long offset; void* ptr; void f(void) { __builtin_eh_return(offset,ptr); } with gcc -mx32 produces: f: pushq %rbp movl %esp, %ebp pushq %rdx pushq %rax movl %fs:24, %eax movl %eax, -20(%ebp) xorl %eax, %eax movl ptr(%rip), %eax movl offset(%rip), %edx movl %edx, %ecx movl %eax, 8(%ebp,%ecx) # 32-bit mov movq -16(%ebp), %rax movq -8(%ebp), %rdx leal 8(%rbp,%rcx), %ecx movl 0(%ebp), %ebp movl %ecx, %esp ret # 64-bit return Since the upper half of the return address is not cleared this can lead to SIGSEV in _Unwind_*
Created attachment 543982 [details, diff] gcc-7.3.0-fix-x32-eh_return.patch proposed patch (I don't really know what I'm doing) compiles test case to foo: pushq %rbp movl %esp, %ebp pushq %rdx pushq %rax movl handler(%rip), %eax movl offset(%rip), %edx movl %edx, %ecx movl %eax, %eax movq %rax, 8(%ebp,%ecx) movq -16(%ebp), %rax movq -8(%ebp), %rdx leal 8(%rbp,%rcx), %ecx movl 0(%ebp), %ebp movl %ecx, %esp ret
upstream bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87014
> Since the upper half of the return address is not cleared this can lead to SIGSEV in _Unwind_* Does it actually happen for you or it's only expectation?
(In reply to Sergei Trofimovich from comment #3) > > Since the upper half of the return address is not cleared this can lead to SIGSEV in _Unwind_* > > Does it actually happen for you or it's only expectation? Found it when trying to port libreoffice: https://bugs.gentoo.org/664058 test case (-O0): using ll = long long; void fillstack() { ll foo[] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, }; } void f(ll=-1,ll=-1,ll=-1,ll=-1,ll=-1,ll=-1,ll arg7_on_stack=-1) { throw 0; } void g() { try { f(); } catch(int) { } } int main() { fillstack(); g(); }
This has been fixed upstream: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87014#c11 Could we see this added to gentoo patch sets?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/gcc-patches.git/commit/?id=7bd9679989239cba83bb0c632bd2f0909b03d1b8 commit 7bd9679989239cba83bb0c632bd2f0909b03d1b8 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-09-12 23:20:12 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-09-12 23:20:12 +0000 6/7/8 branches: add 101_all_x32-fix-eh-return-address.patch Pick upstream fix for x32 exception handler: """ x86: Always update EH return address in word_mode On x86, return address is always popped in word_mode. eh_return needs to put EH return address in word_mode on stack. """ Reported-by: camper Bug: https://bugs.gentoo.org/664016 Bug: https://gcc.gnu.org/PR87014 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> .../gentoo/101_all_x32-fix-eh-return-address.patch | 37 ++++++++++++++++++++++ 6.4.0/gentoo/README.history | 2 ++ .../gentoo/99_all_x32-fix-eh-return-address.patch | 37 ++++++++++++++++++++++ 7.3.0/gentoo/README.history | 1 + .../gentoo/101_all_x32-fix-eh-return-address.patch | 37 ++++++++++++++++++++++ 8.2.0/gentoo/README.history | 2 ++ 6 files changed, 116 insertions(+)
Queued patches for next gcc patchset. Thank you!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8ff963554a3e28f8cd5905180b5c5428d1df7b8 commit a8ff963554a3e28f8cd5905180b5c5428d1df7b8 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-09-23 20:54:48 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-09-23 22:35:58 +0000 sys-devel/gcc: cut 1.7 patchset for 6.4.0 Two new patches: + 101_all_x32-fix-eh-return-address.patch fix exception handler ABI on x32 + 102_all_respect-build-cxxflags.patch fix cross-build for arch-specific CXXFLAGS Bug: https://bugs.gentoo.org/664016 Bug: https://bugs.gentoo.org/581406 Package-Manager: Portage-2.3.49, Repoman-2.3.11 sys-devel/gcc/Manifest | 1 + sys-devel/gcc/gcc-6.4.0-r4.ebuild | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd1aa67de92c05d6a066e84ba5cd4236e637629e commit fd1aa67de92c05d6a066e84ba5cd4236e637629e Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-09-23 20:48:40 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-09-23 22:35:58 +0000 sys-devel/gcc: cut 1.7 patchset for 7.3.0 Three new patches: + 98_all_msp430-partial-int.patch: fix msp430 code generator on complex types + 99_all_x32-fix-eh-return-address.patch fix exception handler ABI on x32 + 100_all_respect-build-cxxflags.patch fix cross-build for arch-specific CXXFLAGS Bug: https://bugs.gentoo.org/664014 Bug: https://bugs.gentoo.org/664016 Bug: https://bugs.gentoo.org/581406 Package-Manager: Portage-2.3.49, Repoman-2.3.11 sys-devel/gcc/Manifest | 1 + sys-devel/gcc/gcc-7.3.0-r5.ebuild | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c7ec432dc64cefa8de88292efcc134cc8e9306c9 commit c7ec432dc64cefa8de88292efcc134cc8e9306c9 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-09-23 20:36:46 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-09-23 22:35:58 +0000 sys-devel/gcc: cut 1.3 patchset for 8.2.0 Four new patches: + 101_all_x32-fix-eh-return-address.patch: fix exception handler ABI on x32 + 102_all_respect-build-cxxflags.patch: fix cross-build for arch-specific CXXFLAGS + 103_all_mmix-fix-85666-p1.patch + 104_all_mmix-fix-85666-p2.patch backport mmix support Bug: https://bugs.gentoo.org/664016 Bug: https://bugs.gentoo.org/581406 Package-Manager: Portage-2.3.49, Repoman-2.3.11 sys-devel/gcc/Manifest | 1 + sys-devel/gcc/gcc-8.2.0-r3.ebuild | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+)
