public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/49016] New: always_inline causes references below the current stack pointer
@ 2011-05-16 22:58 merrill_707_1 at yahoo dot com
2011-05-16 23:00 ` [Bug c/49016] " merrill_707_1 at yahoo dot com
` (12 more replies)
0 siblings, 13 replies; 14+ messages in thread
From: merrill_707_1 at yahoo dot com @ 2011-05-16 22:58 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49016
Summary: always_inline causes references below the current
stack pointer
Product: gcc
Version: 4.3.4
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned@gcc.gnu.org
ReportedBy: merrill_707_1@yahoo.com
Created attachment 24256
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=24256
A script to run to compile t.c
When "inline __attribute__((always_inline))" is used, as is set up in some
Linux 2.6 kernel builds in gcc-compiler.h / compiler.h etc., then references to
memory below the current stack pointer can be made, when optimization is turned
off.
In fact, such references can also occur with -O2, but that is not such a simple
test program to generate. Here is a test program which generates the problem
with no optimization turned on.
To compile, run the "rc" script.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/49016] always_inline causes references below the current stack pointer
2011-05-16 22:58 [Bug c/49016] New: always_inline causes references below the current stack pointer merrill_707_1 at yahoo dot com
@ 2011-05-16 23:00 ` merrill_707_1 at yahoo dot com
2011-05-16 23:00 ` merrill_707_1 at yahoo dot com
` (11 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: merrill_707_1 at yahoo dot com @ 2011-05-16 23:00 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49016
--- Comment #1 from Lee Merrill <merrill_707_1 at yahoo dot com> 2011-05-16 22:45:58 UTC ---
Created attachment 24257
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=24257
The source file which generates the problem
This file, when compiled via the attached "rc" script, will have references
below the current stack pointer.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/49016] always_inline causes references below the current stack pointer
2011-05-16 22:58 [Bug c/49016] New: always_inline causes references below the current stack pointer merrill_707_1 at yahoo dot com
2011-05-16 23:00 ` [Bug c/49016] " merrill_707_1 at yahoo dot com
@ 2011-05-16 23:00 ` merrill_707_1 at yahoo dot com
2011-05-16 23:35 ` pinskia at gcc dot gnu.org
` (10 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: merrill_707_1 at yahoo dot com @ 2011-05-16 23:00 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49016
--- Comment #2 from Lee Merrill <merrill_707_1 at yahoo dot com> 2011-05-16 22:49:14 UTC ---
Created attachment 24258
--> http://gcc.gnu.org/bugzilla/attachment.cgi?id=24258
The output of running rc with "-v -save-temps" added.
This is the output from running the "rc" script, with gcc parameters "-v
-save-temps" added to the command line.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/49016] always_inline causes references below the current stack pointer
2011-05-16 22:58 [Bug c/49016] New: always_inline causes references below the current stack pointer merrill_707_1 at yahoo dot com
` (2 preceding siblings ...)
2011-05-16 23:35 ` pinskia at gcc dot gnu.org
@ 2011-05-16 23:35 ` merrill_707_1 at yahoo dot com
2011-05-17 6:08 ` jakub at gcc dot gnu.org
` (8 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: merrill_707_1 at yahoo dot com @ 2011-05-16 23:35 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49016
--- Comment #3 from Lee Merrill <merrill_707_1 at yahoo dot com> 2011-05-16 22:51:33 UTC ---
A disassembly snippet to show the problem:
0000000000000000 <fcPostWrite>:
0: 55 push %rbp
1: 48 89 e5 mov %rsp,%rbp
# Note that these statements reference memory below the
# current stack pointer. So any interrupt which occurs
# here will corrupt these variables.
4: 48 89 7d e8 mov %rdi,-0x18(%rbp)
8: 89 75 e4 mov %esi,-0x1c(%rbp)
b: 8b 45 e4 mov -0x1c(%rbp),%eax
e: 89 45 fc mov %eax,-0x4(%rbp)
11: 48 8b 45 e8 mov -0x18(%rbp),%rax
15: 48 89 45 f0 mov %rax,-0x10(%rbp)
19: 48 8b 55 f0 mov -0x10(%rbp),%rdx
1d: 8b 45 fc mov -0x4(%rbp),%eax
20: 89 02 mov %eax,(%rdx)
22: c9 leaveq
23: c3 retq
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/49016] always_inline causes references below the current stack pointer
2011-05-16 22:58 [Bug c/49016] New: always_inline causes references below the current stack pointer merrill_707_1 at yahoo dot com
2011-05-16 23:00 ` [Bug c/49016] " merrill_707_1 at yahoo dot com
2011-05-16 23:00 ` merrill_707_1 at yahoo dot com
@ 2011-05-16 23:35 ` pinskia at gcc dot gnu.org
2011-05-16 23:35 ` merrill_707_1 at yahoo dot com
` (9 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: pinskia at gcc dot gnu.org @ 2011-05-16 23:35 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49016
--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> 2011-05-16 23:09:13 UTC ---
Well x86_64 ABI has a red zone which allows for these references to happen if
they are under 128 bytes.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/49016] always_inline causes references below the current stack pointer
2011-05-16 22:58 [Bug c/49016] New: always_inline causes references below the current stack pointer merrill_707_1 at yahoo dot com
` (3 preceding siblings ...)
2011-05-16 23:35 ` merrill_707_1 at yahoo dot com
@ 2011-05-17 6:08 ` jakub at gcc dot gnu.org
2011-05-17 13:51 ` merrill_707_1 at yahoo dot com
` (7 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: jakub at gcc dot gnu.org @ 2011-05-17 6:08 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49016
Jakub Jelinek <jakub at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
CC| |jakub at gcc dot gnu.org
Resolution| |INVALID
--- Comment #5 from Jakub Jelinek <jakub at gcc dot gnu.org> 2011-05-17 05:22:06 UTC ---
Yeah, 128 bytes below %rsp can be freely used on x86_64, interrupts must not
clobber those.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/49016] always_inline causes references below the current stack pointer
2011-05-16 22:58 [Bug c/49016] New: always_inline causes references below the current stack pointer merrill_707_1 at yahoo dot com
` (4 preceding siblings ...)
2011-05-17 6:08 ` jakub at gcc dot gnu.org
@ 2011-05-17 13:51 ` merrill_707_1 at yahoo dot com
2011-05-17 14:12 ` merrill_707_1 at yahoo dot com
` (6 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: merrill_707_1 at yahoo dot com @ 2011-05-17 13:51 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49016
--- Comment #6 from Lee Merrill <merrill_707_1 at yahoo dot com> 2011-05-17 13:29:56 UTC ---
(In reply to comment #5)
> Yeah, 128 bytes below %rsp can be freely used on x86_64, interrupts must not
> clobber those.
I should have mentioned that this is kernel driver code, so then the interrupt
does not change privilege level, and a stack switch will not occur. When an
interrupt happens, the flags / cs / ip are stored at the next 24 bytes of
stack, overwriting the variables in view here. I've seen this happen on a
standard Suse 10 x86_64 Linux machine, so this would not be just theoretical...
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/49016] always_inline causes references below the current stack pointer
2011-05-16 22:58 [Bug c/49016] New: always_inline causes references below the current stack pointer merrill_707_1 at yahoo dot com
` (5 preceding siblings ...)
2011-05-17 13:51 ` merrill_707_1 at yahoo dot com
@ 2011-05-17 14:12 ` merrill_707_1 at yahoo dot com
2011-05-17 14:26 ` jakub at gcc dot gnu.org
` (5 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: merrill_707_1 at yahoo dot com @ 2011-05-17 14:12 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49016
--- Comment #7 from Lee Merrill <merrill_707_1 at yahoo dot com> 2011-05-17 13:42:23 UTC ---
I think what is happening in the compiler BTW is that a "sub $XX, %rsp" is
dropping out, perhaps as an optimization. If for example, you comment out the
"#define inline" line in the test code, a stack adjustment appears:
0: 55 push %rbp
1: 48 89 e5 mov %rsp,%rbp
4: 48 83 ec 10 sub $0x10,%rsp # SP adjustment here
8: 48 89 7d f8 mov %rdi,-0x8(%rbp)
c: 89 75 f4 mov %esi,-0xc(%rbp)
etc.
And as far as using stack space below your stack pointer, suppose someone has
an operating system that runs applications at the same privilege level as the
OS?
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/49016] always_inline causes references below the current stack pointer
2011-05-16 22:58 [Bug c/49016] New: always_inline causes references below the current stack pointer merrill_707_1 at yahoo dot com
` (6 preceding siblings ...)
2011-05-17 14:12 ` merrill_707_1 at yahoo dot com
@ 2011-05-17 14:26 ` jakub at gcc dot gnu.org
2011-05-17 15:10 ` merrill_707_1 at yahoo dot com
` (4 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: jakub at gcc dot gnu.org @ 2011-05-17 14:26 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49016
--- Comment #8 from Jakub Jelinek <jakub at gcc dot gnu.org> 2011-05-17 14:01:51 UTC ---
It is of course fine if an interrupt uses the same stack, after all, user
interrupts do that too. But the ABI says that 128 bytes below the %rsp are
reserved, so the interrupt code first needs to subtract 128 from %rsp before
calling any functions and must not modify that area.
You can compile with -mno-red-zone to force no red zone.
Apparently that's a flag x86_64-linux kernel uses during compilation and
therefore
probably doesn't bother to preserve the red zone during interrupts except when
creating a user interrupt:
arch/x86/Makefile has:
KBUILD_CFLAGS += -mno-red-zone
KBUILD_CFLAGS += -mcmodel=kernel
Thus if you are compiling Linux kernel x86_64 code or modules without
-mno-red-zone, it would be a user error.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/49016] always_inline causes references below the current stack pointer
2011-05-16 22:58 [Bug c/49016] New: always_inline causes references below the current stack pointer merrill_707_1 at yahoo dot com
` (7 preceding siblings ...)
2011-05-17 14:26 ` jakub at gcc dot gnu.org
@ 2011-05-17 15:10 ` merrill_707_1 at yahoo dot com
2011-05-17 15:21 ` merrill_707_1 at yahoo dot com
` (3 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: merrill_707_1 at yahoo dot com @ 2011-05-17 15:10 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49016
--- Comment #10 from Lee Merrill <merrill_707_1 at yahoo dot com> 2011-05-17 14:49:33 UTC ---
And the compile (and the compile in the "rc" script here) is indeed specifying
-mcmodel=kernel in the flags.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/49016] always_inline causes references below the current stack pointer
2011-05-16 22:58 [Bug c/49016] New: always_inline causes references below the current stack pointer merrill_707_1 at yahoo dot com
` (8 preceding siblings ...)
2011-05-17 15:10 ` merrill_707_1 at yahoo dot com
@ 2011-05-17 15:21 ` merrill_707_1 at yahoo dot com
2011-05-17 17:27 ` mikpe at it dot uu.se
` (2 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: merrill_707_1 at yahoo dot com @ 2011-05-17 15:21 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49016
--- Comment #9 from Lee Merrill <merrill_707_1 at yahoo dot com> 2011-05-17 14:47:34 UTC ---
(In reply to comment #8)
> ... the ABI says that 128 bytes below the %rsp are
> reserved, so the interrupt code first needs to subtract 128 from %rsp before
> calling any functions and must not modify that area.
Thanks for your reply, yet the interrupt itself will modify the next 24 bytes
below %rsp, in storing flags / cs / rip. So then this area would be corrupted,
which indeed I am seeing.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/49016] always_inline causes references below the current stack pointer
2011-05-16 22:58 [Bug c/49016] New: always_inline causes references below the current stack pointer merrill_707_1 at yahoo dot com
` (9 preceding siblings ...)
2011-05-17 15:21 ` merrill_707_1 at yahoo dot com
@ 2011-05-17 17:27 ` mikpe at it dot uu.se
2011-05-17 19:00 ` merrill_707_1 at yahoo dot com
2011-05-18 12:09 ` matz at gcc dot gnu.org
12 siblings, 0 replies; 14+ messages in thread
From: mikpe at it dot uu.se @ 2011-05-17 17:27 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49016
--- Comment #11 from Mikael Pettersson <mikpe at it dot uu.se> 2011-05-17 16:58:02 UTC ---
(In reply to comment #10)
> And the compile (and the compile in the "rc" script here) is indeed specifying
> -mcmodel=kernel in the flags.
-mcmodel=kernel isn't enough, you're still failing to pass -mno-red-zone.
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/49016] always_inline causes references below the current stack pointer
2011-05-16 22:58 [Bug c/49016] New: always_inline causes references below the current stack pointer merrill_707_1 at yahoo dot com
` (10 preceding siblings ...)
2011-05-17 17:27 ` mikpe at it dot uu.se
@ 2011-05-17 19:00 ` merrill_707_1 at yahoo dot com
2011-05-18 12:09 ` matz at gcc dot gnu.org
12 siblings, 0 replies; 14+ messages in thread
From: merrill_707_1 at yahoo dot com @ 2011-05-17 19:00 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49016
--- Comment #12 from Lee Merrill <merrill_707_1 at yahoo dot com> 2011-05-17 18:42:47 UTC ---
(In reply to comment #11)
> (In reply to comment #10)
> > And the compile (and the compile in the "rc" script here) is indeed specifying
> > -mcmodel=kernel in the flags.
>
> -mcmodel=kernel isn't enough, you're still failing to pass -mno-red-zone.
That works, thanks! It does seem odd to tell it not to use the red zone, in
order for it to um, properly use the red zone. :)
^ permalink raw reply [flat|nested] 14+ messages in thread
* [Bug c/49016] always_inline causes references below the current stack pointer
2011-05-16 22:58 [Bug c/49016] New: always_inline causes references below the current stack pointer merrill_707_1 at yahoo dot com
` (11 preceding siblings ...)
2011-05-17 19:00 ` merrill_707_1 at yahoo dot com
@ 2011-05-18 12:09 ` matz at gcc dot gnu.org
12 siblings, 0 replies; 14+ messages in thread
From: matz at gcc dot gnu.org @ 2011-05-18 12:09 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49016
Michael Matz <matz at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |matz at gcc dot gnu.org
--- Comment #13 from Michael Matz <matz at gcc dot gnu.org> 2011-05-18 11:51:35 UTC ---
The flag is for the compiler and tells it to no use (as in clobber) the
red-zone.
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2011-05-18 12:07 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-05-16 22:58 [Bug c/49016] New: always_inline causes references below the current stack pointer merrill_707_1 at yahoo dot com
2011-05-16 23:00 ` [Bug c/49016] " merrill_707_1 at yahoo dot com
2011-05-16 23:00 ` merrill_707_1 at yahoo dot com
2011-05-16 23:35 ` pinskia at gcc dot gnu.org
2011-05-16 23:35 ` merrill_707_1 at yahoo dot com
2011-05-17 6:08 ` jakub at gcc dot gnu.org
2011-05-17 13:51 ` merrill_707_1 at yahoo dot com
2011-05-17 14:12 ` merrill_707_1 at yahoo dot com
2011-05-17 14:26 ` jakub at gcc dot gnu.org
2011-05-17 15:10 ` merrill_707_1 at yahoo dot com
2011-05-17 15:21 ` merrill_707_1 at yahoo dot com
2011-05-17 17:27 ` mikpe at it dot uu.se
2011-05-17 19:00 ` merrill_707_1 at yahoo dot com
2011-05-18 12:09 ` matz at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).