq cr7, 2f
 
+lwz 30, 0(1)
+lwz 31, 4(1)
+addi 1, 1, 16
+
+blr
+
+2:
 #else: we're the child
 #call funcptr: move arg (d) into r3
 mr 3, 31
@@ -61,13 +68,3 @@ bctrl
 # mov SYS_exit into r0 (the exit param is already in r3)
 li 0, 1
 sc
-
-2:
-
-# restore stack
-lwz 30, 0(1)
-lwz 31, 4(1)
-addi 1, 1, 16
-
-blr
-

lib/libc/musl/src/thread/x32/clone.s

@@ -15,12 +15,12 @@ __clone:
 	mov %rcx,(%rsi)
 	syscall
 	test %eax,%eax
-	jnz 1f
-	xor %ebp,%ebp
+	jz 1f
+	ret
+1:	xor %ebp,%ebp
 	pop %rdi
 	call *%r9
 	mov %eax,%edi
 	movl $0x4000003c,%eax /* SYS_exit */
 	syscall
 	hlt
-1:	ret

lib/libc/musl/src/thread/x86_64/clone.s

@@ -16,8 +16,9 @@ __clone:
 	mov %rcx,(%rsi)
 	syscall
 	test %eax,%eax
-	jnz 1f
-	xor %ebp,%ebp
+	jz 1f
+	ret
+1:	xor %ebp,%ebp
 	pop %rdi
 	call *%r9
 	mov %eax,%edi
@@ -25,4 +26,3 @@ __clone:
 	mov $60,%al
 	syscall
 	hlt
-1:	ret