Skip to content

[AMDGPU] Linking with FatBinary files disables stack execution protection #71711

@AngryLoki

Description

@AngryLoki

After constructGenerateObjFileFromHIPFatBinary at https://github.com/llvm/llvm-project/blob/main/clang/lib/Driver/ToolChains/HIPUtility.cpp#L137, llvm-mc is used to generate an object file, which is linked into an executable/library file as a part of hipcc -> clang -> ld chain call. And as mcin file has no GNU-stack section, the entire library gets marked for an executable stack[1].

I discovered this as a result of warning in Gentoo[2], as a chain for rccl-5.7.1 compilation. The whole chain there is hipcc -> clang 17.0.3 -> [clang-offload-bundler + lld + llvm-mc + x86_64-pc-linux-gnu-ld.bfd], which eventually completes with

/usr/bin/x86_64-pc-linux-gnu-ld.bfd: warning: /tmp/bootstrap-29289b.o: missing .note.GNU-stack section implies executable stack
/usr/bin/x86_64-pc-linux-gnu-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker

The following files contain writable and executable sections
...
RWX --- --- usr/lib64/librccl.so.1.0

I hope this describes the issue clear enough; attaching compilation log (huge!) won't help, because underlying commands are not even visible there (but visible with -###).

I can additionally mention, that ROCm/clr#22 has similar issue: mcin file includes fatbin, the difference is that they use cmake to generate mcin file (I understand that the problem in clr is separate, but it is thematically related).

Could you add .note.GNU-stack in constructGenerateObjFileFromHIPFatBinary or provide any other solution? Thanks!

[1] https://wiki.ubuntu.com/SecurityTeam/Roadmap/ExecutableStacks
[2] https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart

Metadata

Metadata

Assignees

No one assigned

    Labels

    clang:driver'clang' and 'clang++' user-facing binaries. Not 'clang-cl'

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions