From: Jakub Jelinek <jakub@redhat.com>
To: Jeff Law <law@redhat.com>
Cc: Wilco Dijkstra <Wilco.Dijkstra@arm.com>,
GCC Patches <gcc-patches@gcc.gnu.org>, nd <nd@arm.com>
Subject: Re: [PATCH][RFA/RFC] Stack clash mitigation patch 07/08
Date: Mon, 17 Jul 2017 15:31:00 -0000 [thread overview]
Message-ID: <20170717153148.GJ2123@tucnak> (raw)
In-Reply-To: <5eb3783f-7a00-1361-461e-92b99bcb338b@redhat.com>
On Mon, Jul 17, 2017 at 09:24:27AM -0600, Jeff Law wrote:
> >> While I'm not really comfortable with the 2k/2k split in general, I
> >> think I can support it from a Red Hat point of view -- largely because
> >> we use 64k pages in RHEL. So our guard is actually 64k. Having a
> >> hostile call chain push 2k into the guard isn't so bad in that case.
> >
> > A minimum guard size of 64KB seems reasonable even on systems with
> > 4KB pages. However whatever the chosen guard size, you cannot defend
> > against hostile code. An OS can of course increase the guard size well
> > beyond the minimum required, but that's simply reducing the probability -
> > it is never going to block a big unchecked alloca.
> That's a kernel issue and I'm not in a position to change that. On
> systems with a 64bit address space, I'm keen to see the kernel team
> increase the guard size, but it's not something I can unilaterally make
> happen.
That is actually not true. Kernel issue it is only for the initial thread's
stack. For pthread_create created threads it is a matter how big the
default guard size is (these days glibc uses a single page by default) and
how many apps override that guardsize to something different (smaller
including 0 or larger). And, while it might be acceptable to have larger
guard size for the initial thread, if you have hundreds of thousands of
threads, every extra KB in the guard areas will count significantly.
Jakub
next prev parent reply other threads:[~2017-07-17 15:31 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-12 0:20 Wilco Dijkstra
2017-07-12 2:02 ` Jeff Law
2017-07-12 12:47 ` Trevor Saunders
2017-07-12 21:08 ` Jeff Law
2017-07-16 18:36 ` Trevor Saunders
2017-07-17 15:51 ` Jeff Law
2017-07-17 20:30 ` Trevor Saunders
2017-07-14 6:19 ` Jeff Law
2017-07-17 11:27 ` Wilco Dijkstra
2017-07-17 15:24 ` Jeff Law
2017-07-17 15:31 ` Jakub Jelinek [this message]
2017-07-17 22:42 ` Wilco Dijkstra
2017-07-17 23:16 ` Jeff Law
2017-07-14 8:17 ` Jakub Jelinek
2017-07-14 11:49 ` Wilco Dijkstra
-- strict thread matches above, loose matches on Subject: below --
2017-07-11 21:21 Jeff Law
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170717153148.GJ2123@tucnak \
--to=jakub@redhat.com \
--cc=Wilco.Dijkstra@arm.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=law@redhat.com \
--cc=nd@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).