runtime: check that stack barrier unwind is in sync

Currently the stack barrier stub blindly unwinds the next stack
barrier from the G's stack barrier array without checking that it's
the right stack barrier. If through some bug the stack barrier array
position gets out of sync with where we actually are on the stack,
this could return to the wrong PC, which would lead to difficult to
debug crashes. To address this, this commit adds a check to the amd64
stack barrier stub that it's unwinding the correct stack barrier.

Updates #12238.

Change-Id: If824d95191d07e2512dc5dba0d9978cfd9f54e02
Reviewed-on: https://go-review.googlesource.com/13948
Reviewed-by: Russ Cox <rsc@golang.org>

diff --git a/src/runtime/asm_amd64.s b/src/runtime/asm_amd64.s
index d165e08333d7d8d63d498a7eda4273a056eab0ef..dc975bebc2b8a130a8daa7846f88d9f43fb42c3a 100644 (file)
--- a/src/runtime/asm_amd64.s
+++ b/src/runtime/asm_amd64.s
@@ -346,7 +346,12 @@ TEXT runtime·stackBarrier(SB),NOSPLIT,$0
        MOVQ    (g_stkbar+slice_array)(CX), DX
        MOVQ    g_stkbarPos(CX), BX
        IMULQ   $stkbar__size, BX       // Too big for SIB.
+       MOVQ    stkbar_savedLRPtr(DX)(BX*1), R8
        MOVQ    stkbar_savedLRVal(DX)(BX*1), BX
+       // Assert that we're popping the right saved LR.
+       CMPQ    R8, SP
+       JNE     2(PC)
+       MOVL    $0, 0
        // Record that this stack barrier was hit.
        ADDQ    $1, g_stkbarPos(CX)
        // Jump to the original return PC.