[riscv] Fix sp handling in MacroAssembler::LeaveFrame

dramforever · V8 LUCI CQ · commit 6a0a25abaed3 · 2026-02-03T16:44:42.000-08:00
Keep sp <= fp to ensure that data right above fp doesn't get clobbered by an inopportune signal and its handler. Such clobbering can happen in e.g. Node.js when JIT-compiled code is interrupted by a SIGCHLD handler. Bug: None Change-Id: Ief0836032ada7942e89f081f7605f61632c4d414 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7540554 Reviewed-by: Ji Qiu <qiuji@iscas.ac.cn> Commit-Queue: Yahan Lu (LuYahan) <yahan@iscas.ac.cn> Reviewed-by: Rezvan Mahdavi Hezaveh <rezvan@chromium.org> Cr-Commit-Position: refs/heads/main@{#105069}
diff --git a/AUTHORS b/AUTHORS
@@ -306,6 +306,7 @@ Vadim Gorbachev <bmsdave@gmail.com>
 Varun Varada <varuncvarada@gmail.com>
 Victor Costan <costan@gmail.com>
 Victor Polevoy <fx@thefx.co>
+Vivian Wang <wangruikang@iscas.ac.cn>
 Vlad Burlik <vladbph@gmail.com>
 Vladimir Kempik <vladimir.kempik@syntacore.com>
 Vladimir Krivosheev <develar@gmail.com>
diff --git a/src/codegen/riscv/macro-assembler-riscv.cc b/src/codegen/riscv/macro-assembler-riscv.cc
@@ -6782,9 +6782,10 @@ void MacroAssembler::EnterFrame(StackFrame::Type type, ShadowStackStatus ss) {
 
 void MacroAssembler::LeaveFrame(StackFrame::Type type) {
   ASM_CODE_COMMENT(this);
-  AddWord(sp, fp, 2 * kSystemPointerSize);
+  Move(sp, fp);
   LoadWord(ra, MemOperand(fp, 1 * kSystemPointerSize));
   LoadWord(fp, MemOperand(fp, 0 * kSystemPointerSize));
+  AddWord(sp, sp, 2 * kSystemPointerSize);
 #ifdef V8_ENABLE_RISCV_SHADOW_STACK
   sspopchk_ra();
 #endif

-Original file line number
+Diff line change
 Varun Varada <[email protected]>
 Victor Costan <[email protected]>
 Victor Polevoy <[email protected]>
 +Vivian Wang <[email protected]>
 Vlad Burlik <[email protected]>
 Vladimir Kempik <[email protected]>
 Vladimir Krivosheev <[email protected]>