This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH v4] aarch64: enforce >=64K guard size

From: Szabolcs Nagy <szabolcs dot nagy at arm dot com>
To: GNU C Library <libc-alpha at sourceware dot org>
Cc: nd at arm dot com
Date: Fri, 19 Oct 2018 17:12:57 +0100
Subject: Re: [PATCH v4] aarch64: enforce >=64K guard size
References: <1eee5f05-74f3-3396-6e2a-bfb149657a41@arm.com> <e58699e9-ee36-ef9f-ab89-7998473d61cf@arm.com>

On 04/10/18 14:23, Szabolcs Nagy wrote:
> On 12/07/18 10:06, Szabolcs Nagy wrote:
>> previous discussion:
>> https://sourceware.org/ml/libc-alpha/2018-01/msg00267.html
>> i'd like to backport this to 2.28 if the gcc patches are accepted.
>>
>> v4:
>> - gcc patches are now under review:
>> https://gcc.gnu.org/ml/gcc-patches/2018-07/msg00538.html
>> https://gcc.gnu.org/ml/gcc-patches/2018-07/msg00542.html
>> - update commit message (64K probing is the default abi).
>> - add riscv, remove tile.
>> - rebase.
> 
> ping.
> 
> gcc patches are committed at r264757
> 

ping.

this is needed for correctness on aarch64 with gcc-9.

>> v3:
>> - more comment in allocate_stack.
>> - define ARCH_MIN_GUARD_SIZE explicitly for all targets.
>> - rebase on top of master.
>> v2:
>> - only change guard size on aarch64
>> - don't report the inflated guard size
>>
>> There are several compiler implementations that allow large stack
>> allocations to jump over the guard page at the end of the stack and
>> corrupt memory beyond that. See CVE-2017-1000364.
>>
>> Compilers can emit code to probe the stack such that the guard page
>> cannot be skipped, but on aarch64 the probe interval is 64K by default
>> instead of the minimum supported page size (4K).
>>
>> This patch enforces at least 64K guard on aarch64 unless the guard
>> is disabled by setting its size to 0.  For backward compatibility
>> reasons the increased guard is not reported, so it is only observable
>> by exhausting the address space or parsing /proc/self/maps on linux.
>>
>> On other targets the patch has no effect.
>>
>> The patch does not affect threads with user allocated stacks.
>>
>> 2018-07-12  Szabolcs Nagy  <szabolcs.nagy@arm.com>
>>
>>     * nptl/allocatestack.c (allocate_stack): Use ARCH_MIN_GUARD_SIZE.
>>     * sysdeps/aarch64/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/alpha/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/arm/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/hppa/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/i386/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/ia64/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/m68k/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/microblaze/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/mips/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/nios2/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/powerpc/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/riscv/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/s390/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/sh/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/sparc/sparc32/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/sparc/sparc64/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>>     * sysdeps/x86_64/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>

References:
- Re: [PATCH v4] aarch64: enforce >=64K guard size
  - From: Szabolcs Nagy

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]