This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [RFA][PATCH] Stack clash protection 07/08 -- V4 (aarch64 bits)
- From: Wilco Dijkstra <Wilco dot Dijkstra at arm dot com>
- To: Szabolcs Nagy <Szabolcs dot Nagy at arm dot com>, Jeff Law <law at redhat dot com>, gcc-patches <gcc-patches at gcc dot gnu dot org>
- Cc: nd <nd at arm dot com>, Richard Earnshaw <Richard dot Earnshaw at arm dot com>, "James Greenhalgh" <James dot Greenhalgh at arm dot com>, Marcus Shawcroft <Marcus dot Shawcroft at arm dot com>
- Date: Mon, 27 Nov 2017 17:33:22 +0000
- Subject: Re: [RFA][PATCH] Stack clash protection 07/08 -- V4 (aarch64 bits)
- Authentication-results: sourceware.org; auth=none
- Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Wilco dot Dijkstra at arm dot com;
- Nodisclaimer: True
- References: <3a6b1bdf-df0f-a512-fd2b-116d57702bc7@redhat.com> <DB6PR0801MB205342840273A485E44D16D783480@DB6PR0801MB2053.eurprd08.prod.outlook.com> <dc1452bb-69af-4c3a-b08c-dbb0a6f219da@redhat.com>,<5A1C33D9.2050106@arm.com>
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Szabolcs Nagy wrote:
>On 28/10/17 05:08, Jeff Law wrote:
>
>> My hope would be that we simply don't ever use the params. They were
>> done as much for *you* to experiment with as anything. I'd happy just
>> delete them as there's essentially no guard rails to ensure their values
>> are sane.
>
> so is there a consensus now that 64k guard size is what
> gcc stack probing will assume?
I think right now only AArch64 will use a 64KB probe size which is always
enabled. It is best to hardcode this so it can't be changed or turned off,
inadvertently or not...
> if so i can propose a patch to glibc to actually have
> that much guard by default in threads.. (i think it
> makes sense on all 64bit targets to have bigger guard
> and a consensus here would help making that change)
Assuming a minimum 64KB thread guard size on 64-bit systems is unlikely to
be controversial - the guard size in OS/GLIBC may be larger than the probe
size used in GCC, so I suggest to propose a patch.
>>> Also on AArch64 --param=stack-clash-protection-probe-interval=16 causes
>>> crashes due to the offsets used in the probes - we don't need large offsets
>>> as we want to probe close to the bottom of the stack.
>> Not a surprise. While I tried to handle larger intervals, I certainly
>> didn't test them. Given the ISA I wouldn't expect an interval > 12 to
>> be useful or necessarily even work correctly.
>
> it's not clear what makes probing at every 64k hard,
> i think this should be clarified before we stick to
> this design. (..or before backporting such patches)
There is nothing inherently hard about large probe intervals. Any size can be
supported efficiently on AArch64 (like I showed in my examples of expected
code sequences for probes).
Wilco