This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Tests for minimal signal handler functionality in MINSIGSTKSZ space.
- From: Zack Weinberg <zackw at panix dot com>
- To: "Carlos O'Donell" <carlos at redhat dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>, Siddhesh Poyarekar <siddhesh at gotplt dot org>
- Date: Tue, 15 Jan 2019 17:16:06 -0500
- Subject: Re: [PATCH] Tests for minimal signal handler functionality in MINSIGSTKSZ space.
- References: <20190115200526.4677-1-zackw@panix.com> <1d45c6cb-192c-5ade-513e-a40c65d9fb7e@redhat.com>
On Tue, Jan 15, 2019 at 4:15 PM Carlos O'Donell <carlos@redhat.com> wrote:
> Both of these choices need a comment explaining why or if they are
> arbitrary, that they were just chosen at random.
How's this look? You made me realize that the guards need to be
*twice* as big as a large stack to be guaranteed to catch an offset by
the entire size of a large stack-allocated array.
+void *
+xalloc_sigstack (size_t size)
+{
+ size_t pagesize = sysconf (_SC_PAGESIZE);
+ if (pagesize == -1)
+ FAIL_EXIT1 ("sysconf (_SC_PAGESIZE): %m\n");
+
+ /* Always supply at least MINSIGSTKSZ space; passing 0 as size means
+ only that much space. No matter what the number is, round it up
+ to a whole number of pages. */
+ size_t stacksize = roundup (size + MINSIGSTKSZ, pagesize);
+
+ /* The guard bands need to be large enough to intercept offset
+ accesses from a stack address that might otherwise hit another
+ mapping. Make them at least twice as big as the stack itself, to
+ defend against an offset by the entire size of a large
+ stack-allocated array. The minimum is 1MiB, which is arbitrarily
+ chosen to be larger than any "typical" wild pointer offset.
+ Again, no matter what the number is, round it up to a whole
+ number of pages. */
+ size_t guardsize = roundup (MAX (2 * stacksize, 1024 * 1024), pagesize);