2023-05-24 06:48:02

by Thomas Weißschuh

[permalink] [raw]
Subject: [PATCH 0/3] tools/nolibc: stack protector compatibility fixes

Two fixes for nolibc to
* allow users to explicitly disable (or theoretically enable) when
building the tests
* fix stackprotectors on GCC < 10.

Signed-off-by: Thomas Weißschuh <[email protected]>
---
Thomas Weißschuh (3):
Revert "EXP: tools/nolibc: partially revert stackprotector compiler flags"
selftests/nolibc: allow disabling of stackprotector support
tools/nolibc: fix segfaults on compilers without attribute no_stack_protector

tools/include/nolibc/arch-aarch64.h | 2 +-
tools/include/nolibc/arch-arm.h | 2 +-
tools/include/nolibc/arch-i386.h | 2 +-
tools/include/nolibc/arch-loongarch.h | 2 +-
tools/include/nolibc/arch-mips.h | 2 +-
tools/include/nolibc/arch-riscv.h | 2 +-
tools/include/nolibc/arch-x86_64.h | 2 +-
tools/include/nolibc/compiler.h | 10 ++++++++++
tools/include/nolibc/stackprotector.h | 2 +-
tools/testing/selftests/nolibc/Makefile | 13 ++-----------
10 files changed, 20 insertions(+), 19 deletions(-)
---
base-commit: 8213b0cdb51d1f66af713e00fd0dff3c2eb47636
change-id: 20230523-nolibc-stackprotector-gcc9-8eebd10a7968

Best regards,
--
Thomas Weißschuh <[email protected]>



2023-05-24 06:48:09

by Thomas Weißschuh

[permalink] [raw]
Subject: [PATCH 3/3] tools/nolibc: fix segfaults on compilers without attribute no_stack_protector

Not all compilers, notably GCC < 10, have support for
__attribute__((no_stack_protector)).
Fall back to a mechanism that also works there.

Tested with GCC 9.5.0 from kernel.org crosstools.

Signed-off-by: Thomas Weißschuh <[email protected]>
---
tools/include/nolibc/arch-aarch64.h | 2 +-
tools/include/nolibc/arch-arm.h | 2 +-
tools/include/nolibc/arch-i386.h | 2 +-
tools/include/nolibc/arch-loongarch.h | 2 +-
tools/include/nolibc/arch-mips.h | 2 +-
tools/include/nolibc/arch-riscv.h | 2 +-
tools/include/nolibc/arch-x86_64.h | 2 +-
tools/include/nolibc/compiler.h | 10 ++++++++++
tools/include/nolibc/stackprotector.h | 2 +-
9 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/tools/include/nolibc/arch-aarch64.h b/tools/include/nolibc/arch-aarch64.h
index 64ec65b4ee38..11f294a406b7 100644
--- a/tools/include/nolibc/arch-aarch64.h
+++ b/tools/include/nolibc/arch-aarch64.h
@@ -175,7 +175,7 @@ char **environ __attribute__((weak));
const unsigned long *_auxv __attribute__((weak));

/* startup code */
-void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) _start(void)
+void __attribute__((weak,noreturn,optimize("omit-frame-pointer"))) __no_stack_protector _start(void)
{
__asm__ volatile (
#ifdef _NOLIBC_STACKPROTECTOR
diff --git a/tools/include/nolibc/arch-arm.h b/tools/include/nolibc/arch-arm.h
index 924169522cf7..45b89ffe8247 100644
--- a/tools/include/nolibc/arch-arm.h
+++ b/tools/include/nolibc/arch-arm.h
@@ -202,7 +202,7 @@ char **environ __attribute__((weak));
const unsigned long *_auxv __attribute__((weak));

/* startup code */
-void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) _start(void)
+void __attribute__((weak,noreturn,optimize("omit-frame-pointer"))) __no_stack_protector _start(void)
{
__asm__ volatile (
#ifdef _NOLIBC_STACKPROTECTOR
diff --git a/tools/include/nolibc/arch-i386.h b/tools/include/nolibc/arch-i386.h
index 37f813912957..3d672d925e9e 100644
--- a/tools/include/nolibc/arch-i386.h
+++ b/tools/include/nolibc/arch-i386.h
@@ -190,7 +190,7 @@ const unsigned long *_auxv __attribute__((weak));
* 2) The deepest stack frame should be set to zero
*
*/
-void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) _start(void)
+void __attribute__((weak,noreturn,optimize("omit-frame-pointer"))) __no_stack_protector _start(void)
{
__asm__ volatile (
#ifdef _NOLIBC_STACKPROTECTOR
diff --git a/tools/include/nolibc/arch-loongarch.h b/tools/include/nolibc/arch-loongarch.h
index d8ea7e787df4..ad3f266e7093 100644
--- a/tools/include/nolibc/arch-loongarch.h
+++ b/tools/include/nolibc/arch-loongarch.h
@@ -172,7 +172,7 @@ const unsigned long *_auxv __attribute__((weak));
#endif

/* startup code */
-void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) _start(void)
+void __attribute__((weak,noreturn,optimize("omit-frame-pointer"))) __no_stack_protector _start(void)
{
__asm__ volatile (
#ifdef _NOLIBC_STACKPROTECTOR
diff --git a/tools/include/nolibc/arch-mips.h b/tools/include/nolibc/arch-mips.h
index 9860236e5340..db24e0837a39 100644
--- a/tools/include/nolibc/arch-mips.h
+++ b/tools/include/nolibc/arch-mips.h
@@ -182,7 +182,7 @@ char **environ __attribute__((weak));
const unsigned long *_auxv __attribute__((weak));

/* startup code, note that it's called __start on MIPS */
-void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) __start(void)
+void __attribute__((weak,noreturn,optimize("omit-frame-pointer"))) __no_stack_protector __start(void)
{
__asm__ volatile (
/*".set nomips16\n"*/
diff --git a/tools/include/nolibc/arch-riscv.h b/tools/include/nolibc/arch-riscv.h
index 86616aeb77a0..a2e8564e66d6 100644
--- a/tools/include/nolibc/arch-riscv.h
+++ b/tools/include/nolibc/arch-riscv.h
@@ -180,7 +180,7 @@ char **environ __attribute__((weak));
const unsigned long *_auxv __attribute__((weak));

/* startup code */
-void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) _start(void)
+void __attribute__((weak,noreturn,optimize("omit-frame-pointer"))) __no_stack_protector _start(void)
{
__asm__ volatile (
".option push\n"
diff --git a/tools/include/nolibc/arch-x86_64.h b/tools/include/nolibc/arch-x86_64.h
index 485a7ff72a87..6fc4d8392742 100644
--- a/tools/include/nolibc/arch-x86_64.h
+++ b/tools/include/nolibc/arch-x86_64.h
@@ -190,7 +190,7 @@ const unsigned long *_auxv __attribute__((weak));
* 2) The deepest stack frame should be zero (the %rbp).
*
*/
-void __attribute__((weak,noreturn,optimize("omit-frame-pointer"),no_stack_protector)) _start(void)
+void __attribute__((weak,noreturn,optimize("omit-frame-pointer"))) __no_stack_protector _start(void)
{
__asm__ volatile (
#ifdef _NOLIBC_STACKPROTECTOR
diff --git a/tools/include/nolibc/compiler.h b/tools/include/nolibc/compiler.h
index 57da75cea799..beddc3665d69 100644
--- a/tools/include/nolibc/compiler.h
+++ b/tools/include/nolibc/compiler.h
@@ -12,4 +12,14 @@

#endif /* defined(__SSP__) ... */

+#if defined(__has_attribute)
+# if __has_attribute(no_stack_protector)
+# define __no_stack_protector __attribute__((no_stack_protector))
+# else
+# define __no_stack_protector __attribute__((__optimize__("-fno-stack-protector")))
+# endif
+#else
+# define __no_stack_protector __attribute__((__optimize__("-fno-stack-protector")))
+#endif /* defined(__has_attribute) */
+
#endif /* _NOLIBC_COMPILER_H */
diff --git a/tools/include/nolibc/stackprotector.h b/tools/include/nolibc/stackprotector.h
index 0a89e2b89ca6..88f7b2d098ff 100644
--- a/tools/include/nolibc/stackprotector.h
+++ b/tools/include/nolibc/stackprotector.h
@@ -37,7 +37,7 @@ void __stack_chk_fail_local(void)
__attribute__((weak,section(".data.nolibc_stack_chk")))
uintptr_t __stack_chk_guard;

-__attribute__((weak,no_stack_protector,section(".text.nolibc_stack_chk")))
+__attribute__((weak,section(".text.nolibc_stack_chk"))) __no_stack_protector
void __stack_chk_init(void)
{
my_syscall3(__NR_getrandom, &__stack_chk_guard, sizeof(__stack_chk_guard), 0);

--
2.40.1


2023-05-24 06:59:08

by Thomas Weißschuh

[permalink] [raw]
Subject: [PATCH 2/3] selftests/nolibc: allow disabling of stackprotector support

This allows users to override the autodetected and enabled-by default
compiler support for stackprotectors.

It can be used with "make CFLAGS_STACKPROTECTOR= nolibc-test".

Signed-off-by: Thomas Weißschuh <[email protected]>
---
tools/testing/selftests/nolibc/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/testing/selftests/nolibc/Makefile b/tools/testing/selftests/nolibc/Makefile
index 882ba6a33dbb..47c3c89092e4 100644
--- a/tools/testing/selftests/nolibc/Makefile
+++ b/tools/testing/selftests/nolibc/Makefile
@@ -77,10 +77,10 @@ Q=@
endif

CFLAGS_s390 = -m64
+CFLAGS_STACKPROTECTOR ?= $(call cc-option,-mstack-protector-guard=global $(call cc-option,-fstack-protector-all))
CFLAGS ?= -Os -fno-ident -fno-asynchronous-unwind-tables -std=c89 \
$(call cc-option,-fno-stack-protector) \
- $(call cc-option,-mstack-protector-guard=global $(call cc-option,-fstack-protector-all)) \
- $(CFLAGS_$(ARCH))
+ $(CFLAGS_$(ARCH)) $(CFLAGS_STACKPROTECTOR)
LDFLAGS := -s

help:

--
2.40.1


2023-05-24 07:40:31

by Willy Tarreau

[permalink] [raw]
Subject: Re: [PATCH 0/3] tools/nolibc: stack protector compatibility fixes

Hi Thomas,

On Wed, May 24, 2023 at 08:44:41AM +0200, Thomas Wei?schuh wrote:
> Two fixes for nolibc to
> * allow users to explicitly disable (or theoretically enable) when
> building the tests
> * fix stackprotectors on GCC < 10.

Nice, thank you. Just tested with gcc 9.5, works both with and without
stkp. Now pushed to branch 20230524-nolibc-rv32+stkp4. I've dropped my
exp patch and the associated revert. I think your two patches that clean
up the makefile options and the new one here that restores the cflags
should be squashed since the latter just partially reverts the former,
and that way the series remains bisectable. Just let me know if you're
OK, I can just to that and re-push.

Have a nice day!
Willy

2023-05-24 07:45:23

by Thomas Weißschuh

[permalink] [raw]
Subject: Re: [PATCH 0/3] tools/nolibc: stack protector compatibility fixes

On 2023-05-24 09:35:30+0200, Willy Tarreau wrote:
> Hi Thomas,
>
> On Wed, May 24, 2023 at 08:44:41AM +0200, Thomas Weißschuh wrote:
> > Two fixes for nolibc to
> > * allow users to explicitly disable (or theoretically enable) when
> > building the tests
> > * fix stackprotectors on GCC < 10.
>
> Nice, thank you. Just tested with gcc 9.5, works both with and without
> stkp. Now pushed to branch 20230524-nolibc-rv32+stkp4. I've dropped my
> exp patch and the associated revert. I think your two patches that clean
> up the makefile options and the new one here that restores the cflags
> should be squashed since the latter just partially reverts the former,
> and that way the series remains bisectable. Just let me know if you're
> OK, I can just to that and re-push.

Sounds good to me!

Thomas

2023-05-24 07:59:51

by Willy Tarreau

[permalink] [raw]
Subject: Re: [PATCH 0/3] tools/nolibc: stack protector compatibility fixes

On Wed, May 24, 2023 at 09:38:44AM +0200, Thomas Wei?schuh wrote:
> On 2023-05-24 09:35:30+0200, Willy Tarreau wrote:
> > Hi Thomas,
> >
> > On Wed, May 24, 2023 at 08:44:41AM +0200, Thomas Wei?schuh wrote:
> > > Two fixes for nolibc to
> > > * allow users to explicitly disable (or theoretically enable) when
> > > building the tests
> > > * fix stackprotectors on GCC < 10.
> >
> > Nice, thank you. Just tested with gcc 9.5, works both with and without
> > stkp. Now pushed to branch 20230524-nolibc-rv32+stkp4. I've dropped my
> > exp patch and the associated revert. I think your two patches that clean
> > up the makefile options and the new one here that restores the cflags
> > should be squashed since the latter just partially reverts the former,
> > and that way the series remains bisectable. Just let me know if you're
> > OK, I can just to that and re-push.
>
> Sounds good to me!

Now done, keeping the first commit's message (still valid) and
force-pushed.

thanks!
Willy