This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v2 1/3] posix: Remove dynamic memory allocation from execl{e,p}
- From: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: Joseph Myers <joseph at codesourcery dot com>, libc-alpha at sourceware dot org
- Date: Tue, 2 Feb 2016 10:47:06 -0200
- Subject: Re: [PATCH v2 1/3] posix: Remove dynamic memory allocation from execl{e,p}
- Authentication-results: sourceware.org; auth=none
- References: <1454343665-1706-1-git-send-email-adhemerval dot zanella at linaro dot org> <1454343665-1706-2-git-send-email-adhemerval dot zanella at linaro dot org> <alpine dot DEB dot 2 dot 10 dot 1602011648030 dot 2674 at digraph dot polyomino dot org dot uk> <56AF936C dot 6070907 at linaro dot org> <56B09201 dot 4010502 at redhat dot com>
On 02-02-2016 09:24, Florian Weimer wrote:
> On 02/01/2016 06:18 PM, Adhemerval Zanella wrote:
>
>> Right, it is not ensuring the safeness. Is '-fstack-check' the suffice
>> option to ensure it or do we need a more strict one?
>
> In my tests, the initial stack banging probe is sometimes more than a
> page away from the current stack pointer, so it does not look safe to me.
I am not aware of a better option, if any, to avoid stack overflow in case of
a exec function call with large arguments. Also, check at least on x86_64
I do see trying to overflow the stack with new implementation does force a
segfault on the stack protector code (it tries to orq a memory beyond stack).
>
> For posix_spawn, it's probably simpler for now to compute the shell
> invocation in the parent. That is, perform two vforks in case the first
> execve fails.
>
> Florian
>
I do not think it would require to clone(VFORK) twice in parent: we can
calculate the total argument size prior any call and calculate the
total stack to mmap based on this plus a slack for possible local
variables (128 or 256 bytes or even higher). I will add some latency
in any posix_spawn{p} case.
Another option is to just create a guard page in the end of the allocated
stack page (as pthread_create does) to force a segfaults in case of
a stack allocation higher. However, as for execl using stack-check will
also force a segfault in case of stack overflow in this case.