Fix Go 1.26 support: intrinsics, checkLinkname, and nosplit literals#1003
Closed
LOVECHEN wants to merge 10 commits intoburrowers:masterfrom
Closed
Fix Go 1.26 support: intrinsics, checkLinkname, and nosplit literals#1003LOVECHEN wants to merge 10 commits intoburrowers:masterfrom
LOVECHEN wants to merge 10 commits intoburrowers:masterfrom
Conversation
…ime deps Regenerate the runtimeAndDeps table for Go 1.26 across all supported platforms (darwin, linux, windows, freebsd × amd64, arm64). Add crypto/internal/constanttime compiler intrinsics (Select, boolToUint8) introduced in Go 1.26. Without these entries, garble obfuscates the intrinsic function names, causing crypto/ecdh to panic at runtime with 'unreachable; must be intrinsicified'. Add platform-specific runtime dependencies that were missing from the cross-platform table: - internal/runtime/cgroup (linux) - internal/runtime/syscall/linux (linux) - internal/runtime/syscall/windows (windows) Without these entries, garble treats these packages as obfuscatable and corrupts their assembly files during cross-compilation, causing errors like 'expected pseudo-register; found CX' on windows/amd64. Fixes TestScript/reflect.
Go 1.23 introduced the -checklinkname flag (enabled by default) which validates that //go:linkname references come from approved packages listed in cmd/link/internal/loader/loader.go's blockedLinknames table. Since garble obfuscates package import paths, the linker sees references from obfuscated package names (e.g. 'v05rX8m') instead of the original ones (e.g. 'runtime/pprof'), causing checkLinkname to reject them with 'invalid reference to runtime.pprof_goroutineLeakProfileWithLabels'. Go 1.26 expanded blockedLinknames significantly with new entries for goroutine leak profiling, crypto/fips140, runtime/secret, and others, making this issue more prevalent — particularly visible in 'garble test' which pulls in runtime/pprof via the testing framework. Disable the check using Go's official -checklinkname=0 flag prepended to the linker arguments. This is correct because garble already handles linkname resolution internally via runtimeAndLinknamed and the transformDirectives/transformLinkname pipeline. Fixes TestScript/test.
Member
|
Thanks, appreciate the ideas. I'll take a look when I have some free time. |
LOVECHEN
force-pushed
the
go1.26-fixes
branch
4 times, most recently
from
592d40d to
6d9ff6c
Compare
The -literals flag injects anonymous function calls to decode obfuscated string literals at runtime. These add stack frames that push nosplit functions over the 800-byte stack limit. Skip literal obfuscation entirely for nosplit functions to prevent linker errors like 'nosplit stack over 792 byte limit'.
crossbuild.txtar: Go 1.26 changed which math/bits functions are
intrinsified on 386. Update to TrailingZeros32/Ctz32.
gotoolchain.txtar: Go 1.26 go mod edit -go no longer accepts the
go prefix. Use -go=1.23 -toolchain=${GOVERSION_UPGRADE}.
Member
|
You're starting to do all sorts of changes. I would encourage you to send any changes unrelated to go 1.26 support as separate PRs. I will only incorporate anything that seems necessary for 1.26 support. |
Author
|
Author
|
Closing to reorganize. Will resubmit Go 1.26 changes as a cleaner PR with only the necessary fixes, as requested. Thank you for the review feedback. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR fixes 3 issues that prevented garble from working correctly with Go 1.26, building on top of the work in #992.
Changes
1.
go_std_tables: register Go 1.26 compiler intrinsicsGo 1.26 introduced
crypto/internal/constanttimewith compiler intrinsic functionsSelectandboolToUint8. Without these entries in thecompilerIntrinsicstable, garble obfuscates their names, preventing the compiler from recognizing them as intrinsics. At runtime, the stub functions panic withunreachable; must be intrinsicified.Also regenerates the table for Go 1.26 (removes stale entries).
Fixes TestScript/reflect
2.
main: disable linkercheckLinknamefor patched linkerGo 1.23 introduced
-checklinkname(default: enabled) which validates that//go:linknamereferences come from approved packages. Since garble obfuscates package import paths, the linker rejects references from obfuscated package names. Go 1.26 significantly expanded theblockedLinknamestable with goroutine leak profiling, crypto/fips140, and runtime/secret entries.Fix: prepend
-checklinkname=0to linker args using Go's official flag.Fixes TestScript/test
3.
literals: skip obfuscation inside//go:nosplitfunctionsThe
-literalsflag injects lambda calls to decode obfuscated literals, which adds stack frames. Functions marked//go:nosplithave a strict 800-byte stack limit. When literal obfuscation injects decryption code into these functions (e.g. in thereflectpackage), the combined stack usage exceeds the limit.Fix: check for
//go:nosplitin the AST pre-order traversal and skip literal obfuscation for those function bodies.Fixes TestScript/imports (with -literals)
Testing
All tests pass with Go 1.26.0 on macOS arm64:
Relates to #992