On 1/20/22 23:52, Richard Sandiford wrote: > cc:ing the x86 and s390 maintainers > > soeren--- via Gcc-patches <gcc-patches@gcc.gnu.org> writes: >> From: Sören Tempel <soe...@soeren-tempel.net> >> >> The -fsplit-stack option requires the pthread_t TCB definition in the >> libc to provide certain struct fields at specific hardcoded offsets. As >> far as I know, only glibc provides these fields at the required offsets. >> Most notably, musl libc does not have these fields. However, since gcc >> accesses the fields using a fixed offset, this does not cause a >> compile-time error, but instead results in a silent memory corruption at >> run-time with musl libc. For example, on s390x libgcc's >> __stack_split_initialize CTOR will overwrite the cancel field in the >> pthread_t TCB on musl. >> >> The -fsplit-stack option is used within the gcc code base itself by >> gcc-go (if available). On musl-based systems with split-stack support >> (i.e. s390x or x86) this causes Go programs compiled with gcc-go to >> misbehave at run-time. >> >> This patch fixes gcc-go on musl by disabling -fsplit-stack in gcc itself >> since it is not supported on non-glibc targets anyhow. This is achieved >> by checking if gcc targets a glibc-based system. This check has been >> added for x86 and s390x, the rs6000 config already checks for >> TARGET_GLIBC_MAJOR. Other architectures do not have split-stack >> support. With this patch applied, the gcc-go configure script will >> detect that -fsplit-stack support is not available and will not use it. >> >> See https://www.openwall.com/lists/musl/2012/10/16/12 >> >> This patch was written under the assumption that glibc is the only libc >> implementation which supports the required fields at the required >> offsets in the pthread_t TCB. The patch has been tested on Alpine Linux >> Edge on the s390x and x86 architectures by bootstrapping Google's Go >> implementation with gcc-go. >> >> Signed-off-by: Sören Tempel <soe...@soeren-tempel.net> >> >> gcc/ChangeLog: >> >> * common/config/s390/s390-common.c (s390_supports_split_stack): >> Only support split-stack on glibc targets. >> * config/i386/gnu-user-common.h (STACK_CHECK_STATIC_BUILTIN): Ditto. >> * config/i386/gnu.h (defined): Ditto.
s390 parts are ok. Thanks! Andreas >> --- >> This version of the patch addresses feedback by Andrew Pinski and uses >> OPTION_GLIBC as well as opts->x_linux_libc == LIBC_GLIBC to detect glibc >> targets (instead of relying on TARGET_GLIBC_MAJOR). >> >> gcc/common/config/s390/s390-common.c | 11 +++++++++-- >> gcc/config/i386/gnu-user-common.h | 5 +++-- >> gcc/config/i386/gnu.h | 6 +++++- >> 3 files changed, 17 insertions(+), 5 deletions(-) > > Sorry for the slow review. The patch LGTM bar some minor formatting > nits below, but target maintainers should have the final say. > >> diff --git a/gcc/common/config/s390/s390-common.c >> b/gcc/common/config/s390/s390-common.c >> index b6bc8501742..fc86e0bc5e7 100644 >> --- a/gcc/common/config/s390/s390-common.c >> +++ b/gcc/common/config/s390/s390-common.c >> @@ -116,13 +116,20 @@ s390_handle_option (struct gcc_options *opts >> ATTRIBUTE_UNUSED, >> >> /* -fsplit-stack uses a field in the TCB, available with glibc-2.23. >> We don't verify it, since earlier versions just have padding at >> - its place, which works just as well. */ >> + its place, which works just as well. For other libc implementations > > GCC style is to use 2 spaces after a full stop. Same for the x86 part. > >> + we disable the feature entirely to avoid corrupting the TCB. */ >> >> static bool >> s390_supports_split_stack (bool report ATTRIBUTE_UNUSED, >> struct gcc_options *opts ATTRIBUTE_UNUSED) > > These parameters are no longer unused after the patch, so it'd be good > to remove the attributes. > >> { >> - return true; >> + if (opts->x_linux_libc == LIBC_GLIBC) { >> + return true; >> + } else { >> + if (report) >> + error("%<-fsplit-stack%> currently only supported on GNU/Linux"); >> + return false; >> + } > > Normal GCC formatting would be something like: > > if (opts->x_linux_libc == LIBC_GLIBC) > return true; > > if (report) > error ("%<-fsplit-stack%> currently only supported on GNU/Linux"); > return false; > > Sorry for the fussy rules. > > Thanks, > Richard > >> } >> >> #undef TARGET_DEFAULT_TARGET_FLAGS >> diff --git a/gcc/config/i386/gnu-user-common.h >> b/gcc/config/i386/gnu-user-common.h >> index 00226f5a455..6e13315b5a3 100644 >> --- a/gcc/config/i386/gnu-user-common.h >> +++ b/gcc/config/i386/gnu-user-common.h >> @@ -66,7 +66,8 @@ along with GCC; see the file COPYING3. If not see >> #define STACK_CHECK_STATIC_BUILTIN 1 >> >> /* We only build the -fsplit-stack support in libgcc if the >> - assembler has full support for the CFI directives. */ >> -#if HAVE_GAS_CFI_PERSONALITY_DIRECTIVE >> + assembler has full support for the CFI directives and >> + targets glibc. */ >> +#if HAVE_GAS_CFI_PERSONALITY_DIRECTIVE && OPTION_GLIBC >> #define TARGET_CAN_SPLIT_STACK >> #endif >> diff --git a/gcc/config/i386/gnu.h b/gcc/config/i386/gnu.h >> index 25fbc07f58c..adfe817201e 100644 >> --- a/gcc/config/i386/gnu.h >> +++ b/gcc/config/i386/gnu.h >> @@ -35,7 +35,11 @@ along with GCC. If not, see >> <http://www.gnu.org/licenses/>. >> crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}" >> #endif >> >> -#ifdef TARGET_LIBC_PROVIDES_SSP >> +/* -fsplit-stack uses a field in the TCB at a fixed offset. This >> + field is only available for glibc. Disable -fsplit-stack for >> + other libc implementation to avoid silent TCB corruptions. */ >> + >> +#if defined (TARGET_LIBC_PROVIDES_SSP) && OPTION_GLIBC >> >> /* i386 glibc provides __stack_chk_guard in %gs:0x14. */ >> #define TARGET_THREAD_SSP_OFFSET 0x14