hcc icon indicating copy to clipboard operation
hcc copied to clipboard

Published 20 hours ago verified publisher icon RadeonOpenCompute

libmcwamp_hsa.so has an executable stack

Open tstellar opened this issue 6 years ago • 7 comments

libmcwamp_hsa.so is built with an executable stack:

readelf -l libmcwamp_hsa.so | grep GNU_STACK -A 1 GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 RWE 0x10

I think this is happening because mcwamp_hsa.cpp.o hsa a note.GNU-stack section that is marked executable. Is this being done intentionally? I haven't been able to figure out what is generating this section.

readelf -S lib/hsa/CMakeFiles/mcwamp_hsa.dir/mcwamp_hsa.cpp.o | grep note.GNU-stack -A 1 [29] .note.GNU-stack PROGBITS 0000000000000000 00280aaa 0000000000000000 0000000000000000 X 0 0 1

tstellar avatar Feb 26 '19 04:02 tstellar

@AlexVlx @scchan @whchung Do any of you recall if we need to have an exec stack in mcwamp.o? I can try to add -noexecstack to our build of mcwamp.cpp and see if all still works.

david-salinas avatar Mar 20 '19 19:03 david-salinas

@tstellar This just seems like the default (on ubuntu for ELF), unless we explicitly remove the exec stack from mcwamp.o. Do you have concerns with the exec stack being there?

david-salinas avatar Mar 20 '19 21:03 david-salinas

From https://fedoraproject.org/wiki/Packaging_tricks#Executable_stack

rpmlint will complain if you generate code that permits stack execution, which is justified since this is rarely needed and is often used by attackers to exploit vulnerabilities.

FelixSchwarz avatar Mar 20 '19 21:03 FelixSchwarz

@david-salinas As @FelixSchwarz mentioned we prefer not to ship executable stacks in Fedora, but I guess my question is less about libmcwamp_hsa.so having an executable stack and more about why does hcc compile objects with an executable stack by default. I don't think this is Ubuntu specific since it also happens on Fedora.

tstellar avatar Mar 20 '19 22:03 tstellar

@tstellar sorry for the delay. So, I believe this is an artifact of default Clang behaviour. I'm trying to see if this can be disabled by default.

david-salinas avatar Apr 23 '19 21:04 david-salinas

@tstellar so HCC will generate objects with an executable stack, because clang does this by default. This can be disabled with the linker option -Wl,-z,noexecstack when you invoke HCC. Our "clamp-link" respects any passed linker options (-Wl). Also, the dynamically linked shared library "libmcwamp_hsa.so" currently does still have this executable stack entry, but I'm uncertain if this poses a security issue.

david-salinas avatar May 09 '19 16:05 david-salinas

I'm uncertain if this poses a security issue.

Regardless of the actual security impact it would be nice to have non-executable stacks wherever possible. :-)

FelixSchwarz avatar May 10 '19 06:05 FelixSchwarz