This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH v4] aarch64: enforce >=64K guard size

* Szabolcs Nagy:

> On 14/07/18 15:02, Florian Weimer wrote:
>> * Szabolcs Nagy:
>> 
>>> There are several compiler implementations that allow large stack
>>> allocations to jump over the guard page at the end of the stack and
>>> corrupt memory beyond that. See CVE-2017-1000364.
>>>
>>> Compilers can emit code to probe the stack such that the guard page
>>> cannot be skipped, but on aarch64 the probe interval is 64K by default
>>> instead of the minimum supported page size (4K).
>>>
>>> This patch enforces at least 64K guard on aarch64 unless the guard
>>> is disabled by setting its size to 0.  For backward compatibility
>>> reasons the increased guard is not reported, so it is only observable
>>> by exhausting the address space or parsing /proc/self/maps on linux.
>> 
>> Is there anything special in the aarch64 probing sequence that
>> *requires* that the guard is 64 KiB, or is it just that it is not
>> effective if it is not?
>> 
>
> it's not effective (the probe interval is 64k)

Then I don't understand why it's necessary to override an explicitly
specified guard size.  Changing the default should be sufficient.
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]