Fix the GNU Stack markings on libgcc.a

Message ID	3176479.Z5LO3NcMWg@laptop1.gw.ume.nu
State	New
Headers	show Return-Path: <gcc-patches-return-477035-incoming=patchwork.ozlabs.org@gcc.gnu.org> DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:from :to:subject:date:message-id:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=LUDLW+ExMf/EVs4e PJ8Z1HZPiysvfwgiKaB1IRl+vgyZq3VPRDpXn+b2xg+H9ZgJYoYTHQjlHGgNOzMG aHJg/IBVEbIwNzUXuF/dvawa7wk6y82tRyP0wxVWiKcpXC3q74V/pyXgwqVMW2tl eBYwWEB4xXixetEw62P+dwrlZnw= Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk Sender: gcc-patches-owner@gcc.gnu.org sender: zorry) by smtp.gentoo.org (Postfix) with ESMTPSA id D7B2B335C81 for <gcc-patches@gcc.gnu.org>; Tue, 1 May 2018 10:25:13 +0000 (UTC) From: Magnus Granberg <zorry@gentoo.org> To: gcc-patches@gcc.gnu.org Subject: [PATCH] Fix the GNU Stack markings on libgcc.a Date: Tue, 01 May 2018 12:24:44 +0200 Message-ID: <3176479.Z5LO3NcMWg@laptop1.gw.ume.nu> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="nextPart6156980.9hII8C1ec0" Content-Transfer-Encoding: 7Bit
Series	Fix the GNU Stack markings on libgcc.a \| expand Fix the GNU Stack markings on libgcc.a

Magnus Granberg May 1, 2018, 10:24 a.m. UTC

Hi

The *_resms64*.S files in libgcc don't have section to remove the
executable stack marking. Can this be added to Gcc 8.0 Rc?

gcc/ChangeLog:

2018-05-01  Magnus Granberg  <zorry@gentoo.org>

	* config/i386/cet.h: Add section to remove executable stack marking.

---

Jakub Jelinek May 1, 2018, 10:33 a.m. UTC | #1

On Tue, May 01, 2018 at 12:24:44PM +0200, Magnus Granberg wrote:
> Hi
> 
> The *_resms64*.S files in libgcc don't have section to remove the
> executable stack marking. Can this be added to Gcc 8.0 Rc?
> 
> gcc/ChangeLog:
> 
> 2018-05-01  Magnus Granberg  <zorry@gentoo.org>
> 
> 	* config/i386/cet.h: Add section to remove executable stack marking.

This is incorrect, the cet.h header is an installed header that has nothing
to do with whether executable stack is needed or not.

The right spot is either the libgcc/config/i386/i386-asm.h header, or
the libgcc/config/i386/*ms64*.h headers.

And I don't see anything release critical on this, these files are only in
libgcc.a and only linked in if somebody uses the ms ABI stuff.  I think it
can be fixed in 9.0/8.2+ only.

> --- a/gcc/config/i386/cet.h	2018-04-20 15:30:13.000000000 +0200
> +++ b/gcc/config/i386/cet.h	2018-05-01 11:45:53.762906162 +0200
> @@ -87,6 +87,9 @@
>  4:
>  	.popsection
>  #  endif /* __CET__ */
> +#  ifdef __linux__
> +    .section .note.GNU-stack,"",%progbits
> +#  endif
>  # endif /* __ELF__ */
>  #endif /* __ASSEMBLER__ */
>  

	Jakub

Magnus Granberg May 1, 2018, 11:32 a.m. UTC | #2

tisdag 1 maj 2018 kl. 12:33:33 CEST skrev  Jakub Jelinek:
> On Tue, May 01, 2018 at 12:24:44PM +0200, Magnus Granberg wrote:
> > Hi
> > 
> > The *_resms64*.S files in libgcc don't have section to remove the
> > executable stack marking. Can this be added to Gcc 8.0 Rc?
> > 
> > gcc/ChangeLog:
> > 
> > 2018-05-01  Magnus Granberg  <zorry@gentoo.org>
> > 
> > 	* config/i386/cet.h: Add section to remove executable stack marking.
> 
> This is incorrect, the cet.h header is an installed header that has nothing
> to do with whether executable stack is needed or not.
> 
> The right spot is either the libgcc/config/i386/i386-asm.h header, or
> the libgcc/config/i386/*ms64*.h headers.
> 
> And I don't see anything release critical on this, these files are only in
> libgcc.a and only linked in if somebody uses the ms ABI stuff.  I think it
> can be fixed in 9.0/8.2+ only.
> 
> > --- a/gcc/config/i386/cet.h	2018-04-20 15:30:13.000000000 +0200
> > +++ b/gcc/config/i386/cet.h	2018-05-01 11:45:53.762906162 +0200
> > @@ -87,6 +87,9 @@
> > 
> >  4:
> >  	.popsection
> >  
> >  #  endif /* __CET__ */
> > 
> > +#  ifdef __linux__
> > +    .section .note.GNU-stack,"",%progbits
> > +#  endif
> > 
> >  # endif /* __ELF__ */
> >  #endif /* __ASSEMBLER__ */
> 
> 	Jakub
New patch

libgcc/ChangeLog:

2018-05-01  Magnus Granberg  <zorry@gentoo.org>

	* config/i386/resms64.h: Add .note.GNU-stack section
	* config/i386/resms64f.h: Likewise.
	* config/i386/resms64fx.h: Likewise.
	* config/i386/resms64x.h: Likewise.
	* config/i386/savms64.h: Likewise.
	* config/i386/savms64f.h: Likewise.

---
--- a/libgcc/config/i386/resms64.h	2018-01-03 11:03:58.000000000 +0100
+++ b/libgcc/config/i386/resms64.h	2018-05-01 12:59:48.942833419 +0200
@@ -57,3 +57,6 @@ MS2SYSV_STUB_END(resms64_17)
 MS2SYSV_STUB_END(resms64_18)
 
 #endif /* __x86_64__ */
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
--- a/libgcc/config/i386/resms64f.h	2018-01-03 11:03:58.000000000 +0100
+++ b/libgcc/config/i386/resms64f.h	2018-05-01 13:00:23.422832853 +0200
@@ -55,3 +55,6 @@ MS2SYSV_STUB_END(resms64f_16)
 MS2SYSV_STUB_END(resms64f_17)
 
 #endif /* __x86_64__ */
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
--- a/libgcc/config/i386/resms64fx.h	2018-02-26 20:46:34.000000000 +0100
+++ b/libgcc/config/i386/resms64fx.h	2018-05-01 13:06:49.682826518 +0200
@@ -62,3 +62,6 @@ MS2SYSV_STUB_END(resms64fx_16)
 MS2SYSV_STUB_END(resms64fx_17)
 
 #endif /* __x86_64__ */
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
--- a/libgcc/config/i386/resms64x.h	2018-02-26 20:46:34.000000000 +0100
+++ b/libgcc/config/i386/resms64x.h	2018-05-01 13:07:21.702825993 +0200
@@ -63,3 +63,6 @@ MS2SYSV_STUB_END(resms64x_17)
 MS2SYSV_STUB_END(resms64x_18)
 
 #endif /* __x86_64__ */
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
--- a/libgcc/config/i386/savms64.h	2018-01-03 11:03:58.000000000 +0100
+++ b/libgcc/config/i386/savms64.h	2018-05-01 13:07:48.952825546 +0200
@@ -57,3 +57,6 @@ MS2SYSV_STUB_END(savms64_17)
 MS2SYSV_STUB_END(savms64_18)
 
 #endif /* __x86_64__ */
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
--- a/libgcc/config/i386/savms64f.h	2018-01-03 11:03:58.000000000 +0100
+++ b/libgcc/config/i386/savms64f.h	2018-05-01 13:08:30.082824871 +0200
@@ -55,3 +55,6 @@ MS2SYSV_STUB_END(savms64f_16)
 MS2SYSV_STUB_END(savms64f_17)
 
 #endif /* __x86_64__ */
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif

Daniel Santos May 2, 2018, 11:07 p.m. UTC | #3

Hello

On 05/01/2018 06:32 AM, Magnus Granberg wrote:
> New patch
> libgcc/ChangeLog:
>
> 2018-05-01  Magnus Granberg  <zorry@gentoo.org>
>
> 	* config/i386/resms64.h: Add .note.GNU-stack section
> 	* config/i386/resms64f.h: Likewise.
> 	* config/i386/resms64fx.h: Likewise.
> 	* config/i386/resms64x.h: Likewise.
> 	* config/i386/savms64.h: Likewise.
> 	* config/i386/savms64f.h: Likewise.
>
> ---

Well this isn't correct either because you are outside of the inclusion
guard.  Can you please move this up a line?

Thanks,
Daniel

Magnus Granberg May 2, 2018, 11:17 p.m. UTC | #4

torsdag 3 maj 2018 kl. 01:07:51 CEST skrev  Daniel Santos:
> Hello
> 
> On 05/01/2018 06:32 AM, Magnus Granberg wrote:
> > New patch
> > libgcc/ChangeLog:
> > 
> > 2018-05-01  Magnus Granberg  <zorry@gentoo.org>
> > 
> > 	* config/i386/resms64.h: Add .note.GNU-stack section
> > 	* config/i386/resms64f.h: Likewise.
> > 	* config/i386/resms64fx.h: Likewise.
> > 	* config/i386/resms64x.h: Likewise.
> > 	* config/i386/savms64.h: Likewise.
> > 	* config/i386/savms64f.h: Likewise.
> > 
> > ---
> 
> Well this isn't correct either because you are outside of the inclusion
> guard.  Can you please move this up a line?
> 
> Thanks,
> Daniel
/libgcc/ChangeLog:
2018-05-01  Magnus Granberg  <zorry@gentoo.org>

	* config/i386/resms64.h: Add .note.GNU-stack section
	* config/i386/resms64f.h: Likewise.
	* config/i386/resms64fx.h: Likewise.
	* config/i386/resms64x.h: Likewise.
	* config/i386/savms64.h: Likewise.
	* config/i386/savms64f.h: Likewise.

---
--- a/config/i386/resms64.h	2018-01-03 11:03:58.000000000 +0100
+++ b/config/i386/resms64.h	2018-05-01 12:59:48.942833419 +0200
@@ -57,3 +57,6 @@ MS2SYSV_STUB_END(resms64_17)
 MS2SYSV_STUB_END(resms64_18)
 
 #endif /* __x86_64__ */
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
--- a/config/i386/resms64f.h	2018-01-03 11:03:58.000000000 +0100
+++ b/config/i386/resms64f.h	2018-05-01 13:00:23.422832853 +0200
@@ -55,3 +55,6 @@ MS2SYSV_STUB_END(resms64f_16)
 MS2SYSV_STUB_END(resms64f_17)
 
 #endif /* __x86_64__ */
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
--- a/config/i386/resms64fx.h	2018-02-26 20:46:34.000000000 +0100
+++ b/config/i386/resms64fx.h	2018-05-01 13:06:49.682826518 +0200
@@ -62,3 +62,6 @@ MS2SYSV_STUB_END(resms64fx_16)
 MS2SYSV_STUB_END(resms64fx_17)
 
 #endif /* __x86_64__ */
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
--- a/config/i386/resms64x.h	2018-02-26 20:46:34.000000000 +0100
+++ b/config/i386/resms64x.h	2018-05-01 13:07:21.702825993 +0200
@@ -63,3 +63,6 @@ MS2SYSV_STUB_END(resms64x_17)
 MS2SYSV_STUB_END(resms64x_18)
 
 #endif /* __x86_64__ */
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
--- a/config/i386/savms64.h	2018-01-03 11:03:58.000000000 +0100
+++ b/config/i386/savms64.h	2018-05-01 13:07:48.952825546 +0200
@@ -57,3 +57,6 @@ MS2SYSV_STUB_END(savms64_17)
 MS2SYSV_STUB_END(savms64_18)
 
 #endif /* __x86_64__ */
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
--- a/config/i386/savms64f.h	2018-01-03 11:03:58.000000000 +0100
+++ b/config/i386/savms64f.h	2018-05-01 13:08:30.082824871 +0200
@@ -55,3 +55,6 @@ MS2SYSV_STUB_END(savms64f_16)
 MS2SYSV_STUB_END(savms64f_17)
 
 #endif /* __x86_64__ */
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif

Daniel Santos May 2, 2018, 11:48 p.m. UTC | #5

On 05/02/2018 06:17 PM, Magnus Granberg wrote:
> torsdag 3 maj 2018 kl. 01:07:51 CEST skrev  Daniel Santos:
>> Hello
>>
>> On 05/01/2018 06:32 AM, Magnus Granberg wrote:
>>> New patch
>>> libgcc/ChangeLog:
>>>
>>> 2018-05-01  Magnus Granberg  <zorry@gentoo.org>
>>>
>>> 	* config/i386/resms64.h: Add .note.GNU-stack section
>>> 	* config/i386/resms64f.h: Likewise.
>>> 	* config/i386/resms64fx.h: Likewise.
>>> 	* config/i386/resms64x.h: Likewise.
>>> 	* config/i386/savms64.h: Likewise.
>>> 	* config/i386/savms64f.h: Likewise.
>>>
>>> ---
>> Well this isn't correct either because you are outside of the inclusion
>> guard.  Can you please move this up a line?
>>
>> Thanks,
>> Daniel
> /libgcc/ChangeLog:
> 2018-05-01  Magnus Granberg  <zorry@gentoo.org>
>
> 	* config/i386/resms64.h: Add .note.GNU-stack section
> 	* config/i386/resms64f.h: Likewise.
> 	* config/i386/resms64fx.h: Likewise.
> 	* config/i386/resms64x.h: Likewise.
> 	* config/i386/savms64.h: Likewise.
> 	* config/i386/savms64f.h: Likewise.
>
> ---

No, I meant to move the changes up a line so that, if for some reason
the header was included twice, that it wouldn't output the section
twice.  Example:

 MS2SYSV_STUB_END(savms64_18) 
  
+#if·defined(__linux__)·&&·defined(__ELF__) 
+.section·.note.GNU-stack,"",%progbits 
+#endif
 #endif·/*·__x86_64__·*/ 


But upon further reflection, I think it can be cleanly added to
i386-asm.h.  Does that look sane Jakub?  (I haven't tried it)

Also, for the sake of my education, I don't exactly understand what the
problem is as I haven't been keeping up with pax and hardening.  I just
want to clarify that the stack shouldn't be executable.  These are not
actual "functions" per-se (i.e., they do not adhere to any ABI), they
operate on the stack of the calling function.

Thanks,
Daniel
diff --git a/libgcc/config/i386/i386-asm.h b/libgcc/config/i386/i386-asm.h
index 267133a9b75..7eb3c12fc85 100644
--- a/libgcc/config/i386/i386-asm.h
+++ b/libgcc/config/i386/i386-asm.h
@@ -80,6 +80,10 @@ ASMNAME(fn):
 
 #ifdef MS2SYSV_STUB_PREFIX
 
+# if·defined(__linux__)·&&·defined(__ELF__)
+.section·.note.GNU-stack,"",%progbits
+# endif
+
 # define MS2SYSV_STUB_BEGIN(base_name) \
 	HIDDEN_FUNC(PASTE2(MS2SYSV_STUB_PREFIX, base_name))

Magnus Granberg May 3, 2018, 10:34 a.m. UTC | #6

torsdag 3 maj 2018 kl. 06:19:20 CEST skrev du:
> On 05/02/2018 07:05 PM, Magnus Granberg wrote:
> > torsdag 3 maj 2018 kl. 01:48:16 CEST skrev du:
> >> On 05/02/2018 06:17 PM, Magnus Granberg wrote:
> >>> torsdag 3 maj 2018 kl. 01:07:51 CEST skrev  Daniel Santos:
> >>>> Hello
> >>>> 
> >>>> On 05/01/2018 06:32 AM, Magnus Granberg wrote:
> >>>>> New patch
> >>>>> libgcc/ChangeLog:
> >>>>> 
> >>>>> 2018-05-01  Magnus Granberg  <zorry@gentoo.org>
> >>>>> 
> >>>>> 	* config/i386/resms64.h: Add .note.GNU-stack section
> >>>>> 	* config/i386/resms64f.h: Likewise.
> >>>>> 	* config/i386/resms64fx.h: Likewise.
> >>>>> 	* config/i386/resms64x.h: Likewise.
> >>>>> 	* config/i386/savms64.h: Likewise.
> >>>>> 	* config/i386/savms64f.h: Likewise.
> >>>>> 
> >>>>> ---
> >>>> 
> >>>> Well this isn't correct either because you are outside of the inclusion
> >>>> guard.  Can you please move this up a line?
> >>>> 
> >>>> Thanks,
> >>>> Daniel
> >>> 
> >>> /libgcc/ChangeLog:
> >>> 2018-05-01  Magnus Granberg  <zorry@gentoo.org>
> >>> 
> >>> 	* config/i386/resms64.h: Add .note.GNU-stack section
> >>> 	* config/i386/resms64f.h: Likewise.
> >>> 	* config/i386/resms64fx.h: Likewise.
> >>> 	* config/i386/resms64x.h: Likewise.
> >>> 	* config/i386/savms64.h: Likewise.
> >>> 	* config/i386/savms64f.h: Likewise.
> >>> 
> >>> ---
> >> 
> >> No, I meant to move the changes up a line so that, if for some reason
> >> the header was included twice, that it wouldn't output the section
> >> 
> >> twice.  Example:
> >>  MS2SYSV_STUB_END(savms64_18)
> >> 
> >> +#if·defined(__linux__)·&&·defined(__ELF__)
> >> +.section·.note.GNU-stack,"",%progbits
> >> +#endif
> >> 
> >>  #endif·/*·__x86_64__·*/
> > 
> > Don't work on multilib
> 
> What do you mean? The functions do not exist on anything other than
> x86_64.  Emitting the .section when the function is not going to be
> subsequently emitted will apply it the .section to whatever happens to
> be next in the assembler output, so no, that's wrong.
> 
For you have the executable stack in 32bit  and 64bit libs
Look at the bug.
> >> But upon further reflection, I think it can be cleanly added to
> >> i386-asm.h.  Does that look sane Jakub?  (I haven't tried it)
> > 
> > Don't work on multilib
> > 
> >> Also, for the sake of my education, I don't exactly understand what the
> >> problem is as I haven't been keeping up with pax and hardening.  I just
> >> want to clarify that the stack shouldn't be executable.  These are not
> >> actual "functions" per-se (i.e., they do not adhere to any ABI), they
> >> operate on the stack of the calling function.
> >> 
> >> Thanks,
> >> Daniel
> > 
> > /Magnus

Fix the GNU Stack markings on libgcc.a

Commit Message

Comments

Patch