-
-
Notifications
You must be signed in to change notification settings - Fork 445
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Address of nested function crashes with mold #427
Comments
GCC's nested function is implemented by dynamically constructing stub code in the stack area to jump from the stack to an actual function. So the stack area must be executable to use it, which is very rare nowadays for the obvious security reason. mold unconditionally makes the stack area non-executable. You need to pass GNU linker makes the stack area executable if at least one input object file has a section To me, the GNU linker's behavior seems dangerous. If one person accidentally uses a nested function at somewhere in the entire codebase, or if you statically-link a library that uses a nested function, it makes your program's entire stack area executable without any notice. That would be a big surprise to users, and it feels like that's planting a time bomb waiting to explode. I think this feature should be re-implemented with an assumption that the stack area is not executable, or if you can't, it should be deprecated because it's dangerous to use. |
Well, I think various projects are leaving usage of nested functions and Clang does not support them if I'm correct. However, GCC still emits them and e.g. Fortran code contains quite many of them. I respect your design decision, but on the other hand, you claim |
Currently, there's no compile-time options to customize mold's run-time behavior, and that helps me a lot to support users. As long as mold binaries are built at a specific git commit, they are guaranteed to behave the same (modulo a possible compiler bug). In addition to that, I don't want to make I committed d0e4eee so that users can change their code for mold. Isn't this enough? This is security-related. It's hard to make a decision to make it vulnerable to a simple buffer overflow attack. |
Well, I'm speaking from a distribution perspective where it would be unpleasant to use
As explained, I don't like the divergence from GNU-compatible linkers, which is something you claim: If you don't agree with the selected approach how nested functions are supported, can you please open a bug report against BFD, GOLD, and maybe LLD? |
Perhaps not surprisingly, lld already behaves the same way as mold. Let me file a bug against GNU linker, but in reality, I think what we can request is to not change the default behavior but instead just print out a warning message. Note that even though we are trying to make mold compatible with GNU linkers, we still sometimes make a choice not to make it compatible. For example, |
All right. I accept the approach, but please give me an option on how to change the behavior.
|
That's the build-time option, and for the sake of build reproducibility, I don't want to have it. I'm sorry, but the policy I want to keep is that as long as you pass the exact same command line options and input object files, mold of the same version behaves exactly the same regardless of the host environment. This is a very useful property. |
Filed an issue to GNU ld: https://sourceware.org/bugzilla/show_bug.cgi?id=29072 |
I've noticed that I would need something like |
Thanks for it, let's see what can be done for it. |
I implemented |
Great, works for me. Appreciate we found a solution that works for both of us. Kuddos! |
The following crashes:
The text was updated successfully, but these errors were encountered: