Message ID | alpine.DEB.2.20.1709182201230.12317@digraph.polyomino.org.uk |
---|---|
State | New |
Headers | show |
Series | Enable no-exec stacks for more targets using the Linux kernel | expand |
On Mon, 2017-09-18 at 22:03 +0000, Joseph Myers wrote: > Thus, I'd like the architecture maintainers to advise on whether any > such issues apply for their architecture. If they do, that will > provide the information needed for a comment on XFAILing the test in > glibc. If no such reasons apply for the patch to be problematic, I'd > like it reviewed for each of those architectures (you may wish to do > such testing as you see fit; I have *not* run any GCC tests with this > patch, just tested building glibc and running the compilation tests > with build-many-glibcs.py). Unfortunately, I don't have access to ia64 hardware anymore, so I am not able to verify that this works on hardware. I would expect that the patches work, and would recommend that you make the changes, and then we can back them out later if someone runs into a problem. It just looks like an oversight due to lack of ia64 maintenance that this wasn't done before. The ia64 changes are OK. Jim
On Sep 18 2017, Joseph Myers <joseph@codesourcery.com> wrote: > Building glibc for many different configurations and running the > compilation parts of the testsuite runs into failures of the > elf/check-execstack test for hppa, ia64 and microblaze. ia64 is non-execstack by default, so it doesn't need any marking. The same is true for every architecture that doesn't override elf_read_implies_exec, which includes microblaze and hppa. > This fails because those configurations are not generating > .note.GNU-stack sections to indicate that programs do not need an > executable stack. This needs to be fixed in glibc. Andreas.
On 09/19/2017 12:17 AM, Andreas Schwab wrote: > On Sep 18 2017, Joseph Myers <joseph@codesourcery.com> wrote: > >> Building glibc for many different configurations and running the >> compilation parts of the testsuite runs into failures of the >> elf/check-execstack test for hppa, ia64 and microblaze. > > ia64 is non-execstack by default, so it doesn't need any marking. The > same is true for every architecture that doesn't override > elf_read_implies_exec, which includes microblaze and hppa. > >> This fails because those configurations are not generating >> .note.GNU-stack sections to indicate that programs do not need an >> executable stack. > > This needs to be fixed in glibc. The requirement that a null .note.GNU-stack section needs to be defined to indicate that the default stack (i.e., non-executable) is used seems backward. I don't have any problem approving the MicroBlaze GCC changes, but, like Andreas, I think that this is a glibc problem.
On Tue, 19 Sep 2017, Andreas Schwab wrote: > On Sep 18 2017, Joseph Myers <joseph@codesourcery.com> wrote: > > > Building glibc for many different configurations and running the > > compilation parts of the testsuite runs into failures of the > > elf/check-execstack test for hppa, ia64 and microblaze. > > ia64 is non-execstack by default, so it doesn't need any marking. The > same is true for every architecture that doesn't override > elf_read_implies_exec, which includes microblaze and hppa. Thanks for the explanation. I've sent a glibc patch <https://sourceware.org/ml/libc-alpha/2017-09/msg00734.html>. I think the key questions for architecture experts now are: on each of those three architectures, do trampolines ever require executable stacks, and, if they do, how does this work at present when the kernel defaults to non-executable and my understanding at <https://sourceware.org/ml/libc-alpha/2017-09/msg00747.html> would be that glibc would only make thread stacks executable on those architectures, not the main process stacks, and GCC will never generate an explicit marker on those architectures to request an executable stack?
On Sep 19 2017, Joseph Myers <joseph@codesourcery.com> wrote: > I've sent a glibc patch > <https://sourceware.org/ml/libc-alpha/2017-09/msg00734.html>. I think the > key questions for architecture experts now are: on each of those three > architectures, do trampolines ever require executable stacks, and, if they > do, how does this work at present when the kernel defaults to > non-executable and my understanding at > <https://sourceware.org/ml/libc-alpha/2017-09/msg00747.html> would be that > glibc would only make thread stacks executable on those architectures, not > the main process stacks, and GCC will never generate an explicit marker on > those architectures to request an executable stack? For ia64 on linux there is EF_IA_64_LINUX_EXECUTABLE_STACK to request executable heap and stack. But since ia64 uses function descriptors, trampolines never need that. Andreas.
> -----Original Message----- > From: gcc-patches-owner@gcc.gnu.org [mailto:gcc-patches- > owner@gcc.gnu.org] On Behalf Of Andreas Schwab > Sent: Wednesday, September 20, 2017 12:19 PM > To: Joseph Myers <joseph@codesourcery.com> > Cc: gcc-patches@gcc.gnu.org; law@redhat.com; dave.anglin@bell.net; > wilson@tuliptree.org; eager@eagercon.com > Subject: Re: Enable no-exec stacks for more targets using the Linux kernel > > On Sep 19 2017, Joseph Myers <joseph@codesourcery.com> wrote: > > > I've sent a glibc patch > > <https://sourceware.org/ml/libc-alpha/2017-09/msg00734.html>. I think > > the key questions for architecture experts now are: on each of those > > three architectures, do trampolines ever require executable stacks, > > and, if they do, how does this work at present when the kernel > > defaults to non-executable and my understanding at > > <https://sourceware.org/ml/libc-alpha/2017-09/msg00747.html> would be > > that glibc would only make thread stacks executable on those > > architectures, not the main process stacks, and GCC will never > > generate an explicit marker on those architectures to request an executable > stack? > > For ia64 on linux there is EF_IA_64_LINUX_EXECUTABLE_STACK to request > executable heap and stack. But since ia64 uses function descriptors, > trampolines never need that. > > Andreas. Sorry somehow mail thread was missed in my earlier mail. Resending the same reply again: Microblaze is a soft processor with many configuration options. If we don't use the MMU, there is nothing preventing execution of code on the stack in the MicroBlaze architecture. With the MMU, you have the option to make any page, including the stack pages, executable or not. It is recommended to prevent execution on the stack by defining those pages as non-executable in the MMU. In particular, trampolines would have to be possible to code without execution on the stack Thanks, Nagaraju > -- > Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 > BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something > completely different."
On Wed, 20 Sep 2017, Andreas Schwab wrote: > On Sep 19 2017, Joseph Myers <joseph@codesourcery.com> wrote: > > > I've sent a glibc patch > > <https://sourceware.org/ml/libc-alpha/2017-09/msg00734.html>. I think the > > key questions for architecture experts now are: on each of those three > > architectures, do trampolines ever require executable stacks, and, if they > > do, how does this work at present when the kernel defaults to > > non-executable and my understanding at > > <https://sourceware.org/ml/libc-alpha/2017-09/msg00747.html> would be that > > glibc would only make thread stacks executable on those architectures, not > > the main process stacks, and GCC will never generate an explicit marker on > > those architectures to request an executable stack? > > For ia64 on linux there is EF_IA_64_LINUX_EXECUTABLE_STACK to request > executable heap and stack. But since ia64 uses function descriptors, > trampolines never need that. Thanks. I think this adequately confirms my glibc patch is safe for ia64. The questions above remain for hppa and microblaze.
> Thanks. I think this adequately confirms my glibc patch is safe for ia64. > The questions above remain for hppa and microblaze. HP-PA uses function descriptors like IA-64 so same outcome.
On Wed, Sep 20, 2017 at 12:25:46PM +0000, Joseph Myers wrote: > On Wed, 20 Sep 2017, Andreas Schwab wrote: > > > On Sep 19 2017, Joseph Myers <joseph@codesourcery.com> wrote: > > > > > I've sent a glibc patch > > > <https://sourceware.org/ml/libc-alpha/2017-09/msg00734.html>. I think the > > > key questions for architecture experts now are: on each of those three > > > architectures, do trampolines ever require executable stacks, and, if they > > > do, how does this work at present when the kernel defaults to > > > non-executable and my understanding at > > > <https://sourceware.org/ml/libc-alpha/2017-09/msg00747.html> would be that > > > glibc would only make thread stacks executable on those architectures, not > > > the main process stacks, and GCC will never generate an explicit marker on > > > those architectures to request an executable stack? > > > > For ia64 on linux there is EF_IA_64_LINUX_EXECUTABLE_STACK to request > > executable heap and stack. But since ia64 uses function descriptors, > > trampolines never need that. > > Thanks. I think this adequately confirms my glibc patch is safe for ia64. > The questions above remain for hppa and microblaze. If for some architectures which generally don't need executable stack for nested indirect function calls we don't want the .note.GNU-stack notes in *.s files, the question is if the linker in that case shouldn't either ignore those notes and either never generate PT_GNU_STACK segments, or always generate it with RW, then either glibc/kernel can always rely on missing PT_GNU_STACK - unclear, possibly executable stack, or PT_GNU_STACK present, RW means no-exec, RWX means exec stack, or it can have some list of architectures for which missing PT_GNU_STACK means non-exec stack. The current state is really not very good, some *.s/*.S files have .note.GNU-stack notes emitted regardless of architecture, e.g. for all linux arches, while others (e.g. arch specific) don't have those notes. And the compiler sometimes emits them, sometimes it doesn't (e.g. RH ia64 gcc had .note.GNU-stack emission patched in, while upstream didn't; similarly for ppc64 (non-le)). So when mixing that, there is often PT_GNU_STACK with RWX e.g. on ia64 or ppc64 even when there is no exec stack. Jakub
Index: gcc/config/ia64/linux.h =================================================================== --- gcc/config/ia64/linux.h (revision 252935) +++ gcc/config/ia64/linux.h (working copy) @@ -81,3 +81,5 @@ do { \ /* Define this to be nonzero if static stack checking is supported. */ #define STACK_CHECK_STATIC_BUILTIN 1 + +#define TARGET_ASM_FILE_END file_end_indicate_exec_stack Index: gcc/config/microblaze/linux.h =================================================================== --- gcc/config/microblaze/linux.h (revision 252935) +++ gcc/config/microblaze/linux.h (working copy) @@ -57,3 +57,5 @@ /* For the microblaze-*-linux* subtarget. */ #undef TARGET_OS_CPP_BUILTINS #define TARGET_OS_CPP_BUILTINS() GNU_USER_TARGET_OS_CPP_BUILTINS() + +#define TARGET_ASM_FILE_END file_end_indicate_exec_stack Index: gcc/config/pa/pa-linux.h =================================================================== --- gcc/config/pa/pa-linux.h (revision 252935) +++ gcc/config/pa/pa-linux.h (working copy) @@ -141,3 +141,6 @@ along with GCC; see the file COPYING3. If not see #define HAVE_sync_compare_and_swaphi 1 #define HAVE_sync_compare_and_swapsi 1 #define HAVE_sync_compare_and_swapdi 1 + +#undef NEED_INDICATE_EXEC_STACK +#define NEED_INDICATE_EXEC_STACK 1 Index: gcc/config/pa/pa.c =================================================================== --- gcc/config/pa/pa.c (revision 252935) +++ gcc/config/pa/pa.c (working copy) @@ -159,9 +159,7 @@ static void pa_hpux64_gas_file_start (void) ATTRIB static void pa_hpux64_hpas_file_start (void) ATTRIBUTE_UNUSED; static void output_deferred_plabels (void); static void output_deferred_profile_counters (void) ATTRIBUTE_UNUSED; -#ifdef ASM_OUTPUT_EXTERNAL_REAL -static void pa_hpux_file_end (void); -#endif +static void pa_file_end (void); static void pa_init_libfuncs (void); static rtx pa_struct_value_rtx (tree, int); static bool pa_pass_by_reference (cumulative_args_t, machine_mode, @@ -301,11 +299,7 @@ static size_t n_deferred_plabels = 0; #define TARGET_ASM_CAN_OUTPUT_MI_THUNK default_can_output_mi_thunk_no_vcall #undef TARGET_ASM_FILE_END -#ifdef ASM_OUTPUT_EXTERNAL_REAL -#define TARGET_ASM_FILE_END pa_hpux_file_end -#else -#define TARGET_ASM_FILE_END output_deferred_plabels -#endif +#define TARGET_ASM_FILE_END pa_file_end #undef TARGET_ASM_RELOC_RW_MASK #define TARGET_ASM_RELOC_RW_MASK pa_reloc_rw_mask @@ -9976,6 +9970,7 @@ pa_hpux_asm_output_external (FILE *file, tree decl extern_symbol p = {decl, name}; vec_safe_push (extern_symbols, p); } +#endif /* Output text required at the end of an assembler file. This includes deferred plabels and .import directives for @@ -9982,16 +9977,19 @@ pa_hpux_asm_output_external (FILE *file, tree decl all external symbols that were actually referenced. */ static void -pa_hpux_file_end (void) +pa_file_end (void) { +#ifdef ASM_OUTPUT_EXTERNAL_REAL unsigned int i; extern_symbol *p; if (!NO_DEFERRED_PROFILE_COUNTERS) output_deferred_profile_counters (); +#endif output_deferred_plabels (); +#ifdef ASM_OUTPUT_EXTERNAL_REAL for (i = 0; vec_safe_iterate (extern_symbols, i, &p); i++) { tree decl = p->decl; @@ -10002,9 +10000,12 @@ static void } vec_free (extern_symbols); -} #endif + if (NEED_INDICATE_EXEC_STACK) + file_end_indicate_exec_stack (); +} + /* Implement TARGET_CAN_CHANGE_MODE_CLASS. */ static bool Index: gcc/config/pa/pa.h =================================================================== --- gcc/config/pa/pa.h (revision 252935) +++ gcc/config/pa/pa.h (working copy) @@ -1311,3 +1311,5 @@ do { \ seven and four instructions, respectively. */ #define MAX_PCREL17F_OFFSET \ (flag_pic ? (TARGET_HPUX ? 198164 : 221312) : 240000) + +#define NEED_INDICATE_EXEC_STACK 0 Index: libgcc/config/ia64/crtbegin.S =================================================================== --- libgcc/config/ia64/crtbegin.S (revision 252935) +++ libgcc/config/ia64/crtbegin.S (working copy) @@ -24,6 +24,12 @@ #include "auto-host.h" +/* An executable stack is *not* required for these functions. */ +#if defined(__ELF__) && defined(__linux__) +.section .note.GNU-stack,"",%progbits +.previous +#endif + .section .ctors,"aw","progbits" .align 8 __CTOR_LIST__: Index: libgcc/config/ia64/crtend.S =================================================================== --- libgcc/config/ia64/crtend.S (revision 252935) +++ libgcc/config/ia64/crtend.S (working copy) @@ -24,6 +24,12 @@ #include "auto-host.h" +/* An executable stack is *not* required for these functions. */ +#if defined(__ELF__) && defined(__linux__) +.section .note.GNU-stack,"",%progbits +.previous +#endif + .section .ctors,"aw","progbits" .align 8 __CTOR_END__: Index: libgcc/config/ia64/crti.S =================================================================== --- libgcc/config/ia64/crti.S (revision 252935) +++ libgcc/config/ia64/crti.S (working copy) @@ -24,6 +24,12 @@ # .init sections. Users may put any desired instructions in those # sections. +/* An executable stack is *not* required for these functions. */ +#if defined(__ELF__) && defined(__linux__) +.section .note.GNU-stack,"",%progbits +.previous +#endif + .section ".init" .align 16 .global _init Index: libgcc/config/ia64/crtn.S =================================================================== --- libgcc/config/ia64/crtn.S (revision 252935) +++ libgcc/config/ia64/crtn.S (working copy) @@ -24,6 +24,12 @@ # fact return. Users may put any desired instructions in those sections. # This file is the last thing linked into any executable. +/* An executable stack is *not* required for these functions. */ +#if defined(__ELF__) && defined(__linux__) +.section .note.GNU-stack,"",%progbits +.previous +#endif + .section ".init" ;; mov ar.pfs = r34 Index: libgcc/config/ia64/lib1funcs.S =================================================================== --- libgcc/config/ia64/lib1funcs.S (revision 252935) +++ libgcc/config/ia64/lib1funcs.S (working copy) @@ -22,6 +22,12 @@ see the files COPYING3 and COPYING.RUNTIME respectively. If not, see <http://www.gnu.org/licenses/>. */ +/* An executable stack is *not* required for these functions. */ +#if defined(__ELF__) && defined(__linux__) +.section .note.GNU-stack,"",%progbits +.previous +#endif + #ifdef L__divxf3 // Compute a 80-bit IEEE double-extended quotient. // Index: libgcc/config/microblaze/crti.S =================================================================== --- libgcc/config/microblaze/crti.S (revision 252935) +++ libgcc/config/microblaze/crti.S (working copy) @@ -24,6 +24,12 @@ see the files COPYING3 and COPYING.RUNTIME respectively. If not, see <http://www.gnu.org/licenses/>. */ +/* An executable stack is *not* required for these functions. */ +#ifdef __linux__ +.section .note.GNU-stack,"",%progbits +.previous +#endif + .section .init, "ax" .global __init Index: libgcc/config/microblaze/crtn.S =================================================================== --- libgcc/config/microblaze/crtn.S (revision 252935) +++ libgcc/config/microblaze/crtn.S (working copy) @@ -24,6 +24,12 @@ see the files COPYING3 and COPYING.RUNTIME respectively. If not, see <http://www.gnu.org/licenses/>. */ +/* An executable stack is *not* required for these functions. */ +#ifdef __linux__ +.section .note.GNU-stack,"",%progbits +.previous +#endif + .section .init, "ax" lw r15, r0, r1 rtsd r15, 8 Index: libgcc/config/microblaze/divsi3.S =================================================================== --- libgcc/config/microblaze/divsi3.S (revision 252935) +++ libgcc/config/microblaze/divsi3.S (working copy) @@ -32,6 +32,12 @@ # ####################################### +/* An executable stack is *not* required for these functions. */ +#ifdef __linux__ +.section .note.GNU-stack,"",%progbits +.previous +#endif + .globl __divsi3 .ent __divsi3 .type __divsi3,@function Index: libgcc/config/microblaze/moddi3.S =================================================================== --- libgcc/config/microblaze/moddi3.S (revision 252935) +++ libgcc/config/microblaze/moddi3.S (working copy) @@ -30,6 +30,12 @@ ####################################### +/* An executable stack is *not* required for these functions. */ +#ifdef __linux__ +.section .note.GNU-stack,"",%progbits +.previous +#endif + .globl __moddi3 .ent __moddi3 __moddi3: Index: libgcc/config/microblaze/modsi3.S =================================================================== --- libgcc/config/microblaze/modsi3.S (revision 252935) +++ libgcc/config/microblaze/modsi3.S (working copy) @@ -32,6 +32,12 @@ # ####################################### +/* An executable stack is *not* required for these functions. */ +#ifdef __linux__ +.section .note.GNU-stack,"",%progbits +.previous +#endif + .globl __modsi3 .ent __modsi3 .type __modsi3,@function Index: libgcc/config/microblaze/muldi3_hard.S =================================================================== --- libgcc/config/microblaze/muldi3_hard.S (revision 252935) +++ libgcc/config/microblaze/muldi3_hard.S (working copy) @@ -47,6 +47,12 @@ # ####################################### +/* An executable stack is *not* required for these functions. */ +#ifdef __linux__ +.section .note.GNU-stack,"",%progbits +.previous +#endif + .globl muldi3_hardproc .ent muldi3_hardproc muldi3_hardproc: Index: libgcc/config/microblaze/mulsi3.S =================================================================== --- libgcc/config/microblaze/mulsi3.S (revision 252935) +++ libgcc/config/microblaze/mulsi3.S (working copy) @@ -32,6 +32,12 @@ # ####################################### +/* An executable stack is *not* required for these functions. */ +#ifdef __linux__ +.section .note.GNU-stack,"",%progbits +.previous +#endif + .globl __mulsi3 .ent __mulsi3 .type __mulsi3,@function Index: libgcc/config/microblaze/stack_overflow_exit.S =================================================================== --- libgcc/config/microblaze/stack_overflow_exit.S (revision 252935) +++ libgcc/config/microblaze/stack_overflow_exit.S (working copy) @@ -33,6 +33,12 @@ # ####################################### +/* An executable stack is *not* required for these functions. */ +#ifdef __linux__ +.section .note.GNU-stack,"",%progbits +.previous +#endif + .globl _stack_overflow_error .data .align 2 Index: libgcc/config/microblaze/udivsi3.S =================================================================== --- libgcc/config/microblaze/udivsi3.S (revision 252935) +++ libgcc/config/microblaze/udivsi3.S (working copy) @@ -32,6 +32,12 @@ # ####################################### +/* An executable stack is *not* required for these functions. */ +#ifdef __linux__ +.section .note.GNU-stack,"",%progbits +.previous +#endif + .globl __udivsi3 .ent __udivsi3 .type __udivsi3,@function Index: libgcc/config/microblaze/umodsi3.S =================================================================== --- libgcc/config/microblaze/umodsi3.S (revision 252935) +++ libgcc/config/microblaze/umodsi3.S (working copy) @@ -32,6 +32,12 @@ # ####################################### +/* An executable stack is *not* required for these functions. */ +#ifdef __linux__ +.section .note.GNU-stack,"",%progbits +.previous +#endif + .globl __umodsi3 .ent __umodsi3 .type __umodsi3,@function Index: libgcc/config/pa/milli64.S =================================================================== --- libgcc/config/pa/milli64.S (revision 252935) +++ libgcc/config/pa/milli64.S (working copy) @@ -25,6 +25,12 @@ a copy of the GCC Runtime Library Exception along see the files COPYING3 and COPYING.RUNTIME respectively. If not, see <http://www.gnu.org/licenses/>. */ +/* An executable stack is *not* required for these functions. */ +#if defined(__ELF__) && defined(__linux__) +.section .note.GNU-stack,"",%progbits +.previous +#endif + #ifdef pa64 .level 2.0w #endif