Ben Hutchings
2020-Apr-29 22:01 UTC
[klibc] [PATCH klibc 1/3] Revert " Kbuild: Tell gas we don't want executable stacks"
This reverts commit 9d8d648e604026b32cad00a84ed6c29cbd157641, which
broke signal handing on some architectures.
On m68k and parisc, signal return depends on a trampoline that the
kernel writes on the stack. On alpha, s390, and sparc (32-bit), we
can avoid this by providing our own function as sa_restorer, but we
currently don't.
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
---
scripts/Kbuild.klibc | 2 +-
usr/klibc/Kbuild | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/scripts/Kbuild.klibc b/scripts/Kbuild.klibc
index afc9a546..b7e99b56 100644
--- a/scripts/Kbuild.klibc
+++ b/scripts/Kbuild.klibc
@@ -125,7 +125,7 @@ KLIBCDEFS += -D__KLIBC__=$(KLIBCMAJOR) \
KLIBCCPPFLAGS += $(KLIBCDEFS)
KLIBCCFLAGS += $(KLIBCCPPFLAGS) $(KLIBCREQFLAGS) $(KLIBCARCHREQFLAGS) \
$(KLIBCOPTFLAGS) $(KLIBCWARNFLAGS)
-KLIBCAFLAGS += -D__ASSEMBLY__ -Wa,--noexecstack $(KLIBCCFLAGS)
+KLIBCAFLAGS += -D__ASSEMBLY__ $(KLIBCCFLAGS)
KLIBCSTRIPFLAGS += --strip-all -R .comment -R .note
KLIBCLIBGCC_DEF := $(shell $(KLIBCCC) $(KLIBCCFLAGS) --print-libgcc)
diff --git a/usr/klibc/Kbuild b/usr/klibc/Kbuild
index 24bad07d..bec9cdb4 100644
--- a/usr/klibc/Kbuild
+++ b/usr/klibc/Kbuild
@@ -185,7 +185,6 @@ quiet_cmd_interp = BUILD $@
cmd_interp = $(KLIBCCC) $(klibccflags) -D__ASSEMBLY__ \
-DLIBDIR=\"$(SHLIBDIR)\" \
-DSOHASH=\"$(SOLIBHASH)\" \
- -Wa,--noexecstack \
-c -o $@ $<
$(INTERP_O): $(obj)/interp.S $(SOLIB).hash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL:
<https://lists.zytor.com/archives/klibc/attachments/20200429/74c9f900/attachment.sig>
Ben Hutchings
2020-Apr-29 22:06 UTC
[klibc] [PATCH klibc 2/3] Kbuild: Add a per-architecture option to disable exectable stacks
We still want to avoid executable stacks, but now we will only do so
for architectures where we know we can avoid stack trampolines for
signal return.
Disable executable stacks only if KLIBCEXECSTACK is set to 'n' by the
architecture's MCONFIG.
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
---
scripts/Kbuild.klibc | 5 ++++-
usr/klibc/Kbuild | 1 +
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/scripts/Kbuild.klibc b/scripts/Kbuild.klibc
index b7e99b56..a9a2a40e 100644
--- a/scripts/Kbuild.klibc
+++ b/scripts/Kbuild.klibc
@@ -118,13 +118,16 @@ KLIBCCPPFLAGS += -I$(KLIBCKERNELSRC)/include \
$(if $(KBUILD_SRC),-I$(srctree)/include) \
$(KLIBCARCHINCFLAGS)
+# compiler/assembler option for whether we want an executable stack
+KLIBCSTACKFLAGS := -Wa,$(if $(filter n,$(KLIBCEXECSTACK)),no)execstack
+
# klibc definitions
KLIBCDEFS += -D__KLIBC__=$(KLIBCMAJOR) \
-D__KLIBC_MINOR__=$(KLIBCMINOR) \
-D_BITSIZE=$(KLIBCBITSIZE)
KLIBCCPPFLAGS += $(KLIBCDEFS)
KLIBCCFLAGS += $(KLIBCCPPFLAGS) $(KLIBCREQFLAGS) $(KLIBCARCHREQFLAGS) \
- $(KLIBCOPTFLAGS) $(KLIBCWARNFLAGS)
+ $(KLIBCOPTFLAGS) $(KLIBCSTACKFLGS) $(KLIBCWARNFLAGS)
KLIBCAFLAGS += -D__ASSEMBLY__ $(KLIBCCFLAGS)
KLIBCSTRIPFLAGS += --strip-all -R .comment -R .note
diff --git a/usr/klibc/Kbuild b/usr/klibc/Kbuild
index bec9cdb4..c6338851 100644
--- a/usr/klibc/Kbuild
+++ b/usr/klibc/Kbuild
@@ -185,6 +185,7 @@ quiet_cmd_interp = BUILD $@
cmd_interp = $(KLIBCCC) $(klibccflags) -D__ASSEMBLY__ \
-DLIBDIR=\"$(SHLIBDIR)\" \
-DSOHASH=\"$(SOLIBHASH)\" \
+ $(KLIBCSTACKFLAGS) \
-c -o $@ $<
$(INTERP_O): $(obj)/interp.S $(SOLIB).hash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL:
<https://lists.zytor.com/archives/klibc/attachments/20200429/ff06c8ef/attachment.sig>
Ben Hutchings
2020-Apr-29 22:06 UTC
[klibc] [PATCH klibc 3/3] arch: Explicitly disable or enable executable stacks
For each architecture (except cris, which is obsolete) set KLIBCEXECSTACK to 'y' or 'n', and comment on the kernel's signal return implementation. Signed-off-by: Ben Hutchings <ben at decadent.org.uk> --- usr/klibc/arch/alpha/MCONFIG | 4 ++++ usr/klibc/arch/arm/MCONFIG | 3 +++ usr/klibc/arch/arm64/MCONFIG | 3 +++ usr/klibc/arch/i386/MCONFIG | 3 +++ usr/klibc/arch/ia64/MCONFIG | 3 +++ usr/klibc/arch/m68k/MCONFIG | 3 +++ usr/klibc/arch/mips/MCONFIG | 3 +++ usr/klibc/arch/mips64/MCONFIG | 3 +++ usr/klibc/arch/parisc/MCONFIG | 3 +++ usr/klibc/arch/ppc/MCONFIG | 3 +++ usr/klibc/arch/ppc64/MCONFIG | 3 +++ usr/klibc/arch/riscv64/MCONFIG | 3 +++ usr/klibc/arch/s390/MCONFIG | 4 ++++ usr/klibc/arch/sh/MCONFIG | 3 +++ usr/klibc/arch/sparc/MCONFIG | 4 ++++ usr/klibc/arch/sparc64/MCONFIG | 3 +++ usr/klibc/arch/x86_64/MCONFIG | 3 +++ 17 files changed, 54 insertions(+) diff --git a/usr/klibc/arch/alpha/MCONFIG b/usr/klibc/arch/alpha/MCONFIG index ad11372f..072adb85 100644 --- a/usr/klibc/arch/alpha/MCONFIG +++ b/usr/klibc/arch/alpha/MCONFIG @@ -14,3 +14,7 @@ KLIBCBITSIZE = 64 # 7 GB - normal binaries start at 4.5 GB, and the stack is below # the binary. KLIBCSHAREDFLAGS = -Ttext-segment 0x1c0000000 + +# Kernel uses stack trampoline for signal return unless we set +# sa_restorer +KLIBCEXECSTACK := y diff --git a/usr/klibc/arch/arm/MCONFIG b/usr/klibc/arch/arm/MCONFIG index 8a7096b8..ae407cb9 100644 --- a/usr/klibc/arch/arm/MCONFIG +++ b/usr/klibc/arch/arm/MCONFIG @@ -33,3 +33,6 @@ else KLIBCREQFLAGS += -mabi=apcs-gnu -mno-thumb-interwork endif endif + +# Kernel uses dedicated page or vDSO for signal return since 2.6.13 +KLIBCEXECSTACK := n diff --git a/usr/klibc/arch/arm64/MCONFIG b/usr/klibc/arch/arm64/MCONFIG index 6d22847e..e31ffea7 100644 --- a/usr/klibc/arch/arm64/MCONFIG +++ b/usr/klibc/arch/arm64/MCONFIG @@ -21,3 +21,6 @@ KLIBCREQFLAGS += -fno-exceptions -mgeneral-regs-only # On arm64, binaries are normally loaded at 4MB. Place klibc.so # a little before that at 2MB to prevent overlap. KLIBCSHAREDFLAGS = -Ttext-segment 0x0200000 + +# Kernel has never used stack trampolines +KLIBCEXECSTACK := n diff --git a/usr/klibc/arch/i386/MCONFIG b/usr/klibc/arch/i386/MCONFIG index 07046695..c7d3fccd 100644 --- a/usr/klibc/arch/i386/MCONFIG +++ b/usr/klibc/arch/i386/MCONFIG @@ -31,3 +31,6 @@ KLIBCBITSIZE = 32 # calls, and work on the memory models for this architecture # 96 MB - normal binaries start at 128 MB KLIBCSHAREDFLAGS = -Ttext-segment 0x06000000 + +# Kernel uses dedicated page or vDSO for signal return since 2.5.55 +KLIBCEXECSTACK := n diff --git a/usr/klibc/arch/ia64/MCONFIG b/usr/klibc/arch/ia64/MCONFIG index d12c9bf2..f2a25395 100644 --- a/usr/klibc/arch/ia64/MCONFIG +++ b/usr/klibc/arch/ia64/MCONFIG @@ -12,3 +12,6 @@ KLIBCOPTFLAGS += -Os KLIBCBITSIZE = 64 KLIBCSHAREDFLAGS = -T $(src)/arch/$(KLIBCARCH)/klibc.ld + +# Kernel has never used stack trampolines +KLIBCEXECSTACK := n diff --git a/usr/klibc/arch/m68k/MCONFIG b/usr/klibc/arch/m68k/MCONFIG index 3f4bdae6..4944be46 100644 --- a/usr/klibc/arch/m68k/MCONFIG +++ b/usr/klibc/arch/m68k/MCONFIG @@ -17,3 +17,6 @@ KLIBCBITSIZE = 32 # script right. Not sure if there is a fundamental reason # to not duck below the halfway point... KLIBCSHAREDFLAGS = -Ttext-segment 0xb0000000 + +# Kernel uses stack trampoline for signal return +KLIBCEXECSTACK := y diff --git a/usr/klibc/arch/mips/MCONFIG b/usr/klibc/arch/mips/MCONFIG index 7ad65232..7bf65a50 100644 --- a/usr/klibc/arch/mips/MCONFIG +++ b/usr/klibc/arch/mips/MCONFIG @@ -18,3 +18,6 @@ KLIBCBITSIZE = 32 # # Use -Ttext-segment so that the special .MIPS* sections are moved as well. KLIBCSHAREDFLAGS = -Ttext-segment 0x00200000 + +# Kernel uses vDSO for signal return since 2.6.34 +KLIBCEXECSTACK := n diff --git a/usr/klibc/arch/mips64/MCONFIG b/usr/klibc/arch/mips64/MCONFIG index 6a4b41b2..94b825a6 100644 --- a/usr/klibc/arch/mips64/MCONFIG +++ b/usr/klibc/arch/mips64/MCONFIG @@ -21,3 +21,6 @@ KLIBCBITSIZE = 64 # # Use -Ttext-segment so that the special .MIPS* sections are moved as well. KLIBCSHAREDFLAGS = -Ttext-segment 0x12FE00000 + +# Kernel uses vDSO for signal return since 2.6.34 +KLIBCEXECSTACK := n diff --git a/usr/klibc/arch/parisc/MCONFIG b/usr/klibc/arch/parisc/MCONFIG index 3472df67..1f53555e 100644 --- a/usr/klibc/arch/parisc/MCONFIG +++ b/usr/klibc/arch/parisc/MCONFIG @@ -10,3 +10,6 @@ KLIBCOPTFLAGS += -Os -fomit-frame-pointer KLIBCBITSIZE = 32 KLIBCSHAREDFLAGS = -Ttext-segment 0x40001000 + +# Kernel uses stack trampoline for signal return +KLIBCEXECSTACK := y diff --git a/usr/klibc/arch/ppc/MCONFIG b/usr/klibc/arch/ppc/MCONFIG index 8220f6b9..d8a0c108 100644 --- a/usr/klibc/arch/ppc/MCONFIG +++ b/usr/klibc/arch/ppc/MCONFIG @@ -24,3 +24,6 @@ KLIBCSHAREDFLAGS = -Ttext-segment 0x0f800000 # The asm include files live in asm-powerpc KLIBCASMARCH = powerpc + +# Kernel uses vDSO for signal return since 2.6.12 (compat) or 2.6.15 (native) +KLIBCEXECSTACK := n diff --git a/usr/klibc/arch/ppc64/MCONFIG b/usr/klibc/arch/ppc64/MCONFIG index 0315110c..530a07a0 100644 --- a/usr/klibc/arch/ppc64/MCONFIG +++ b/usr/klibc/arch/ppc64/MCONFIG @@ -22,3 +22,6 @@ KLIBCSHAREDFLAGS = -Ttext-segment 0x0f000000 # The asm include files live in asm-powerpc KLIBCASMARCH = powerpc + +# Kernel uses vDSO for signal return since 2.6.12 +KLIBCEXECSTACK := n diff --git a/usr/klibc/arch/riscv64/MCONFIG b/usr/klibc/arch/riscv64/MCONFIG index 61681509..35df1f5f 100644 --- a/usr/klibc/arch/riscv64/MCONFIG +++ b/usr/klibc/arch/riscv64/MCONFIG @@ -18,3 +18,6 @@ KLIBCBITSIZE = 64 # Normal binaries start at 64 KB, so start the libary at 2 MB. KLIBCSHAREDFLAGS =-Ttext-segment 0x00200000 + +# Kernel has never used stack trampolines +KLIBCEXECSTACK := n diff --git a/usr/klibc/arch/s390/MCONFIG b/usr/klibc/arch/s390/MCONFIG index 637f5aa6..c36acd7a 100644 --- a/usr/klibc/arch/s390/MCONFIG +++ b/usr/klibc/arch/s390/MCONFIG @@ -21,3 +21,7 @@ endif KLIBCASMARCH = s390 KLIBCSHAREDFLAGS = -Ttext-segment 0x40000000 + +# Kernel uses stack trampoline for signal return unless we set +# sa_restorer +KLIBCEXECSTACK := y diff --git a/usr/klibc/arch/sh/MCONFIG b/usr/klibc/arch/sh/MCONFIG index 2facf7cb..8421bbf9 100644 --- a/usr/klibc/arch/sh/MCONFIG +++ b/usr/klibc/arch/sh/MCONFIG @@ -15,3 +15,6 @@ KLIBCBITSIZE = 32 # calls, and work on the memory models for this architecture # 2 MB -- the normal starting point for text is 4 MB. KLIBCSHAREDFLAGS = -Ttext-segment 0x00200000 + +# Kernel uses vDSO for signal return since 2.6.19 +KLIBCEXECSTACK := n diff --git a/usr/klibc/arch/sparc/MCONFIG b/usr/klibc/arch/sparc/MCONFIG index 0623fdc2..cabc7cd4 100644 --- a/usr/klibc/arch/sparc/MCONFIG +++ b/usr/klibc/arch/sparc/MCONFIG @@ -17,3 +17,7 @@ KLIBCARCHREQFLAGS += -D__sparc32__ # Normal binaries start at 64K; the linker wants 64K alignment, # and call instructions have a 30-bit signed offset, << 2. KLIBCSHAREDFLAGS = -Ttext-segment 0x40000000 + +# Kernel uses stack trampoline for signal return unless we set +# sa_restorer +KLIBCEXECSTACK := y diff --git a/usr/klibc/arch/sparc64/MCONFIG b/usr/klibc/arch/sparc64/MCONFIG index c8339855..6f5dfbe9 100644 --- a/usr/klibc/arch/sparc64/MCONFIG +++ b/usr/klibc/arch/sparc64/MCONFIG @@ -19,3 +19,6 @@ KLIBCLDFLAGS = -m elf64_sparc # Normal binaries start at 1 MB; the linker wants 1 MB alignment, # and call instructions have a 30-bit signed offset, << 2. KLIBCSHAREDFLAGS = -Ttext-segment 0x80000000 + +# Kernel has never used stack trampolines +KLIBCEXECSTACK := n diff --git a/usr/klibc/arch/x86_64/MCONFIG b/usr/klibc/arch/x86_64/MCONFIG index c5f2fa26..1f5f99c7 100644 --- a/usr/klibc/arch/x86_64/MCONFIG +++ b/usr/klibc/arch/x86_64/MCONFIG @@ -36,3 +36,6 @@ KLIBCLDFLAGS = -m elf_x86_64 # in a broken layout with binutils 2.30. Since there's no # architectural page size betwen 4 KB and 2MB, set it to 4 KB. KLIBCSHAREDFLAGS = -Ttext-segment 0x00200000 -z max-page-size=0x1000 + +# Kernel has never used stack trampolines +KLIBCEXECSTACK := n -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <https://lists.zytor.com/archives/klibc/attachments/20200429/c3f32217/attachment.sig>