runtime: fix over-eager SPWRITE check #44269
Comments
rsc
added
the
NeedsFix
|
This is true of blake2s_amd64.s as well - the SP write is hidden in a macro. |
rsc
changed the title
|
Also blake2b. Also salsa20. |
|
Change https://golang.org/cl/292052 mentions this issue: |
|
Change https://golang.org/cl/292051 mentions this issue: |
|
Change https://golang.org/cl/292050 mentions this issue: |
|
Change https://golang.org/cl/292049 mentions this issue: |
rsc
changed the title
|
This also applies to windows/svc/sys_*.s in x/sys. |
|
@zx2c4 I don't believe that's true, since servicemain appears to run on a Windows stack called from Windows - it's not a Go function subject to the Go ABI rules. |
For golang/go#44269. Change-Id: I877a8056dbd8ab1dedadb562aa1b3d9e1e0d55da
For golang/go#44269. Change-Id: Ica352261d696317addbdd422d4cde5bf07fef839
For golang/go#44269. Change-Id: I7e405afd0b55c96ce0a4c6058ba01e8be1173a8c
For golang/go#44269. Change-Id: I92e168674612af390bcb80a0579df5c777c26970
|
"go vet" has a checker that runs on the TryBots against clobbering the frame pointer. It's caught real examples for me before (FiloSottile/edwards25519#11). Could we add one for this, too, so we don't reintroduce the issue later? |
|
A few implementation strategies:
3 seems most appealing, but I don't know if vet can look at post-build artifacts or how that works. I've never looked at this code before. |
|
https://go-review.googlesource.com/c/tools/+/292529 is strategy (2). Kind of meh, but perhaps this is just how analyzer works. |
|
Change https://golang.org/cl/292529 mentions this issue: |
|
It apparently works too! |
|
Awesome, I'd support turning this on by default in "go vet" like #43014 |
|
I've got that code written, but it looks like it needs to be in x/tools first before I can vendor it and push a CL. |
|
Change https://golang.org/cl/292569 mentions this issue: |
For golang/go#44269. Change-Id: I877a8056dbd8ab1dedadb562aa1b3d9e1e0d55da Reviewed-on: https://go-review.googlesource.com/c/crypto/+/292049 Trust: Russ Cox <rsc@golang.org> Trust: Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
For golang/go#44269. Change-Id: Ica352261d696317addbdd422d4cde5bf07fef839 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/292050 Trust: Russ Cox <rsc@golang.org> Trust: Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
For golang/go#44269. Change-Id: I7e405afd0b55c96ce0a4c6058ba01e8be1173a8c Reviewed-on: https://go-review.googlesource.com/c/crypto/+/292051 Trust: Russ Cox <rsc@golang.org> Trust: Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
For golang/go#44269. Change-Id: I92e168674612af390bcb80a0579df5c777c26970 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/292052 Trust: Russ Cox <rsc@golang.org> Trust: Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
**salsa20 is used by V1 protocol of DNSCrypt** golang/go#44269 quote: x/crypto/*.s masks and writes to SP during function execution. This is not allowed by the Go ABI. All SP modifications on goroutine stacks must be constant additions or subtractions, or else the garbage collector cannot unwind the stack from that location. Code used to get away with this due to cooperative scheduling, but now that we scan stacks preemptively, it is especially important that functions not do this. New code in Go 1.17 will stop stack traces in such functions, which will make programs crash more loudly. But they are still broken in earlier versions and may just cause silent memory corruption instead of loud crashes. hashBlocksSSE2 and hashBlocksSSSE3 should leave SP alone.
For golang/go#44269. Change-Id: I877a8056dbd8ab1dedadb562aa1b3d9e1e0d55da Reviewed-on: https://go-review.googlesource.com/c/crypto/+/292049 Trust: Russ Cox <rsc@golang.org> Trust: Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
For golang/go#44269. Change-Id: I92e168674612af390bcb80a0579df5c777c26970 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/292052 Trust: Russ Cox <rsc@golang.org> Trust: Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
Change https://golang.org/cl/317669 mentions this issue: |
|
On further analysis it appears that the old x/crypto code was dodgy but technically okay, in the sense that the runtime can work around it reasonably well. I have relaxed the check in the runtime in CL 317669, so now there is no need for a vet check nor to go looking for other dodgy-but-technically-okay assembly code in the wild. CL 317669 will close this issue when submitted. |
rsc
changed the title
x/crypto/blake2s/blake2s_386.s masks and writes to SP during function execution.
This is not allowed by the Go ABI. All SP modifications on goroutine stacks must be constant additions or subtractions, or else the garbage collector cannot unwind the stack from that location.
Code used to get away with this due to cooperative scheduling, but now that we scan stacks preemptively, it is especially important that functions not do this.
New code in Go 1.17 will stop stack traces in such functions, which will make programs crash more loudly. But they are still broken in earlier versions and may just cause silent memory corruption instead of loud crashes.
hashBlocksSSE2 and hashBlocksSSSE3 should leave SP alone.
Edit: also blake2b, salsa20/salsa.
The text was updated successfully, but these errors were encountered: