From patchwork Thu Aug 22 12:00:58 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dragan Mladjenovic X-Patchwork-Id: 34239 Received: (qmail 95067 invoked by alias); 22 Aug 2019 12:01:08 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 94564 invoked by uid 89); 22 Aug 2019 12:01:07 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-15.6 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_NONE, RCVD_IN_SORBS_WEB, SPF_HELO_PASS autolearn=ham version=3.3.1 spammy= X-HELO: NAM03-BY2-obe.outbound.protection.outlook.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=PUtUgqmTxfTIGR7bFnW+At5Ra5tVM86LgNzoA8H6zKjPj5PVSaPq7lHS0p0Jw5nK/Z15Nb9RDxLrhmLNbHog/vDkN+/j/QKDGwSNBnSYoJVIzO2/YoInSCiXVwgVhg9lrNpA42X5enPIYXoEKFOgOPy2ExKw1OTzj3O6kP3U6ALCtTfyEE5jwPgCr2Fo/6BRJ9BGytfS55ZVQvcWnP45AxHQYRyeVwPerRuHSY9TDzUGUNOLfXxjt8hZI4idDAvJ92/RHCGxZzUeyR7/+os5uke0gWOBXaO/nVT7lMWfeU1LaaSopPDv1T+kja0axhQoqfhH5yTT4UoH1ddhPIBNQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dMfDdm8r8fANgl9wGawwKh9maajmccdGJfirY1pY+m0=; b=XPXG7GLgPZ3XfBJYxVdpJJTkMy0MjneTwIj8CvPe6EQdba1WJnMTK4tCuIWNv3gU8WMaaqLZb//kwQGzoD0siT2WTYX5d14sQ5fwGnue0Bb+4UmtiYQTVln7OETQm1k2m86CkMUFqVC//hHYLGCBcm8Xw8aXXLNpxWkhQ7xus++VTdBuvkZBcrn1oma1p33gZD2rgPmkSzI6wDkCUgN474O7iBSXNAlNY6ZH4byE15ahrr9XMBsYQyuyzDRbjjTqS8egKfOPLunhIfDQ5fmj1s3tgwFVrtI64tBjAp2Q1QuaPDH6OYYdQLI87omVX2aygRF8PqYBodT35OCM2Ajl6A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=wavecomp.com; dmarc=pass action=none header.from=wavecomp.com; dkim=pass header.d=wavecomp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wavecomp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dMfDdm8r8fANgl9wGawwKh9maajmccdGJfirY1pY+m0=; b=hj6i8tUr7A7SwrZq3PESorTaVjBSsHZQHqFr2KZfKCHSOptBZvJH0P6DjtFAfOx7UeZgyjyt1/ZyeR/w+wEVHXTnV7b1tdqyxhzHpea0WUhSaD3JNgL4DyzduicoHf5qTjbdK7jpgpUDQ9l9f7ghzwzblO18bBnZgIgKQ5UXtek= From: Dragan Mladjenovic To: Joseph Myers CC: Dragan Mladjenovic , "libc-alpha@sourceware.org" , Carlos O'Donell , Adhemerval Zanella , "Maciej W . Rozycki" , Faraz Shahbazker Subject: Re: Re: [PATCH v5] [Mips support for PT_GNU_STACK] mips: Force RWX stack for hard-float builds that can run on pre-4.8 kernels Date: Thu, 22 Aug 2019 12:00:58 +0000 Message-ID: <1566475213-14352-1-git-send-email-dmladjenovic@wavecomp.com> References: In-Reply-To: authentication-results: spf=none (sender IP is ) smtp.mailfrom=dmladjenovic@wavecomp.com; x-ms-exchange-purlcount: 2 x-ms-exchange-transport-forked: True x-ms-oob-tlc-oobclassifiers: OLM:10000; received-spf: None (protection.outlook.com: wavecomp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Y9HGFA/mULNxQiDKSNnHjumXKLC911ErO6vBerxQGpVG68dbf0GLzFcF14FVmcvtJxPCNxiNNZynF1D9T6hCvS9kqq47tA02GH+QSNj3/pQ= Linux/Mips kernels prior to 4.8 could potentially crash the user process when doing FPU emulation while running on non-executable user stack. Currently, gcc doesn't emit .note.GNU-stack for mips, but that will change in the future. To ensure that glibc can be used with such future gcc, without silently resulting in binaries that might crash in runtime, this patch forces RWX stack for all built objects if configured to run against minimum kernel version less than 4.8. * sysdeps/unix/sysv/linux/mips/Makefile (test-xfail-check-execstack): Move under mips-has-gnustack != yes. (CFLAGS-.o*, ASFLAGS-.o*): New rules. Apply -Wa,-execstack if mips-force-execstack == yes. * sysdeps/unix/sysv/linux/mips/configure: Regenerated. * sysdeps/unix/sysv/linux/mips/configure.ac (mips-force-execstack): New var. Set to yes for hard-float builds with minimum_kernel < 4.8.0 or minimum_kernel not set at all. (mips-has-gnustack): New var. Use value of libc_cv_as_noexecstack if mips-force-execstack != yes, otherwise set to no. --- Hello again, I took a liberty to include regenerated configure this time. Is this patch as it is suitable for backporting? It is not a prerequisite for gcc the patch, but it would be nice if a couple of prior versions of glibc would be made "safe" also. sysdeps/unix/sysv/linux/mips/Makefile | 21 ++++++++++++---- sysdeps/unix/sysv/linux/mips/configure | 41 +++++++++++++++++++++++++++++++ sysdeps/unix/sysv/linux/mips/configure.ac | 32 ++++++++++++++++++++++++ 3 files changed, 89 insertions(+), 5 deletions(-) diff --git a/sysdeps/unix/sysv/linux/mips/Makefile b/sysdeps/unix/sysv/linux/mips/Makefile index 8217f42..03044e7 100644 --- a/sysdeps/unix/sysv/linux/mips/Makefile +++ b/sysdeps/unix/sysv/linux/mips/Makefile @@ -63,14 +63,25 @@ sysdep-dl-routines += dl-static sysdep_routines += dl-vdso endif - -# Supporting non-executable stacks on MIPS requires changes to both -# the Linux kernel and glibc. See -# and -# . +# If the compiler doesn't use GNU.stack note, +# this test is expected to fail. +ifneq ($(mips-has-gnustack),yes) test-xfail-check-execstack = yes endif +endif ifeq ($(subdir),stdlib) gen-as-const-headers += ucontext_i.sym endif + +ifeq ($(mips-force-execstack),yes) +CFLAGS-.o += -Wa,-execstack +CFLAGS-.os += -Wa,-execstack +CFLAGS-.op += -Wa,-execstack +CFLAGS-.oS += -Wa,-execstack + +ASFLAGS-.o += -Wa,-execstack +ASFLAGS-.os += -Wa,-execstack +ASFLAGS-.op += -Wa,-execstack +ASFLAGS-.oS += -Wa,-execstack +endif diff --git a/sysdeps/unix/sysv/linux/mips/configure b/sysdeps/unix/sysv/linux/mips/configure index 1ee7f41..25f98e0 100644 --- a/sysdeps/unix/sysv/linux/mips/configure +++ b/sysdeps/unix/sysv/linux/mips/configure @@ -475,3 +475,44 @@ if test -z "$arch_minimum_kernel"; then arch_minimum_kernel=4.5.0 fi fi + +# Check if we are supposed to run on kernels older than 4.8.0. If so, +# force executable stack to avoid potential runtime problems with fpu +# emulation. +# NOTE: The check below assumes that in absence of user-provided minumum_kernel +# we will default to arch_minimum_kernel which is currently less than 4.8.0 for +# all known configurations. If this changes, the check must be updated. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the compiler must use executable stack" >&5 +$as_echo_n "checking whether the compiler must use executable stack... " >&6; } +if ${libc_cv_mips_force_execstack+:} false; then : + $as_echo_n "(cached) " >&6 +else + libc_cv_mips_force_execstack=no + if test $libc_mips_float = hard; then + if test -n "$minimum_kernel"; then + + min_version=$((`echo "$minimum_kernel.0.0.0" | sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1 \* 65536 + \2 \* 256 + \3/'`)) + + if test $min_version -lt 264192; then + libc_cv_mips_force_execstack=yes + fi + else + libc_cv_mips_force_execstack=yes + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_mips_force_execstack" >&5 +$as_echo "$libc_cv_mips_force_execstack" >&6; } + +libc_mips_has_gnustack=$libc_cv_as_noexecstack + +if test $libc_cv_mips_force_execstack = yes; then + libc_mips_has_gnustack=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: forcing executable stack for pre-4.8.0 Linux kernels" >&5 +$as_echo "$as_me: WARNING: forcing executable stack for pre-4.8.0 Linux kernels" >&2;} +fi + +config_vars="$config_vars +mips-force-execstack = ${libc_cv_mips_force_execstack}" +config_vars="$config_vars +mips-has-gnustack = ${libc_mips_has_gnustack}" diff --git a/sysdeps/unix/sysv/linux/mips/configure.ac b/sysdeps/unix/sysv/linux/mips/configure.ac index 9147aa4..3db1b32 100644 --- a/sysdeps/unix/sysv/linux/mips/configure.ac +++ b/sysdeps/unix/sysv/linux/mips/configure.ac @@ -134,3 +134,35 @@ if test -z "$arch_minimum_kernel"; then arch_minimum_kernel=4.5.0 fi fi + +# Check if we are supposed to run on kernels older than 4.8.0. If so, +# force executable stack to avoid potential runtime problems with fpu +# emulation. +# NOTE: The check below assumes that in absence of user-provided minumum_kernel +# we will default to arch_minimum_kernel which is currently less than 4.8.0 for +# all known configurations. If this changes, the check must be updated. +AC_CACHE_CHECK([whether the compiler must use executable stack], + libc_cv_mips_force_execstack, [dnl +libc_cv_mips_force_execstack=no + if test $libc_mips_float = hard; then + if test -n "$minimum_kernel"; then + changequote(,) + min_version=$((`echo "$minimum_kernel.0.0.0" | sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\).*/\1 \* 65536 + \2 \* 256 + \3/'`)) + changequote([,]) + if test $min_version -lt 264192; then + libc_cv_mips_force_execstack=yes + fi + else + libc_cv_mips_force_execstack=yes + fi + fi]) + +libc_mips_has_gnustack=$libc_cv_as_noexecstack + +if test $libc_cv_mips_force_execstack = yes; then + libc_mips_has_gnustack=no + AC_MSG_WARN([forcing executable stack for pre-4.8.0 Linux kernels]) +fi + +LIBC_CONFIG_VAR([mips-force-execstack],[${libc_cv_mips_force_execstack}]) +LIBC_CONFIG_VAR([mips-has-gnustack],[${libc_mips_has_gnustack}])