Bug 25921

Summary: gold: split-stack fixup confused by -fcf-protection=branch
Product: binutils Reporter: Than McIntosh <thanm>
Component: goldAssignee: Cary Coutant <ccoutant>
Status: UNCONFIRMED ---    
Severity: normal CC: ian
Priority: P2    
Version: 2.35   
Target Milestone: ---   
Host: Target:
Build: Last reconfirmed:

Description Than McIntosh 2020-05-04 21:23:12 UTC
The code in Gold that pattern matches and fixes up prolog sequences for x86 targets looks like it is getting confused by additional instructions added when the "-fcf-protection=branch" GCC option is employed (which uses Intel CET).

Example:

$ cat himom.c
#include <stdio.h>
int main(int argc, char **argv) {
  printf("hi mom\n");
  return 0;
}
$ gcc -fsplit-stack himom.c 
$ gcc -fsplit-stack himom.c  -fuse-ld=gold 
$ gcc -fsplit-stack himom.c  -fuse-ld=gold  -fcf-protection=branch
/usr/bin/ld.gold: error: /tmp/ccu49EOc.o: failed to match split-stack sequence at section 1 offset 0
collect2: error: ld returned 1 exit status
$

Here is a closer look at the prolog sequences in each scenario:

$ gcc -c -fsplit-stack himom.c
$ objdump -dl himom.o
...
   0:	64 48 3b 24 25 70 00 	cmp    %fs:0x70,%rsp
   7:	00 00 
   9:	73 12                	jae    1d <main+0x1d>
   b:	41 ba 18 00 00 00    	mov    $0x18,%r10d
  11:	41 bb 00 00 00 00    	mov    $0x0,%r11d

$ gcc -c -fsplit-stack -fcf-protection=branch himom.c 
$ objdump -dl himom.o
...
   0:	f3 0f 1e fa          	endbr64 
   4:	64 48 3b 24 25 70 00 	cmp    %fs:0x70,%rsp
   b:	00 00 
   d:	73 16                	jae    25 <main+0x25>
   f:	41 ba 18 00 00 00    	mov    $0x18,%r10d
  15:	41 bb 00 00 00 00    	mov    $0x0,%r11d

Note the inserted "endbr64".

The problem also seems to be made a bit more mysterious for users in that some linux distributions have started to hard-wired on cf-protection by default, e.g.

https://lists.ubuntu.com/archives/ubuntu-devel/2019-June/040741.html

This makes it more difficult for users of -fsplit-stack to understand what the problem might be (the same compile/link commands on one distro work fine, but fail on others).

I will see if I can write a patch to address this problem.