This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH][RFA/RFC] Stack clash mitigation patch 07/08

From: Jakub Jelinek <jakub at redhat dot com>
To: Jeff Law <law at redhat dot com>
Cc: Wilco Dijkstra <Wilco dot Dijkstra at arm dot com>, GCC Patches <gcc-patches at gcc dot gnu dot org>, nd <nd at arm dot com>
Date: Mon, 17 Jul 2017 17:31:48 +0200
Subject: Re: [PATCH][RFA/RFC] Stack clash mitigation patch 07/08
Authentication-results: sourceware.org; auth=none
Authentication-results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=jakub at redhat dot com
Dkim-filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 7083AC04B31B
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 7083AC04B31B
References: <AM5PR0802MB2610577C26553C3E7C2B8FCC83AE0@AM5PR0802MB2610.eurprd08.prod.outlook.com> <e0d596b1-e58c-ae67-fc92-f104645f579c@redhat.com> <AM5PR0802MB26106AFE5024A6CED3F8D29983A00@AM5PR0802MB2610.eurprd08.prod.outlook.com> <5eb3783f-7a00-1361-461e-92b99bcb338b@redhat.com>
Reply-to: Jakub Jelinek <jakub at redhat dot com>

On Mon, Jul 17, 2017 at 09:24:27AM -0600, Jeff Law wrote:
> >> While I'm not really comfortable with the 2k/2k split in general, I
> >> think I can support it from a Red Hat point of view -- largely because
> >> we use 64k pages in RHEL.  So our guard is actually 64k.  Having a
> >> hostile call chain push 2k into the guard isn't so bad in that case.
> > 
> > A minimum guard size of 64KB seems reasonable even on systems with
> > 4KB pages. However whatever the chosen guard size, you cannot defend
> > against hostile code. An OS can of course increase the guard size well 
> > beyond the minimum required, but that's simply reducing the probability -
> > it is never going to block a big unchecked alloca.
> That's a kernel issue and I'm not in a position to change that.  On
> systems with a 64bit address space, I'm keen to see the kernel team
> increase the guard size, but it's not something I can unilaterally make
> happen.

That is actually not true.  Kernel issue it is only for the initial thread's
stack.  For pthread_create created threads it is a matter how big the
default guard size is (these days glibc uses a single page by default) and
how many apps override that guardsize to something different (smaller
including 0 or larger).  And, while it might be acceptable to have larger
guard size for the initial thread, if you have hundreds of thousands of
threads, every extra KB in the guard areas will count significantly.

	Jakub

References:
- [PATCH][RFA/RFC] Stack clash mitigation patch 07/08
  - From: Wilco Dijkstra
- Re: [PATCH][RFA/RFC] Stack clash mitigation patch 07/08
  - From: Jeff Law
- Re: [PATCH][RFA/RFC] Stack clash mitigation patch 07/08
  - From: Wilco Dijkstra
- Re: [PATCH][RFA/RFC] Stack clash mitigation patch 07/08
  - From: Jeff Law

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]