From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 30361 invoked by alias); 26 Jan 2015 22:33:03 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 30184 invoked by uid 48); 26 Jan 2015 22:32:56 -0000 From: "sstewartgallus00 at mylangara dot bc.ca" To: glibc-bugs@sourceware.org Subject: [Bug nptl/17214] Expose a clone variant that shares stacks instead of jumping to a new one Date: Mon, 26 Jan 2015 22:33:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: nptl X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: sstewartgallus00 at mylangara dot bc.ca X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-01/txt/msg00192.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=17214 --- Comment #15 from Steven Stewart-Gallus --- It occurs to me that maybe clone with vfork could be exposed in a safe manner along the lines of the following (although GLibc would probably implement it in assembly directly). __attribute__((noinline)) __attribute__((noclone)) __attribute__((no_sanitize_address)) static pid_t safe_vfork( int (*volatile f)(void *), void *volatile arg) { __atomic_signal_fence(__ATOMIC_SEQ_CST); pid_t child = vfork(); if (0 == child) _Exit(f(arg)); return child; } Aside from the weirdness of vfork this should be no less safer than something along the lines of the following: __attribute__((noinline)) __attribute__((noclone)) __attribute__((no_sanitize_address)) static pid_t safe_vclone( int volatile clone_flags, int (*volatile f)(void *), void *volatile arg) { long maybe_page_size = sysconf(_SC_PAGE_SIZE); assert(maybe_page_size >= 0); long maybe_stack_min_size = sysconf(_SC_THREAD_STACK_MIN); assert(maybe_stack_min_size >= 0); size_t page_size = maybe_page_size; size_t stack_min_size = maybe_stack_min_size; /* We need an extra page for signals */ size_t stack_size = stack_min_size + page_size; size_t stack_and_guard_size = page_size + stack_size + page_size; void *child_stack = mmap( 0, stack_and_guard_size, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_GROWSDOWN | MAP_STACK, -1, 0); if (0 == child_stack) return -1; /* Guard pages are shared between the stacks */ if (-1 == mprotect((char *)child_stack, page_size, PROT_NONE)) goto on_err; if (-1 == mprotect((char *)child_stack + page_size + stack_size, page_size, PROT_NONE)) goto on_err; void *stack_start = (char *)child_stack + page_size + stack_size; __atomic_signal_fence(__ATOMIC_SEQ_CST); pid_t child = clone(f, stack_start, clone_flags | CLONE_VM | CLONE_VFORK, arg); if (-1 == child) goto on_err; munmap(child_stack, stack_and_guard_size); return child; on_err: ; int errnum = errno; munmap(child_stack, stack_and_guard_size); errno = errnum; return -1; } -- You are receiving this mail because: You are on the CC list for the bug.