[gcc r12-6807] Disable -fsplit-stack support on non-glibc targets

public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed

* [gcc r12-6807] Disable -fsplit-stack support on non-glibc targets
@ 2022-01-21 19:22 Richard Sandiford
  0 siblings, 0 replies; only message in thread
From: Richard Sandiford @ 2022-01-21 19:22 UTC (permalink / raw)
  To: gcc-cvs

https://gcc.gnu.org/g:c163647ffbc9a20c8feb6e079dbecccfe016c82e

commit r12-6807-gc163647ffbc9a20c8feb6e079dbecccfe016c82e
Author: Sören Tempel <soeren@soeren-tempel.net>
Date:   Fri Jan 21 19:22:46 2022 +0000

    Disable -fsplit-stack support on non-glibc targets
    
    The -fsplit-stack option requires the pthread_t TCB definition in the
    libc to provide certain struct fields at specific hardcoded offsets. As
    far as I know, only glibc provides these fields at the required offsets.
    Most notably, musl libc does not have these fields. However, since gcc
    accesses the fields using a fixed offset, this does not cause a
    compile-time error, but instead results in a silent memory corruption at
    run-time with musl libc. For example, on s390x libgcc's
    __stack_split_initialize CTOR will overwrite the cancel field in the
    pthread_t TCB on musl.
    
    The -fsplit-stack option is used within the gcc code base itself by
    gcc-go (if available). On musl-based systems with split-stack support
    (i.e. s390x or x86) this causes Go programs compiled with gcc-go to
    misbehave at run-time.
    
    This patch fixes gcc-go on musl by disabling -fsplit-stack in gcc itself
    since it is not supported on non-glibc targets anyhow. This is achieved
    by checking if gcc targets a glibc-based system. This check has been
    added for x86 and s390x, the rs6000 config already checks for
    TARGET_GLIBC_MAJOR. Other architectures do not have split-stack
    support. With this patch applied, the gcc-go configure script will
    detect that -fsplit-stack support is not available and will not use it.
    
    See https://www.openwall.com/lists/musl/2012/10/16/12
    
    This patch was written under the assumption that glibc is the only libc
    implementation which supports the required fields at the required
    offsets in the pthread_t TCB. The patch has been tested on Alpine Linux
    Edge on the s390x and x86 architectures by bootstrapping Google's Go
    implementation with gcc-go.
    
    Signed-off-by: Sören Tempel <soeren@soeren-tempel.net>
    
    gcc/ChangeLog:
    
            * common/config/s390/s390-common.cc (s390_supports_split_stack):
            Only support split-stack on glibc targets.
            * config/i386/gnu-user-common.h (STACK_CHECK_STATIC_BUILTIN): Ditto.
            * config/i386/gnu.h (defined): Ditto.

Diff:
---
 gcc/common/config/s390/s390-common.cc | 14 ++++++++++----
 gcc/config/i386/gnu-user-common.h     |  5 +++--
 gcc/config/i386/gnu.h                 |  5 ++++-
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/gcc/common/config/s390/s390-common.cc b/gcc/common/config/s390/s390-common.cc
index 6ed2f89f3d0..547b0826f93 100644
--- a/gcc/common/config/s390/s390-common.cc
+++ b/gcc/common/config/s390/s390-common.cc
@@ -116,13 +116,19 @@ s390_handle_option (struct gcc_options *opts ATTRIBUTE_UNUSED,
 
 /* -fsplit-stack uses a field in the TCB, available with glibc-2.23.
    We don't verify it, since earlier versions just have padding at
-   its place, which works just as well.  */
+   its place, which works just as well.  For other libc implementations
+   we disable the feature entirely to avoid corrupting the TCB.  */
 
 static bool
-s390_supports_split_stack (bool report ATTRIBUTE_UNUSED,
-			   struct gcc_options *opts ATTRIBUTE_UNUSED)
+s390_supports_split_stack (bool report,
+			   struct gcc_options *opts)
 {
-  return true;
+  if (opts->x_linux_libc == LIBC_GLIBC)
+    return true;
+
+  if (report)
+    error ("%<-fsplit-stack%> currently only supported on GNU/Linux");
+  return false;
 }
 
 #undef TARGET_DEFAULT_TARGET_FLAGS
diff --git a/gcc/config/i386/gnu-user-common.h b/gcc/config/i386/gnu-user-common.h
index 23b54c5be52..7525f788a9c 100644
--- a/gcc/config/i386/gnu-user-common.h
+++ b/gcc/config/i386/gnu-user-common.h
@@ -66,7 +66,8 @@ along with GCC; see the file COPYING3.  If not see
 #define STACK_CHECK_STATIC_BUILTIN 1
 
 /* We only build the -fsplit-stack support in libgcc if the
-   assembler has full support for the CFI directives.  */
-#if HAVE_GAS_CFI_PERSONALITY_DIRECTIVE
+   assembler has full support for the CFI directives and
+   targets glibc.  */
+#if HAVE_GAS_CFI_PERSONALITY_DIRECTIVE && OPTION_GLIBC
 #define TARGET_CAN_SPLIT_STACK
 #endif
diff --git a/gcc/config/i386/gnu.h b/gcc/config/i386/gnu.h
index 401e60c9a02..daa505a5d45 100644
--- a/gcc/config/i386/gnu.h
+++ b/gcc/config/i386/gnu.h
@@ -35,7 +35,10 @@ along with GCC.  If not, see <http://www.gnu.org/licenses/>.
    crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
 #endif
 
-#ifdef TARGET_LIBC_PROVIDES_SSP
+/* -fsplit-stack uses a field in the TCB at a fixed offset. This
+   field is only available for glibc.  Disable -fsplit-stack for
+   other libc implementations to avoid silent TCB corruptions.  */
+#if defined (TARGET_LIBC_PROVIDES_SSP) && OPTION_GLIBC
 
 /* i386 glibc provides __stack_chk_guard in %gs:0x14.  */
 #define TARGET_THREAD_SSP_OFFSET        0x14


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-01-21 19:22 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-21 19:22 [gcc r12-6807] Disable -fsplit-stack support on non-glibc targets Richard Sandiford

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).