Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 637198 - -fstack-check breaks Go apps with certain kernel builds
Summary: -fstack-check breaks Go apps with certain kernel builds
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Toolchain Maintainers
Depends on:
Blocks: stack-check
  Show dependency tree
Reported: 2017-11-12 04:54 UTC by Hector Martin
Modified: 2018-05-16 07:34 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Hector Martin 2017-11-12 04:54:29 UTC
(Blocks 637152)

Filing this to loop Gentoo into a bug I hit that involves all of golang, the kernel, and the Gentoo Hardened toolchain.

* sys-kernel/gentoo-sources-4.13.9
* sys-devel/gcc-6.4.0 (Gentoo Hardened 6.4.0 p1.0)

This combination causes GCC to compile the time-related kernel vDSO code (arch/x86/entry/vdso/vclock_gettime.o) without inlining `vread_tsc` (which is not marked inline, so that's OK). That turns those vDSO functions into non-leaf functions since they make a call. -fstack-check then inserts a stack probe into them.

Unfortunately Go assumes that the vDSO functions won't use more than 104 bytes of stack space, while the probe is at a 4K offset. This causes hard to debug random crashes when the non-atomic stack probe races another thread that actually owns that memory, causing corruption.

Go bug:
Kernel discussion:

Andy (kernel vDSO maintainer) says Gentoo should turn -fstack-check off, which I disagree with. I think this is a Go bug (assuming vDSO stack usage with no documented guarantee).

Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2017-12-07 02:31:57 UTC
Thanks for your blog post

I presume now it's ok to close this since Go fixed the issue?
Comment 2 Hector Martin 2017-12-07 05:19:17 UTC
Sure, I just wanted to file this to make sure the Gentoo team was aware of the issue too. Looking forward to GCC 8 which should have saner Stack Clash protection.
Comment 3 Hector Martin 2018-05-16 07:34:49 UTC
Let's close, this is long fixed (and I think these days the kernel filters out -fstack-check anyway).