On Sun, Dec 07, 2025 at 09:15:44PM +0100, Florian Weimer wrote:
> * Stefan Schulze Frielinghaus:
>
> > So far only a per thread canary in the TLS block is supported. This
> > patch adds support for a global canary, too. For this the new option
> > -mstack-protector-guard={global,tls} is added which defaults to tls.
> >
> > The global canary is expected at symbol __stack_chk_guard which means
> > for a function prologue instructions larl/l(g)fr + mvc are emitted and
> > for an epilogue larl/l(g)fr + clc.
> >
> > Furthermore, option -mstack-protector-guard-record is added which is
> > inspired by -mrecord-mcount and generates section __stack_protector_loc
> > containing pointers to all instructions which load the address of the
> > global guard. Thus, this option has only an effect in conjunction with
> > -mstack-protector-guard=global. The intended use is for the Linux
> > kernel in order to support run-time patching. In each task_struct of
> > the kernel a canary is held which will be copied into the lowcore.
> > Since the kernel supports migration of the lowcore, addresses are not
> > necessarily constant. Therefore, the kernel expects that all
> > instructions loading the address of the canary to be of format RIL or
> > more precisely are either larl or lgrl and that the instructions
> > addresses are recorded in section __stack_protector_loc. The kernel is
> > then required to patch those instructions e.g. to llilf, prior first
> > execution or whenever the lowcore moves.
> >
> > In total this means -mstack-protector-guard=global emits code suitable
> > for user and kernel space.
> >
> > gcc/ChangeLog:
> >
> > * config/s390/s390-opts.h (enum stack_protector_guard): Define
> > SP_TLS and SP_GLOBAL.
> > * config/s390/s390.h (TARGET_SP_GLOBAL_GUARD): Define predicate.
> > (TARGET_SP_TLS_GUARD): Define predicate.
> > * config/s390/s390.md (stack_protect_global_guard_addr<mode>):
> > New insn.
> > (stack_protect_set): Also deal with a global guard.
> > (stack_protect_test): Also deal with a global guard.
> > * config/s390/s390.opt (-mstack-protector-guard={global,tls}):
> > New option.
> > (-mstack-protector-guard-record) New option.
>
> Thanks for implementing this.
>
> Does this support changing the visibility of the global guard
> variable to hidden?
>
> This would allow us to avoid GOT indirection of the variable if we add
> a suitable definition to libc_nonshared.a and a declaration to
> <stdc-predef.h>, at least on GNU/Linux.
>
> Related patch from H.J.:
>
> [PATCH v4] c/c++: Make stack protection guard an internal symbol
> <https://inbox.sourceware.org/came9roqobmiuwavqkpwbyepfzxctr6mlchtmqwctd+q6ntf...@mail.gmail.com>
Hi Florian,
Thanks for bringing this up. Giving this a quick glance we would, of
course, have to implement TARGET_STACK_PROTECT_GUARD_SYMBOL and rework
#ifdef TARGET_THREAD_SSP_OFFSET
#undef TARGET_STACK_PROTECT_GUARD
#define TARGET_STACK_PROTECT_GUARD hook_tree_void_null
#endif
I will have a proper look the coming week.
Cheers,
Stefan
