Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1522678
Summary: | gcc: probes below the stack pointer on armhfp | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Florian Weimer <fweimer> |
Component: | gcc | Assignee: | Jakub Jelinek <jakub> |
Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | aoliva, davejohansen, fweimer, jakub, jwakely, law, mpolacek, pbrobinson |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | armhfp | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-01-03 19:42:55 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 245418 |
Description
Florian Weimer
2017-12-06 09:10:31 UTC
Here's Jeff Law's analysis: A reminder, we never did a stack clash specific prologue implementation for 32bit ARM. Instead we rely on the older -fstack-check bits that were done for Ada eons ago. Those bits give a degree of protection, but were never (to my knowledge) vetted to work with valgrind. If we look at arm_emit_probe_stack_range it's pretty obvious what's happening. /* See if we have a constant small number of probes to generate. If so, that's the easy case. */ if (size <= PROBE_INTERVAL) { emit_move_insn (reg1, GEN_INT (first + PROBE_INTERVAL)); emit_set_insn (reg1, gen_rtx_MINUS (Pmode, stack_pointer_rtx, reg1)); emit_stack_probe (plus_constant (Pmode, reg1, PROBE_INTERVAL - size)); } ie: r1 = PROBE_INTERVAL r1 = sp - reg1 *r1 = 0; That's going to do a write out of the stack bounds every time. It's one of the fundamental problems with the -fstack-check support for 32bit ARM. So to reiterate, this is precisely the kind of problem we avoid by having stack-clash specific prologues on the Red Hat Enterprise Linux architectures. We didn't do a 32bit ARM implementation and instead rely on the limited protections provided by the Ada -fstack-check bits. |