GCC 4.3.0 Exposes a Kernel Bug 256
ohxten sends news from earlier this month that GCC 4.3.0's new behavior of not clearing the direction flag before a string operation on x86 systems poses problems with kernels — such as Linux and BSD — that do not clear the direction flag before a signal handler is called, despite the ABI specification.
Re:so what (Score:2, Interesting)
Yes, Probably, a single line of code might fix it. (And I won't even call it a bug.)
But before getting over this, I want to say kudos to gcc developers who have taken care to warn about this.
Re:[LWN subscriber-only content] (Score:1, Interesting)
Re:so what (Score:5, Interesting)
Seems to me the easy and correct thing to do would be to use deprecation. i.e. keep the old functionality for a bit longer and also patch or make the new kernels properly set the flag right now. This way, we move in the right direction and when it's no longer an issue then we drop the functionality in the compiler and rely on the kernel setting the flag like it's supposed to do.
Now, I see why the kernels have not been setting the flag. Why should they when the compiler was doing it? Time to set things right though... in the interests of portability with other environments and compilers. Having the kernels setting the flag starting now would satisfy ABI compatibility with the other compilers AND having gcc continue to cover the flag, by default for a time, would prevent breakage of alot of existing code.
Seems like a no brainer to me. After all, isn't that what deprecation is for?
That's my take on it...
Re:so what (Score:3, Interesting)
Just sayin'.
Read this -- http://cm.bell-labs.com/who/ken/trust.html [bell-labs.com]
Re:GCC is wrong (Score:4, Interesting)
Silly question time...
If this managed to affect both Linux and BSD despite no relevant common code, is Windows affected? I'm guessing OSX is, thanks to its BSD heritage. Has anyone tested either of them, though? How about other OSes?
Re:so what (Score:5, Interesting)
Interesting was:
Re:GCC is wrong (Score:3, Interesting)
No privilege escalation, only DOS.
I fixed this bug in 1989 too (Score:3, Interesting)
Assembler code (Score:2, Interesting)
Re:GCC is wrong (Score:3, Interesting)
2) Perhaps you haven't gotten the news, but IE8 is doing the right thing too, by using their "less broken" mode by default. This is a switch from what they announced earlier, where you would have to opt-in to better standards compliance.
3) The difference between IE, and gcc is IE is broken, and gcc is not. Clearing the DF does not break standards in any way. In fact, according to the ABI, it needed to be done anyway (although the kernel is supposed to do it). Guess what happens when you clear the DF twice?
Re:GCC is wrong (Score:3, Interesting)
I think Windows Vista is a good example of what happens when you try to maintain backwards compatibility to the assorted bugs and mis-designs of decades. See the various Vista articles on
If Microsoft takes the opposite approach with IE8, I consider that a good move and a sign that they are capable of learning.
Re:Let us blame the correct entity here... (Score:2, Interesting)
Re:GCC is wrong (Score:3, Interesting)
Actually, no. Two threads will work just fine, because the state of the CPU in its entirety (all flags) is saved and restored at when switching between them - indeed, if it wasn't, simply clearing the flag before using it wouldn't help any, because a task switch can occur between any two instructions, including the one clearing the flag and the one immediately following, which makes use of the now-cleared flag.
No, the problem is in signal handlers, which are the software-level equivalent of interrupts. When a thread receives an signal, and a handler has been registered, it immediately interrupts what it was doing and executes the handler function - or, more precisely, the kernel switches the point of execution to the start of that function. Now, the problem is that the spec says that a certain flag should be cleared whenever a function starts, and he kernel doesn't make sure it is. It didn't matter previously, because the GCC generated code to clear it anyway; however, this is redundant according to the spec, so it was dropped.
So, to sum it up: this has nothing to do with threading and can affect single-threaded programs just fine.
This bug could conceivably cause parts of a program's memory be overwritten by the contents of a string. It isn't unthinkable that this might cause foreign code execution attack in the program.
Altought it does seem pretty unlikely that anyone would do string copying in a signal handler...