mips: Align stack pointer on entry to signal handler.

Based on a patch by rin@.  The variant approach I took puts the stack
frame allocation and alignment logic in one place (getframe, used by
sendsig_siginfo for native (n64, on mips), netbsd32_sendsig_siginfo
for compat32 (n32/o32, on mips), and sendsig_sigcontext (compat 1.6))
and reduces the chance of provoking compiler exploitation of
undefined behaviour by doing arithmetic in uintptr_t rather than in
pointers to large aligned structs.  This also ensures the resulting
pointer is aligned for the object (struct siginfo_sigframe, struct
siginfo_sigframe32, struct sigcontext), not just for the ABI stack
alignment.

PR kern/59327: user stack pointer is not aligned properly

Author: riastradh

sys/arch/mips/include/frame.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: frame.h,v 1.12 2021/03/29 01:46:26 simonb Exp $	*/
+/*	$NetBSD: frame.h,v 1.13 2025/04/25 00:26:58 riastradh Exp $	*/
 
 /*
  * Copyright (c) 2001 The NetBSD Foundation, Inc.
@@ -40,8 +40,9 @@
 #endif
 
 #include <sys/signal.h>
+#include <sys/stddef.h>
 
-void *getframe(struct lwp *, int, int *);
+void *getframe(struct lwp *, int, int *, size_t, size_t);
 #define	lwp_trapframe(l)	((l)->l_md.md_utf)
 
 #if defined(COMPAT_16) || defined(COMPAT_ULTRIX)

sys/arch/mips/include/mips_param.h

@@ -1,4 +1,4 @@
-/*	$NetBSD: mips_param.h,v 1.53 2025/04/20 22:32:25 riastradh Exp $	*/
+/*	$NetBSD: mips_param.h,v 1.54 2025/04/25 00:26:58 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 2013 The NetBSD Foundation, Inc.
@@ -82,6 +82,8 @@
 #define	STACK_ALIGNBYTES	(8 - 1)
 #endif
 
+#define	STACK_ALIGNBYTES_O32	(8 - 1)
+
 #define	ALIGNBYTES32		(sizeof(double) - 1)
 #define	ALIGN32(p)		(((uintptr_t)(p) + ALIGNBYTES32) &~ALIGNBYTES32)
 

sys/arch/mips/mips/compat_16_machdep.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: compat_16_machdep.c,v 1.23 2021/10/27 04:15:00 thorpej Exp $	*/
+/*	$NetBSD: compat_16_machdep.c,v 1.24 2025/04/25 00:26:59 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 1998, 2001 The NetBSD Foundation, Inc.
@@ -45,7 +45,7 @@
 
 #include <sys/cdefs.h>			/* RCS ID & Copyright macro defns */
 
-__KERNEL_RCSID(0, "$NetBSD: compat_16_machdep.c,v 1.23 2021/10/27 04:15:00 thorpej Exp $"); 
+__KERNEL_RCSID(0, "$NetBSD: compat_16_machdep.c,v 1.24 2025/04/25 00:26:59 riastradh Exp $"); 
 
 #ifdef _KERNEL_OPT
 #include "opt_cputype.h"
@@ -96,7 +96,8 @@ sendsig_sigcontext(const ksiginfo_t *ksi, const sigset_t *returnmask)
 	struct sigacts * const ps = p->p_sigacts;
 	struct pcb * const pcb = lwp_getpcb(l);
 	int onstack, error;
-	struct sigcontext *scp = getframe(l, sig, &onstack);
+	struct sigcontext *scp = getframe(l, sig, &onstack,
+	    sizeof(*scp), _Alignof(*scp));
 	struct sigcontext ksc;
 	struct trapframe * const tf = l->l_md.md_utf;
 	sig_t catcher = SIGACTION(p, sig).sa_handler;
@@ -106,8 +107,6 @@ sendsig_sigcontext(const ksiginfo_t *ksi, const sigset_t *returnmask)
 		sigexit(l, SIGILL);
 #endif
 
-	scp--;
-
 #ifdef DEBUG
 	if ((sigdebug & SDB_FOLLOW) ||
 	    ((sigdebug & SDB_KSTACK) && p->p_pid == sigpid))

sys/arch/mips/mips/netbsd32_machdep.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: netbsd32_machdep.c,v 1.23 2021/11/06 20:42:56 thorpej Exp $	*/
+/*	$NetBSD: netbsd32_machdep.c,v 1.24 2025/04/25 00:26:59 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 2009 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: netbsd32_machdep.c,v 1.23 2021/11/06 20:42:56 thorpej Exp $");
+__KERNEL_RCSID(0, "$NetBSD: netbsd32_machdep.c,v 1.24 2025/04/25 00:26:59 riastradh Exp $");
 
 #include "opt_compat_netbsd.h"
 
@@ -94,14 +94,13 @@ netbsd32_sendsig_siginfo(const ksiginfo_t *ksi, const sigset_t *mask)
 	struct sigacts * const ps = p->p_sigacts;
 	int onstack, error;
 	int sig = ksi->ksi_signo;
-	struct sigframe_siginfo32 *sfp = getframe(l, sig, &onstack);
+	struct sigframe_siginfo32 *sfp = getframe(l, sig, &onstack,
+	    sizeof(*sfp), _Alignof(*sfp));
 	struct sigframe_siginfo32 sf;
 	struct trapframe * const tf = l->l_md.md_utf;
 	size_t sfsz;
 	sig_t catcher = SIGACTION(p, sig).sa_handler;
 
-	sfp--;
-
 	memset(&sf, 0, sizeof(sf));
 	netbsd32_si_to_si32(&sf.sf_si, (const siginfo_t *)&ksi->ksi_info);
 

sys/arch/mips/mips/sig_machdep.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: sig_machdep.c,v 1.25 2024/04/14 07:56:45 skrll Exp $	*/
+/*	$NetBSD: sig_machdep.c,v 1.26 2025/04/25 00:26:59 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 2003 The NetBSD Foundation, Inc.
@@ -31,7 +31,7 @@
 
 #include <sys/cdefs.h>			/* RCS ID & Copyright macro defns */
 
-__KERNEL_RCSID(0, "$NetBSD: sig_machdep.c,v 1.25 2024/04/14 07:56:45 skrll Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sig_machdep.c,v 1.26 2025/04/25 00:26:59 riastradh Exp $");
 
 #include "opt_cputype.h"
 
@@ -49,17 +49,29 @@ __KERNEL_RCSID(0, "$NetBSD: sig_machdep.c,v 1.25 2024/04/14 07:56:45 skrll Exp $
 #include <mips/locore.h>
 
 void *
-getframe(struct lwp *l, int sig, int *onstack)
+getframe(struct lwp *l, int sig, int *onstack, size_t size, size_t align)
 {
 	struct proc * const p = l->l_proc;
 	struct trapframe * const tf = l->l_md.md_utf;
+	uintptr_t sp;
+
+	KASSERT((align & (align - 1)) == 0);
 
 	/* Do we need to jump onto the signal stack? */
 	*onstack = (l->l_sigstk.ss_flags & (SS_DISABLE | SS_ONSTACK)) == 0
 	    && (SIGACTION(p, sig).sa_flags & SA_ONSTACK) != 0;
 	if (*onstack)
-		return (char *)l->l_sigstk.ss_sp + l->l_sigstk.ss_size;
-	return (void *)(intptr_t)tf->tf_regs[_R_SP];
+		sp = (uintptr_t)l->l_sigstk.ss_sp + l->l_sigstk.ss_size;
+	else
+		sp = (uintptr_t)tf->tf_regs[_R_SP];
+	sp -= size;
+#ifndef __mips_o32
+	if (p->p_md.md_abi == _MIPS_BSD_API_O32)
+		sp &= ~(STACK_ALIGNBYTES_O32 | (align - 1));
+	else
+#endif
+		sp &= ~(STACK_ALIGNBYTES | (align - 1));
+	return (void *)sp;
 }
 
 struct sigframe_siginfo {
@@ -79,12 +91,11 @@ sendsig_siginfo(const ksiginfo_t *ksi, const sigset_t *mask)
 	struct trapframe * const tf = l->l_md.md_utf;
 	int onstack, error;
 	const int signo = ksi->ksi_signo;
-	struct sigframe_siginfo *sf = getframe(l, signo, &onstack);
+	struct sigframe_siginfo *sf = getframe(l, signo, &onstack,
+	    sizeof(*sf), _Alignof(*sf));
 	struct sigframe_siginfo ksf;
 	const sig_t catcher = SIGACTION(p, signo).sa_handler;
 
-	sf--;
-
 	memset(&ksf, 0, sizeof(ksf));
 	ksf.sf_si._info = ksi->ksi_info;
 	ksf.sf_uc.uc_flags = _UC_SIGMASK

tests/kernel/t_signal_and_sp.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: t_signal_and_sp.c,v 1.14 2025/04/25 00:03:16 riastradh Exp $	*/
+/*	$NetBSD: t_signal_and_sp.c,v 1.15 2025/04/25 00:26:59 riastradh Exp $	*/
 
 /*
  * Copyright (c) 2024 The NetBSD Foundation, Inc.
@@ -27,7 +27,7 @@
  */
 
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: t_signal_and_sp.c,v 1.14 2025/04/25 00:03:16 riastradh Exp $");
+__RCSID("$NetBSD: t_signal_and_sp.c,v 1.15 2025/04/25 00:26:59 riastradh Exp $");
 
 #include <sys/wait.h>
 
@@ -384,11 +384,6 @@ ATF_TC_BODY(signalsp, tc)
 #if defined STACK_ALIGNBYTES && defined HAVE_SIGNALSPHANDLER
 	struct sigaction sa;
 
-#if defined __mips_n32 || defined __mips_n64 /* 16-byte, vs 8-byte o32 */
-	atf_tc_expect_fail("PR kern/59327:"
-	    " user stack pointer is not aligned properly");
-#endif
-
 	memset(&sa, 0, sizeof(sa));
 	sa.sa_handler = &signalsphandler;
 	RL(sigaction(SIGUSR1, &sa, NULL));
@@ -431,7 +426,7 @@ ATF_TC_BODY(signalsp_sigaltstack, tc)
 	fprintf(stderr, "stack @ [%p, %p)\n",
 	    stack, stack + SIGSTKSZ + STACK_ALIGNBYTES);
 
-#if defined __alpha__ || defined __mips__
+#if defined __alpha__
 	atf_tc_expect_fail("PR kern/59327:"
 	    " user stack pointer is not aligned properly");
 #endif
@@ -583,7 +578,7 @@ ATF_TC_BODY(misaligned_sp_and_signal, tc)
 	sa.sa_handler = &signalsphandler;
 	RL(sigaction(SIGALRM, &sa, NULL));
 
-#if defined __alpha__ || defined __mips__
+#if defined __alpha__
 	atf_tc_expect_fail("PR kern/58149:"
 	    " Cannot return from a signal handler"
 	    " if SP was misaligned when the signal arrived");