[PATCH v3] Disable -fsplit-stack support on non-glibc targets

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

From: soeren@soeren-tempel.net
To: gcc-patches@gcc.gnu.org
Cc: richard.sandiford@arm.com
Subject: [PATCH v3] Disable -fsplit-stack support on non-glibc targets
Date: Fri, 21 Jan 2022 20:16:11 +0100	[thread overview]
Message-ID: <20220121191610.8305-1-soeren@soeren-tempel.net> (raw)
In-Reply-To: <mptpmomnhof.fsf@arm.com>

From: Sören Tempel <soeren@soeren-tempel.net>

The -fsplit-stack option requires the pthread_t TCB definition in the
libc to provide certain struct fields at specific hardcoded offsets. As
far as I know, only glibc provides these fields at the required offsets.
Most notably, musl libc does not have these fields. However, since gcc
accesses the fields using a fixed offset, this does not cause a
compile-time error, but instead results in a silent memory corruption at
run-time with musl libc. For example, on s390x libgcc's
__stack_split_initialize CTOR will overwrite the cancel field in the
pthread_t TCB on musl.

The -fsplit-stack option is used within the gcc code base itself by
gcc-go (if available). On musl-based systems with split-stack support
(i.e. s390x or x86) this causes Go programs compiled with gcc-go to
misbehave at run-time.

This patch fixes gcc-go on musl by disabling -fsplit-stack in gcc itself
since it is not supported on non-glibc targets anyhow. This is achieved
by checking if gcc targets a glibc-based system. This check has been
added for x86 and s390x, the rs6000 config already checks for
TARGET_GLIBC_MAJOR. Other architectures do not have split-stack
support. With this patch applied, the gcc-go configure script will
detect that -fsplit-stack support is not available and will not use it.

See https://www.openwall.com/lists/musl/2012/10/16/12

This patch was written under the assumption that glibc is the only libc
implementation which supports the required fields at the required
offsets in the pthread_t TCB. The patch has been tested on Alpine Linux
Edge on the s390x and x86 architectures by bootstrapping Google's Go
implementation with gcc-go.

Signed-off-by: Sören Tempel <soeren@soeren-tempel.net>

gcc/ChangeLog:

	* common/config/s390/s390-common.c (s390_supports_split_stack):
	Only support split-stack on glibc targets.
	* config/i386/gnu-user-common.h (STACK_CHECK_STATIC_BUILTIN): Ditto.
	* config/i386/gnu.h (defined): Ditto.
---
This version of the patch fixes a few codingstyle violations pointed out
to me by Richard Sandiford, it does not include any functional changes
compared to previous versions of this patch.

 gcc/common/config/s390/s390-common.cc | 14 ++++++++++----
 gcc/config/i386/gnu-user-common.h     |  5 +++--
 gcc/config/i386/gnu.h                 |  5 ++++-
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/gcc/common/config/s390/s390-common.cc b/gcc/common/config/s390/s390-common.cc
index 6ed2f89f3d0..547b0826f93 100644
--- a/gcc/common/config/s390/s390-common.cc
+++ b/gcc/common/config/s390/s390-common.cc
@@ -116,13 +116,19 @@ s390_handle_option (struct gcc_options *opts ATTRIBUTE_UNUSED,

 /* -fsplit-stack uses a field in the TCB, available with glibc-2.23.
    We don't verify it, since earlier versions just have padding at
-   its place, which works just as well.  */
+   its place, which works just as well.  For other libc implementations
+   we disable the feature entirely to avoid corrupting the TCB.  */

 static bool
-s390_supports_split_stack (bool report ATTRIBUTE_UNUSED,
-			   struct gcc_options *opts ATTRIBUTE_UNUSED)
+s390_supports_split_stack (bool report,
+			   struct gcc_options *opts)
 {
-  return true;
+  if (opts->x_linux_libc == LIBC_GLIBC)
+    return true;
+
+  if (report)
+    error ("%<-fsplit-stack%> currently only supported on GNU/Linux");
+  return false;
 }

 #undef TARGET_DEFAULT_TARGET_FLAGS
diff --git a/gcc/config/i386/gnu-user-common.h b/gcc/config/i386/gnu-user-common.h
index 23b54c5be52..7525f788a9c 100644
--- a/gcc/config/i386/gnu-user-common.h
+++ b/gcc/config/i386/gnu-user-common.h
@@ -66,7 +66,8 @@ along with GCC; see the file COPYING3.  If not see
 #define STACK_CHECK_STATIC_BUILTIN 1

 /* We only build the -fsplit-stack support in libgcc if the
-   assembler has full support for the CFI directives.  */
-#if HAVE_GAS_CFI_PERSONALITY_DIRECTIVE
+   assembler has full support for the CFI directives and
+   targets glibc.  */
+#if HAVE_GAS_CFI_PERSONALITY_DIRECTIVE && OPTION_GLIBC
 #define TARGET_CAN_SPLIT_STACK
 #endif
diff --git a/gcc/config/i386/gnu.h b/gcc/config/i386/gnu.h
index 401e60c9a02..daa505a5d45 100644
--- a/gcc/config/i386/gnu.h
+++ b/gcc/config/i386/gnu.h
@@ -35,7 +35,10 @@ along with GCC.  If not, see <http://www.gnu.org/licenses/>.
    crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
 #endif

-#ifdef TARGET_LIBC_PROVIDES_SSP
+/* -fsplit-stack uses a field in the TCB at a fixed offset. This
+   field is only available for glibc.  Disable -fsplit-stack for
+   other libc implementations to avoid silent TCB corruptions.  */
+#if defined (TARGET_LIBC_PROVIDES_SSP) && OPTION_GLIBC

 /* i386 glibc provides __stack_chk_guard in %gs:0x14.  */
 #define TARGET_THREAD_SSP_OFFSET        0x14

next prev parent reply	other threads:[~2022-01-21 19:18 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-18 10:43 [PATCH] " soeren
2021-12-18 10:54 ` Andrew Pinski
2021-12-18 11:13   ` Sören Tempel
2021-12-18 11:22     ` Andrew Pinski
2021-12-18 12:19       ` [PATCH v2] " soeren
2022-01-20 20:45         ` Sören Tempel
2022-01-20 22:52         ` Richard Sandiford
2022-01-21  7:32           ` Andreas Krebbel
2022-01-21  8:17           ` Uros Bizjak
2022-01-21 19:16           ` soeren [this message]
2022-01-21 19:23             ` [PATCH v3] " Richard Sandiford
2022-01-21 19:47               ` H.J. Lu
2022-01-21 20:09                 ` H.J. Lu
2022-01-21 20:18             ` Jakub Jelinek
2022-01-21 21:31               ` [PATCH] x86: Properly disable " H.J. Lu
2022-01-21 21:42                 ` Jakub Jelinek
2022-01-21 21:57                   ` [PATCH v2] " H.J. Lu
2022-01-21 22:14                     ` Jakub Jelinek
2022-01-21 19:53         ` [PATCH v2] Disable " H.J. Lu
2022-01-21 20:43           ` Sören Tempel
2022-01-22  9:32 ` [PATCH] " Martin Liška
2022-01-22  9:35   ` Jakub Jelinek
2022-01-22 12:16   ` Jakub Jelinek
2022-01-22 18:03     ` Jakub Jelinek
2022-01-23  9:06       ` Uros Bizjak
2022-01-23 10:06         ` Jakub Jelinek
2022-01-24  9:33       ` Jakub Jelinek
2022-01-24 10:09         ` Richard Biener

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220121191610.8305-1-soeren@soeren-tempel.net \
    --to=soeren@soeren-tempel.net \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=richard.sandiford@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).