From patchwork Sat Dec 18 10:43:17 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: "Li, Pan2 via Gcc-patches" <gcc-patches@gcc.gnu.org>
X-Patchwork-Id: 49083
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 21FCF3858401
	for <patchwork@sourceware.org>; Sat, 18 Dec 2021 10:44:13 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 21FCF3858401
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1639824253;
	bh=8KJThBCPSyfQ/gG9zDSYdl+OX1u5xERDvzS0KwTxV90=;
	h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:From;
	b=YwFAJs2HEKIiCM46brT8CEniR1C/WpyAULNZAdxUs5qEHE+SUnBixqEObA55EcXr9
	 IurilvwHG8afqYXzkQ5oKomKzNjWL6UaOl8q9xaqqPiMn5Xo41S90laQ9i0xlslTmm
	 UkekIwYs75Y3xCQ3MSyP1oYYuW1SEil79mRqu6y8=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from magnesium.8pit.net (magnesium.8pit.net [45.76.88.171])
 by sourceware.org (Postfix) with ESMTP id 16ABC3858D28;
 Sat, 18 Dec 2021 10:43:43 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 16ABC3858D28
Received: from localhost (ip5f5ae040.dynamic.kabel-deutschland.de
 [95.90.224.64])
 by magnesium.8pit.net (OpenSMTPD) with ESMTPSA id 0cb47805
 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:YES);
 Sat, 18 Dec 2021 11:43:42 +0100 (CET)
To: gcc-patches@gcc.gnu.org
Subject: [PATCH] Disable -fsplit-stack support on non-glibc targets
Date: Sat, 18 Dec 2021 11:43:17 +0100
Message-Id: <20211218104317.23622-1-soeren@soeren-tempel.net>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-Spam-Status: No, score=-12.4 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: soeren--- via Gcc-patches <gcc-patches@gcc.gnu.org>
From: "Li, Pan2 via Gcc-patches" <gcc-patches@gcc.gnu.org>
Reply-To: soeren@soeren-tempel.net
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>

From: Sören Tempel <soeren+git@soeren-tempel.net>

The -fsplit-stack option requires the pthread_t TCB definition in the
libc to provide certain struct fields at specific hardcoded offsets. As
far as I know, only glibc provides these fields at the required offsets.
Most notably, musl libc does not have these fields. However, since gcc
accesses the fields using a fixed offset, this does not cause a
compile-time error, but instead results in a silent memory corruption at
run-time with musl libc. For example, on s390x libgcc's
__stack_split_initialize CTOR will overwrite the cancel field in the
pthread_t TCB on musl.

The -fsplit-stack option is used within the gcc code base itself by
gcc-go (if available). On musl-based systems with split-stack support
(i.e. s390x or x86) this causes Go programs compiled with gcc-go to
misbehave at run-time.

This patch fixes gcc-go on musl by disabling -fsplit-stack in gcc itself
since it is not supported on non-glibc targets anyhow. This is achieved
by checking if TARGET_GLIBC_MAJOR is defined to a non-zero value (it
defaults to zero on non-glibc systems). The check has been added for x86
and s390x, the rs6000 config already checks for TARGET_GLIBC_MAJOR.
Other architectures do not have split-stack support. With this patch
applied, the gcc-go configure script will detect that -fsplit-stack
support is not available and will not use it.

See https://www.openwall.com/lists/musl/2012/10/16/12

This patch has been tested on Alpine Linux Edge on the s390x and x86
architectures by bootstrapping Google's Go implementation with gcc-go.

Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net>

gcc/ChangeLog:

	* common/config/s390/s390-common.c (s390_supports_split_stack):
	Only support split-stack on glibc targets.
	* config/i386/gnu-user-common.h (STACK_CHECK_STATIC_BUILTIN): Ditto.
	* config/i386/gnu.h (defined): Ditto.
---
 gcc/common/config/s390/s390-common.c | 9 ++++++++-
 gcc/config/i386/gnu-user-common.h    | 5 +++--
 gcc/config/i386/gnu.h                | 6 +++++-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/gcc/common/config/s390/s390-common.c b/gcc/common/config/s390/s390-common.c
index b6bc8501742..afbd8d3fe66 100644
--- a/gcc/common/config/s390/s390-common.c
+++ b/gcc/common/config/s390/s390-common.c
@@ -116,13 +116,20 @@ s390_handle_option (struct gcc_options *opts ATTRIBUTE_UNUSED,
 
 /* -fsplit-stack uses a field in the TCB, available with glibc-2.23.
    We don't verify it, since earlier versions just have padding at
-   its place, which works just as well.  */
+   its place, which works just as well. For other libc implementations
+   we disable the feature entirely to avoid corrupting the TCB.  */
 
 static bool
 s390_supports_split_stack (bool report ATTRIBUTE_UNUSED,
 			   struct gcc_options *opts ATTRIBUTE_UNUSED)
 {
+#if TARGET_GLIBC_MAJOR
   return true;
+#else
+  if (report)
+    error("%<-fsplit-stack%> currently only supported on GNU/Linux");
+  return false;
+#endif
 }
 
 #undef TARGET_DEFAULT_TARGET_FLAGS
diff --git a/gcc/config/i386/gnu-user-common.h b/gcc/config/i386/gnu-user-common.h
index 00226f5a455..69f2d7415ad 100644
--- a/gcc/config/i386/gnu-user-common.h
+++ b/gcc/config/i386/gnu-user-common.h
@@ -66,7 +66,8 @@ along with GCC; see the file COPYING3.  If not see
 #define STACK_CHECK_STATIC_BUILTIN 1
 
 /* We only build the -fsplit-stack support in libgcc if the
-   assembler has full support for the CFI directives.  */
-#if HAVE_GAS_CFI_PERSONALITY_DIRECTIVE
+   assembler has full support for the CFI directives and
+   targets glibc.  */
+#if HAVE_GAS_CFI_PERSONALITY_DIRECTIVE && TARGET_GLIBC_MAJOR
 #define TARGET_CAN_SPLIT_STACK
 #endif
diff --git a/gcc/config/i386/gnu.h b/gcc/config/i386/gnu.h
index 25fbc07f58c..895a7369816 100644
--- a/gcc/config/i386/gnu.h
+++ b/gcc/config/i386/gnu.h
@@ -35,7 +35,11 @@ along with GCC.  If not, see <http://www.gnu.org/licenses/>.
    crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
 #endif
 
-#ifdef TARGET_LIBC_PROVIDES_SSP
+/* -fsplit-stack uses a field in the TCB at a fixed offset. This
+   field is only available for glibc. Disable -fsplit-stack for
+   other libc implementation to avoid silent TCB corruptions.  */
+
+#if defined (TARGET_LIBC_PROVIDES_SSP) && TARGET_GLIBC_MAJOR
 
 /* i386 glibc provides __stack_chk_guard in %gs:0x14.  */
 #define TARGET_THREAD_SSP_OFFSET        0x14