From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) by sourceware.org (Postfix) with ESMTPS id 360933858D20 for ; Wed, 3 May 2023 04:37:01 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 360933858D20 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-lf1-x12c.google.com with SMTP id 2adb3069b0e04-4edcdfa8638so5511194e87.2 for ; Tue, 02 May 2023 21:37:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1683088619; x=1685680619; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=3alDShF55svkUfnIvj4L+8UeHW4yLDTXLqetqeRr3yc=; b=GIwTFPQZ/BDDtEsfEMNT+/kV1ac9B5yE2foJz7YExRK/Nlb5b36pOz/xZKrzYNMuu8 e7RG4cbsarin1p1SpqPmmJZoWUpUButrNmdziWDvYoSsN4KMs0LUl9j6c6WDc+HydMCc 2oVQCEXOdS3gMO/TifNLZRzuKZM5IyyMW9M2tyc/6Z7PHzRq+/HsWuqr+m+z+MA5YvYi Jo3IiumMID37EpvZADMSiw51bK1mSYilQUbh+yJep4czc5dr0aPAfMvUXr6GEOAWtoH+ Fswa1c5DmlbqZ5my8V6jOKqYWHXVeok3wDnnuPbwEfDYSr+PI/ocgEbHZ6KZgdeg5pKc IKSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683088619; x=1685680619; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=3alDShF55svkUfnIvj4L+8UeHW4yLDTXLqetqeRr3yc=; b=PO2+PLrR8YL21xGJzJ7oRAx617GULVaDxonQDcSMdQCq0SUrGaq3DXS3zC21MKfrD3 m0zWpFyi/hX853OWjryGCaTrXg2IH3CveDSg43FbFujnhr6tcDdazJTy8UBoaH4a7Wsp ZkXXMU+soI12iLPZvcT6fznkXAcqFX7GPpuJ0pJbblAPBuI1/4FzmDkpdke2Paeuwo4g kiO/ZriUEDiFs+U6568lQnPhG6w0xQ3TSmMn586h+G2eMJ7uL9O0hBHoR0q4FOA48raX yRABkWKwB6D/J4c5ELSGtDwkV/kEgpXPpFZy04bPWWdp8Iw1R97wLvs3HSehjeZuimFD U3hQ== X-Gm-Message-State: AC+VfDz48FltO54LXMvrg2sGwnlMFqnv0Y4bDlau+D76xK8y3ZE8fA9k s9UXpVLa34WO3vZGEnRGxdjq4Yr+Xpf/bNZ3fchHW9PxQVw= X-Google-Smtp-Source: ACHHUZ6Uhuz+CpEGVItLKSvN2W7Xp1CAJ3GanKg5VIua96Y/oB6AwiZ1xwG/XotshNyvFe/sYBJXhDrH7m7NB0Nu89o= X-Received: by 2002:a05:6512:4c3:b0:4d5:8306:4e9a with SMTP id w3-20020a05651204c300b004d583064e9amr509622lfq.46.1683088619049; Tue, 02 May 2023 21:36:59 -0700 (PDT) MIME-Version: 1.0 From: Varun Kumar E Date: Wed, 3 May 2023 10:06:49 +0530 Message-ID: Subject: Probe emission in fstack-clash-protection To: gcc@gcc.gnu.org Content-Type: multipart/alternative; boundary="00000000000043975d05fac29b1c" X-Spam-Status: No, score=0.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --00000000000043975d05fac29b1c Content-Type: text/plain; charset="UTF-8" Hello, https://godbolt.org/z/P3M8s8jqh The above case shows that gcc first decreases the stack pointer and then probes. As mentioned by Jeff Law (reference ) under "More issues with -fstack-check". If an asynchronous signal is received between the decrement of stack pointer and probing of the pages. *"In that case, the stack pointer could be pointing beyond the guard into the heap. The signal arrives and the kernel transfers control to the registered signal handler. That signal handler is then running while its stack is pointing into the heap. Thus, the attacker has clashed the stack and heap, and there's a reasonable chance they can gain control over the program" * So, Shouldn't we first probe and if successful only then update the stack pointer? Or Maybe I have understood it incorrectly. regards, Varun --00000000000043975d05fac29b1c--