This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: RFC: stack/heap collision vulnerability and mitigation with GCC
- From: Wilco Dijkstra <Wilco dot Dijkstra at arm dot com>
- To: Richard Earnshaw <Richard dot Earnshaw at arm dot com>, Jeff Law <law at redhat dot com>, GCC Patches <gcc-patches at gcc dot gnu dot org>
- Cc: nd <nd at arm dot com>
- Date: Wed, 21 Jun 2017 09:02:53 +0000
- Subject: Re: RFC: stack/heap collision vulnerability and mitigation with GCC
- Authentication-results: sourceware.org; auth=none
- Authentication-results: arm.com; dkim=none (message not signed) header.d=none;arm.com; dmarc=none action=none header.from=arm.com;
- Nodisclaimer: True
- References: <AM5PR0802MB2610C07342688AA9A63FB3BA83C50@AM5PR0802MB2610.eurprd08.prod.outlook.com>,<71e54fa7-0763-fe20-4720-40574f46f2e6@arm.com>
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Richard Earnshaw wrote:
> A mere 256 bytes for the caller would permit 32 x 8byte arguments on the
> stack which, with at least 8 parameters passed in registers, would allow
> for calls with 40 parameters. There can't be many in that space. Any
> function making calls with more than that might need additional probes,
> but that's going to be exceedingly rare.
>
> Put the cost on the least common sequences, even if they pay
> disproportionately - it will be a win over all.
Functions with large outgoing arguments are extremely rare indeed, it tails off
really fast after 64 bytes. The only large cases I've seen are from Fortran code -
and those cases seem buggy (40KBytes of outgoing args means 5000 double
args which is unlikely).
Wilco