This is an archive of the discontinued LLVM Phabricator instance.

Differential D92245

-fstack-clash-protection: Return an actual error when used on unsupported OS
ClosedPublic

Authored by sylvestre.ledru on Nov 27 2020, 12:51 PM.

Details

Reviewers
serge-sans-paille
Commits
rG4d59c8fdb955: -fstack-clash-protection: Return an actual error when used on unsupported OS
Summary

$ clang-12: error: -fstack-clash-protection is not supported on Windows or Mac OS X

Diff Detail

Event Timeline

sylvestre.ledru created this revision.Nov 27 2020, 12:51 PM
Herald added a project: Restricted Project. · View Herald TranscriptNov 27 2020, 12:51 PM
Herald added a subscriber: cfe-commits. · View Herald Transcript
sylvestre.ledru requested review of this revision.Nov 27 2020, 12:51 PM
Harbormaster completed remote builds in B80380: Diff 308106.Nov 27 2020, 1:22 PM
sylvestre.ledru updated this revision to Diff 308160.Nov 28 2020, 5:42 AM

clang-format

Harbormaster completed remote builds in B80414: Diff 308160.Nov 28 2020, 6:15 AM
kristof.beyls added a subscriber: kristof.beyls.Nov 28 2020, 11:36 PM
kristof.beyls added inline comments.
clang/include/clang/Basic/DiagnosticDriverKinds.td
276–277

There are more OSes than Linux, Windows or OSX.
Maybe it's somewhat better to say "-fstack-clash-protection is not supported on %0", with the targeted OS being fed in.
If that is not easily possible, maybe just say "-fstack-clash-protection is not supported on the targeted OS"?

serge-sans-paille added inline comments.Nov 30 2020, 12:49 AM
clang/include/clang/Basic/DiagnosticDriverKinds.td
276–277

Maybe it's somewhat better to say "-fstack-clash-protection is not supported on %0", with the targeted OS being fed in.

I second that one.

clang/lib/Driver/ToolChains/Clang.cpp
3074–3076

In that case you should probably allow explicitly the different Linux flavors here

sylvestre.ledru updated this revision to Diff 308290.Nov 30 2020, 2:07 AM

Fix the error message

sylvestre.ledru marked 3 inline comments as done.Nov 30 2020, 2:09 AM
Harbormaster completed remote builds in B80496: Diff 308290.Nov 30 2020, 2:37 AM
serge-sans-paille mentioned this in D92100: [clang] do not limit -fstack-clash-protection to Linux.Nov 30 2020, 5:56 AM
emaste added a subscriber: emaste.Nov 30 2020, 6:24 AM
emaste added a comment.Nov 30 2020, 6:26 AM

Can we add a test that the feature can be enabled on an OS other than Linux / Windows / Darwin?

sylvestre.ledru updated this revision to Diff 308402.Nov 30 2020, 9:29 AM

extend the test (thanks serge)

Herald added a project: Restricted Project. · View Herald TranscriptNov 30 2020, 9:29 AM
Herald added subscribers: llvm-commits, pengfei. · View Herald Transcript
Harbormaster completed remote builds in B80542: Diff 308402.Nov 30 2020, 10:18 AM
rnk added a subscriber: rnk.Nov 30 2020, 1:32 PM

Windows has effectively always had stack clash protection: we've always emitted those little chkstk probe calls for stack frames larger than a page. Would it make more sense to ignore this flag on Windows, since it opts into always-on behavior? If so, this doesn't seem like the right place to ignore it.

I see your comment here, but I don't really understand it:
https://reviews.llvm.org/D92100#2422729
What goes wrong on Windows? Can it be made to just work instead? It should be simple.

How do things go wrong on Darwin? I was under the impression that this was implemented in LLVM as strictly inline code, no runtime support required.

emaste added a comment.Dec 1 2020, 8:45 AM

How do things go wrong on Darwin? I was under the impression that this was implemented in LLVM as strictly inline code, no runtime support required.

That is my impression as well (although it seems that an earlier version might have emitted calls to a stack probe routine?)

serge-sans-paille added a comment.Dec 4 2020, 1:21 AM
In D92245#2425817, @emaste wrote:

How do things go wrong on Darwin? I was under the impression that this was implemented in LLVM as strictly inline code, no runtime support required.

That is my impression as well (although it seems that an earlier version might have emitted calls to a stack probe routine?)

The original security advisory doesn't mention Darwin, but there's nothing specific to Darwin in the stack clash protection implementation, so I'm fine with allowing it for Darwin too.

sylvestre.ledru added a comment.Dec 14 2020, 2:02 AM

@serge-sans-paille ok to push this? :)
merci

lkail added a subscriber: lkail.Dec 14 2020, 2:16 AM
serge-sans-paille added a comment.Dec 14 2020, 5:42 AM

@sylvestre.ledru I: double checked and there's nothing in the original advisory against Darwin, but nothing that clearly states it's protected either (unlike Windows-based system). And there's also nothing specific to Darwin in the stack clash protection implementation, I think it's ok to only warn on Windows.

emaste added a comment.Dec 16 2020, 7:17 PM

I think it's ok to only warn on Windows.

IMO that's sensible

sylvestre.ledru updated this revision to Diff 313271.Dec 22 2020, 2:27 AM

Error only on Windows

serge-sans-paille accepted this revision.Dec 22 2020, 2:47 AM

LGTM, thanks!

This revision is now accepted and ready to land.Dec 22 2020, 2:47 AM
This revision was landed with ongoing or failed builds.Dec 22 2020, 3:06 AM
Closed by commit rG4d59c8fdb955: -fstack-clash-protection: Return an actual error when used on unsupported OS (authored by sylvestre.ledru). · Explain Why
This revision was automatically updated to reflect the committed changes.
sylvestre.ledru added a commit: rG4d59c8fdb955: -fstack-clash-protection: Return an actual error when used on unsupported OS.
Harbormaster completed remote builds in B83229: Diff 313271.Dec 22 2020, 3:38 AM
thakis added a subscriber: thakis.Dec 22 2020, 3:49 AM

This seems to break all tests on all platforms: http://45.33.8.238/linux/35854/step_7.txt

As far as I can tell, RenderSCPOptions is called unconditinoally and the error message is emitted at its start, before any Args.hasFlag checks -- so it's emitted every time a windows triple is passed.

thakis added a comment.Dec 22 2020, 3:51 AM

Also, rnk's comment above wasn't addressed as far as I can tell.

thakis added a comment.Dec 22 2020, 3:52 AM

reverted in 00065d5cbd02b0f3fccb34881b58bcd0852b3970

thakis added a reverting change: rG00065d5cbd02: Revert "-fstack-clash-protection: Return an actual error when used on….Dec 22 2020, 3:52 AM
sylvestre.ledru added a comment.Dec 22 2020, 3:59 AM

Thanks for the revert!

Revision Contents

PathSize
clang/
include/
clang/
Basic/
2 lines
lib/
Driver/
ToolChains/
11 lines
llvm/
test/
CodeGen/
X86/
2 lines

Diff 313275

clang/include/clang/Basic/DiagnosticDriverKinds.td

Show First 20 LinesShow All 267 Lines▼ Show 20 Linesdef warn_drv_omp_offload_target_duplicate : Warning<
InGroup<OpenMPTarget>; InGroup<OpenMPTarget>;
def warn_drv_omp_offload_target_missingbcruntime : Warning< def warn_drv_omp_offload_target_missingbcruntime : Warning<
"No library '%0' found in the default clang lib directory or in LIBRARY_PATH. Expect degraded performance due to no inlining of runtime functions on target devices.">, "No library '%0' found in the default clang lib directory or in LIBRARY_PATH. Expect degraded performance due to no inlining of runtime functions on target devices.">,
InGroup<OpenMPTarget>; InGroup<OpenMPTarget>;
def err_drv_unsupported_embed_bitcode def err_drv_unsupported_embed_bitcode
: Error<"%0 is not supported with -fembed-bitcode">; : Error<"%0 is not supported with -fembed-bitcode">;
def err_drv_bitcode_unsupported_on_toolchain : Error< def err_drv_bitcode_unsupported_on_toolchain : Error<
"-fembed-bitcode is not supported on versions of iOS prior to 6.0">; "-fembed-bitcode is not supported on versions of iOS prior to 6.0">;
def err_drv_stack_clash_protection_unsupported_on_toolchain : Error<
"-fstack-clash-protection is not supported on %0">;
kristof.beylsUnsubmitted
Done
ReplyInline Actions

There are more OSes than Linux, Windows or OSX.
Maybe it's somewhat better to say "-fstack-clash-protection is not supported on %0", with the targeted OS being fed in.
If that is not easily possible, maybe just say "-fstack-clash-protection is not supported on the targeted OS"?

kristof.beyls: There are more OSes than Linux, Windows or OSX. Maybe it's somewhat better to say "-fstack…
serge-sans-pailleUnsubmitted
Done
ReplyInline Actions

Maybe it's somewhat better to say "-fstack-clash-protection is not supported on %0", with the targeted OS being fed in.

I second that one.

serge-sans-paille: > Maybe it's somewhat better to say "-fstack-clash-protection is not supported on %0", with the…
def err_drv_invalid_malign_branch_EQ : Error< def err_drv_invalid_malign_branch_EQ : Error<
"invalid argument '%0' to -malign-branch=; each element must be one of: %1">; "invalid argument '%0' to -malign-branch=; each element must be one of: %1">;
def warn_O4_is_O3 : Warning<"-O4 is equivalent to -O3">, InGroup<Deprecated>; def warn_O4_is_O3 : Warning<"-O4 is equivalent to -O3">, InGroup<Deprecated>;
def warn_drv_optimization_value : Warning<"optimization level '%0' is not supported; using '%1%2' instead">, def warn_drv_optimization_value : Warning<"optimization level '%0' is not supported; using '%1%2' instead">,
InGroup<InvalidCommandLineArgument>; InGroup<InvalidCommandLineArgument>;
def warn_ignored_gcc_optimization : Warning<"optimization flag '%0' is not supported">, def warn_ignored_gcc_optimization : Warning<"optimization flag '%0' is not supported">,
▲ Show 20 LinesShow All 258 LinesShow Last 20 Lines

clang/lib/Driver/ToolChains/Clang.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 3,061 Lines▼ Show 20 Lines if (EffectiveTriple.isX86() && (Value != "fs" && Value != "gs")) {
<< A->getOption().getName() << Value << A->getOption().getName() << Value
<< "for X86, valid arguments to '-mstack-protector-guard-reg=' are:fs gs"; << "for X86, valid arguments to '-mstack-protector-guard-reg=' are:fs gs";
return; return;
} }
A->render(Args, CmdArgs); A->render(Args, CmdArgs);
} }
} }
static void RenderSCPOptions(const ToolChain &TC, const ArgList &Args, static void RenderSCPOptions(const Driver &D, const ToolChain &TC,
ArgStringList &CmdArgs) { const ArgList &Args, ArgStringList &CmdArgs) {
const llvm::Triple &EffectiveTriple = TC.getEffectiveTriple(); const llvm::Triple &EffectiveTriple = TC.getEffectiveTriple();
if (!EffectiveTriple.isOSLinux()) if (EffectiveTriple.isOSWindows()) {
D.Diag(diag::err_drv_stack_clash_protection_unsupported_on_toolchain)
<< EffectiveTriple.getOSName();
serge-sans-pailleUnsubmitted
Done
ReplyInline Actions

In that case you should probably allow explicitly the different Linux flavors here

serge-sans-paille: In that case you should probably allow explicitly the different Linux flavors here
return; return;
}
if (!EffectiveTriple.isX86() && !EffectiveTriple.isSystemZ() && if (!EffectiveTriple.isX86() && !EffectiveTriple.isSystemZ() &&
!EffectiveTriple.isPPC64()) !EffectiveTriple.isPPC64())
return; return;
if (Args.hasFlag(options::OPT_fstack_clash_protection, if (Args.hasFlag(options::OPT_fstack_clash_protection,
options::OPT_fno_stack_clash_protection, false)) options::OPT_fno_stack_clash_protection, false))
CmdArgs.push_back("-fstack-clash-protection"); CmdArgs.push_back("-fstack-clash-protection");
▲ Show 20 LinesShow All 2,461 Lines▼ Show 20 Lines
Args.AddLastArg(CmdArgs, options::OPT_pthread); Args.AddLastArg(CmdArgs, options::OPT_pthread);
if (Args.hasFlag(options::OPT_mspeculative_load_hardening, if (Args.hasFlag(options::OPT_mspeculative_load_hardening,
options::OPT_mno_speculative_load_hardening, false)) options::OPT_mno_speculative_load_hardening, false))
CmdArgs.push_back(Args.MakeArgString("-mspeculative-load-hardening")); CmdArgs.push_back(Args.MakeArgString("-mspeculative-load-hardening"));
RenderSSPOptions(D, TC, Args, CmdArgs, KernelOrKext); RenderSSPOptions(D, TC, Args, CmdArgs, KernelOrKext);
RenderSCPOptions(TC, Args, CmdArgs); RenderSCPOptions(D, TC, Args, CmdArgs);
RenderTrivialAutoVarInitOptions(D, TC, Args, CmdArgs); RenderTrivialAutoVarInitOptions(D, TC, Args, CmdArgs);
// Translate -mstackrealign // Translate -mstackrealign
if (Args.hasFlag(options::OPT_mstackrealign, options::OPT_mno_stackrealign, if (Args.hasFlag(options::OPT_mstackrealign, options::OPT_mno_stackrealign,
false)) false))
CmdArgs.push_back(Args.MakeArgString("-mstackrealign")); CmdArgs.push_back(Args.MakeArgString("-mstackrealign"));
if (Args.hasArg(options::OPT_mstack_alignment)) { if (Args.hasArg(options::OPT_mstack_alignment)) {
▲ Show 20 LinesShow All 1,870 LinesShow Last 20 Lines

llvm/test/CodeGen/X86/stack-clash-large.ll

; RUN: llc -mtriple=x86_64-linux-android < %s | FileCheck -check-prefix=CHECK-X86-64 %s ; RUN: llc -mtriple=x86_64-linux-android < %s | FileCheck -check-prefix=CHECK-X86-64 %s
; RUN: llc -mtriple=i686-linux-android < %s | FileCheck -check-prefix=CHECK-X86-32 %s ; RUN: llc -mtriple=i686-linux-android < %s | FileCheck -check-prefix=CHECK-X86-32 %s
; RUN: llc -mtriple=x86_64-unknown-freebsd < %s | FileCheck -check-prefix=CHECK-X86-64 %s
; RUN: llc -mtriple=x86_64-pc-linux-gnu < %s | FileCheck -check-prefix=CHECK-X86-64 %s
define i32 @foo() local_unnamed_addr #0 { define i32 @foo() local_unnamed_addr #0 {
%a = alloca i32, i64 18000, align 16 %a = alloca i32, i64 18000, align 16
%b0 = getelementptr inbounds i32, i32* %a, i64 98 %b0 = getelementptr inbounds i32, i32* %a, i64 98
%b1 = getelementptr inbounds i32, i32* %a, i64 7198 %b1 = getelementptr inbounds i32, i32* %a, i64 7198
store volatile i32 1, i32* %b0 store volatile i32 1, i32* %b0
store volatile i32 1, i32* %b1 store volatile i32 1, i32* %b1
▲ Show 20 LinesShow All 43 LinesShow Last 20 Lines