On 1/20/22 23:52, Richard Sandiford wrote:
> cc:ing the x86 and s390 maintainers
>
> soeren--- via Gcc-patches <gcc-patches@gcc.gnu.org> writes:
>> From: Sören Tempel <soe...@soeren-tempel.net>
>>
>> The -fsplit-stack option requires the pthread_t TCB definition in the
>> libc to provide certain struct fields at specific hardcoded offsets. As
>> far as I know, only glibc provides these fields at the required offsets.
>> Most notably, musl libc does not have these fields. However, since gcc
>> accesses the fields using a fixed offset, this does not cause a
>> compile-time error, but instead results in a silent memory corruption at
>> run-time with musl libc. For example, on s390x libgcc's
>> __stack_split_initialize CTOR will overwrite the cancel field in the
>> pthread_t TCB on musl.
>>
>> The -fsplit-stack option is used within the gcc code base itself by
>> gcc-go (if available). On musl-based systems with split-stack support
>> (i.e. s390x or x86) this causes Go programs compiled with gcc-go to
>> misbehave at run-time.
>>
>> This patch fixes gcc-go on musl by disabling -fsplit-stack in gcc itself
>> since it is not supported on non-glibc targets anyhow. This is achieved
>> by checking if gcc targets a glibc-based system. This check has been
>> added for x86 and s390x, the rs6000 config already checks for
>> TARGET_GLIBC_MAJOR. Other architectures do not have split-stack
>> support. With this patch applied, the gcc-go configure script will
>> detect that -fsplit-stack support is not available and will not use it.
>>
>> See https://www.openwall.com/lists/musl/2012/10/16/12
>>
>> This patch was written under the assumption that glibc is the only libc
>> implementation which supports the required fields at the required
>> offsets in the pthread_t TCB. The patch has been tested on Alpine Linux
>> Edge on the s390x and x86 architectures by bootstrapping Google's Go
>> implementation with gcc-go.
>>
>> Signed-off-by: Sören Tempel <soe...@soeren-tempel.net>
>>
>> gcc/ChangeLog:
>>
>> * common/config/s390/s390-common.c (s390_supports_split_stack):
>> Only support split-stack on glibc targets.
>> * config/i386/gnu-user-common.h (STACK_CHECK_STATIC_BUILTIN): Ditto.
>> * config/i386/gnu.h (defined): Ditto.
s390 parts are ok.
Thanks!
Andreas
>> ---
>> This version of the patch addresses feedback by Andrew Pinski and uses
>> OPTION_GLIBC as well as opts->x_linux_libc == LIBC_GLIBC to detect glibc
>> targets (instead of relying on TARGET_GLIBC_MAJOR).
>>
>> gcc/common/config/s390/s390-common.c | 11 +++++++++--
>> gcc/config/i386/gnu-user-common.h | 5 +++--
>> gcc/config/i386/gnu.h | 6 +++++-
>> 3 files changed, 17 insertions(+), 5 deletions(-)
>
> Sorry for the slow review. The patch LGTM bar some minor formatting
> nits below, but target maintainers should have the final say.
>
>> diff --git a/gcc/common/config/s390/s390-common.c
>> b/gcc/common/config/s390/s390-common.c
>> index b6bc8501742..fc86e0bc5e7 100644
>> --- a/gcc/common/config/s390/s390-common.c
>> +++ b/gcc/common/config/s390/s390-common.c
>> @@ -116,13 +116,20 @@ s390_handle_option (struct gcc_options *opts
>> ATTRIBUTE_UNUSED,
>>
>> /* -fsplit-stack uses a field in the TCB, available with glibc-2.23.
>> We don't verify it, since earlier versions just have padding at
>> - its place, which works just as well. */
>> + its place, which works just as well. For other libc implementations
>
> GCC style is to use 2 spaces after a full stop. Same for the x86 part.
>
>> + we disable the feature entirely to avoid corrupting the TCB. */
>>
>> static bool
>> s390_supports_split_stack (bool report ATTRIBUTE_UNUSED,
>> struct gcc_options *opts ATTRIBUTE_UNUSED)
>
> These parameters are no longer unused after the patch, so it'd be good
> to remove the attributes.
>
>> {
>> - return true;
>> + if (opts->x_linux_libc == LIBC_GLIBC) {
>> + return true;
>> + } else {
>> + if (report)
>> + error("%<-fsplit-stack%> currently only supported on GNU/Linux");
>> + return false;
>> + }
>
> Normal GCC formatting would be something like:
>
> if (opts->x_linux_libc == LIBC_GLIBC)
> return true;
>
> if (report)
> error ("%<-fsplit-stack%> currently only supported on GNU/Linux");
> return false;
>
> Sorry for the fussy rules.
>
> Thanks,
> Richard
>
>> }
>>
>> #undef TARGET_DEFAULT_TARGET_FLAGS
>> diff --git a/gcc/config/i386/gnu-user-common.h
>> b/gcc/config/i386/gnu-user-common.h
>> index 00226f5a455..6e13315b5a3 100644
>> --- a/gcc/config/i386/gnu-user-common.h
>> +++ b/gcc/config/i386/gnu-user-common.h
>> @@ -66,7 +66,8 @@ along with GCC; see the file COPYING3. If not see
>> #define STACK_CHECK_STATIC_BUILTIN 1
>>
>> /* We only build the -fsplit-stack support in libgcc if the
>> - assembler has full support for the CFI directives. */
>> -#if HAVE_GAS_CFI_PERSONALITY_DIRECTIVE
>> + assembler has full support for the CFI directives and
>> + targets glibc. */
>> +#if HAVE_GAS_CFI_PERSONALITY_DIRECTIVE && OPTION_GLIBC
>> #define TARGET_CAN_SPLIT_STACK
>> #endif
>> diff --git a/gcc/config/i386/gnu.h b/gcc/config/i386/gnu.h
>> index 25fbc07f58c..adfe817201e 100644
>> --- a/gcc/config/i386/gnu.h
>> +++ b/gcc/config/i386/gnu.h
>> @@ -35,7 +35,11 @@ along with GCC. If not, see
>> <http://www.gnu.org/licenses/>.
>> crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
>> #endif
>>
>> -#ifdef TARGET_LIBC_PROVIDES_SSP
>> +/* -fsplit-stack uses a field in the TCB at a fixed offset. This
>> + field is only available for glibc. Disable -fsplit-stack for
>> + other libc implementation to avoid silent TCB corruptions. */
>> +
>> +#if defined (TARGET_LIBC_PROVIDES_SSP) && OPTION_GLIBC
>>
>> /* i386 glibc provides __stack_chk_guard in %gs:0x14. */
>> #define TARGET_THREAD_SSP_OFFSET 0x14
