This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH v4] aarch64: enforce >=64K guard size

From: Florian Weimer <fw at deneb dot enyo dot de>
To: Szabolcs Nagy <szabolcs dot nagy at arm dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>, nd at arm dot com
Date: Sat, 14 Jul 2018 16:02:27 +0200
Subject: Re: [PATCH v4] aarch64: enforce >=64K guard size
References: <1eee5f05-74f3-3396-6e2a-bfb149657a41@arm.com>

* Szabolcs Nagy:

> There are several compiler implementations that allow large stack
> allocations to jump over the guard page at the end of the stack and
> corrupt memory beyond that. See CVE-2017-1000364.
>
> Compilers can emit code to probe the stack such that the guard page
> cannot be skipped, but on aarch64 the probe interval is 64K by default
> instead of the minimum supported page size (4K).
>
> This patch enforces at least 64K guard on aarch64 unless the guard
> is disabled by setting its size to 0.  For backward compatibility
> reasons the increased guard is not reported, so it is only observable
> by exhausting the address space or parsing /proc/self/maps on linux.

Is there anything special in the aarch64 probing sequence that
*requires* that the guard is 64 KiB, or is it just that it is not
effective if it is not?

Follow-Ups:
- Re: [PATCH v4] aarch64: enforce >=64K guard size
  - From: Szabolcs Nagy

References:
- [PATCH v4] aarch64: enforce >=64K guard size
  - From: Szabolcs Nagy

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]