Use the stmdb instead of str to save the fn/arg Directly save data into stack without properly adjustment of stack point is dangous. For example, if a signal comes, kernel will put sigframe into userspace's stack, which will overwrite the saved data if sp is not adjusted properly. Bug: 15195265 Change-Id: Iea0cadfd3b94d50cf40252ad52fe5950811b9192 Signed-off-by: Jiangli Yuan <a6808c@motorola.com>

commit: c3d1728583907e23d1a4493e02835622514d1dd0 [log] [tgz]
author: Jiangli Yuan <a6808c@motorola.com> Tue Dec 09 17:02:59 2014 -0800
committer: Elliott Hughes <enh@google.com> Wed Dec 10 18:47:01 2014 +0000
tree: 9c6f356de681e11e860ae6565d1131f835f78979
parent: 3f1c604c9df459f5baecfdc04cbe8ecda07b70eb [diff]
diff --git a/libc/arch-arm/bionic/__bionic_clone.S b/libc/arch-arm/bionic/__bionic_clone.S
index f5cf9e0..b02a709 100644
--- a/libc/arch-arm/bionic/__bionic_clone.S
+++ b/libc/arch-arm/bionic/__bionic_clone.S

@@ -43,8 +43,7 @@
     ldmfd   ip, {r4, r5, r6}
 
     # store 'fn' and 'arg' to the child stack
-    str     r5, [r1, #-4]
-    str     r6, [r1, #-8]
+    stmdb   r1!, {r5, r6}
 
     # System call
     ldr     r7, =__NR_clone
@@ -62,8 +61,7 @@
 1:  # The child.
     # Setting lr to 0 will make the unwinder stop at __start_thread
     mov    lr, #0
-    ldr    r0, [sp, #-4]
-    ldr    r1, [sp, #-8]
+    pop    {r0, r1}
     b      __start_thread
 END(__bionic_clone)
 .hidden __bionic_clone
commit	c3d1728583907e23d1a4493e02835622514d1dd0	[log] [tgz]
author	Jiangli Yuan <a6808c@motorola.com>	Tue Dec 09 17:02:59 2014 -0800
committer	Elliott Hughes <enh@google.com>	Wed Dec 10 18:47:01 2014 +0000
tree	9c6f356de681e11e860ae6565d1131f835f78979
parent	3f1c604c9df459f5baecfdc04cbe8ecda07b70eb [diff]