This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: RFC: Shadow Stack support in glibc
- From: Yu-cheng Yu <yu-cheng dot yu at intel dot com>
- To: Szabolcs Nagy <szabolcs dot nagy at arm dot com>
- Cc: nd at arm dot com, Florian Weimer <fweimer at redhat dot com>, "H.J. Lu" <hjl dot tools at gmail dot com>, GNU C Library <libc-alpha at sourceware dot org>, Igor Tsimbalist <tigor dot tools at gmail dot com>, "Shanbhogue, Vedvyas" <vedvyas dot shanbhogue at intel dot com>
- Date: Fri, 09 Jun 2017 08:44:11 -0700
- Subject: Re: RFC: Shadow Stack support in glibc
- Authentication-results: sourceware.org; auth=none
- References: <CAMe9rOqN7oNWWmbw_NmaP=TpBDY7jh=MNbJQNaiOR901Rs7bcw@mail.gmail.com> <451a71c6-7eb7-983d-f808-86cf50fc0dca@redhat.com> <1496876422.12598.31.camel@test-lenovo> <59390EEB.4020409@arm.com> <1496951188.15627.51.camel@test-lenovo> <593A64CC.60100@arm.com>
On Fri, 2017-06-09 at 10:05 +0100, Szabolcs Nagy wrote:
> On 08/06/17 20:46, Yu-cheng Yu wrote:
> >
> > On Thu, 2017-06-08 at 09:46 +0100, Szabolcs Nagy wrote:
> >>> On 08/06/17 00:00, Yu-cheng Yu wrote:
> >>>
> >>> pthread_attr_xxx:
> >>>
> >>> Since shadow stack stores only return pointers, it is not affected by
> >>> the address/size of the program stack.
> >>
> >> why is it not affected by the size of the program stack?
> >> how is the size of the shadow stack determined?
> >>
> >
> > Please see my reply to Florian on the reasoning of sizing the shadow
> > stack. In summary, shadow stack is allocated to the same size as the
> > program stack.
>
> as far as i understand the main thread stack can grow
> (up to the rlimit or until the stack hits an already
> mapped page) only 128K is committed when the process
> starts (on linux).
>
> so with a large rlimit it is in principle possible to
> overflow the shadow stack.
>
That is a good point. I will look into it.
Thanks,
Yu-cheng