From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [63.128.21.124]) by sourceware.org (Postfix) with ESMTP id 5540A398B820 for ; Thu, 1 Oct 2020 15:13:53 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 5540A398B820 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-56-H2NmTDhzP42bXIhbSfkX1w-1; Thu, 01 Oct 2020 11:13:33 -0400 X-MC-Unique: H2NmTDhzP42bXIhbSfkX1w-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7F809191E2A9; Thu, 1 Oct 2020 15:13:20 +0000 (UTC) Received: from oldenburg2.str.redhat.com (ovpn-114-84.ams2.redhat.com [10.36.114.84]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E74687D478; Thu, 1 Oct 2020 15:13:18 +0000 (UTC) From: Florian Weimer To: Szabolcs Nagy Cc: libc-alpha@sourceware.org Subject: Re: [PATCH v5] aarch64: enforce >=64K guard size References: <20201001094458.16060-1-szabolcs.nagy@arm.com> Date: Thu, 01 Oct 2020 17:13:17 +0200 In-Reply-To: <20201001094458.16060-1-szabolcs.nagy@arm.com> (Szabolcs Nagy's message of "Thu, 1 Oct 2020 10:44:58 +0100") Message-ID: <87k0wahtde.fsf@oldenburg2.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Oct 2020 15:13:54 -0000 * Szabolcs Nagy: > There are several compiler implementations that allow large stack > allocations to jump over the guard page at the end of the stack and > corrupt memory beyond that. See CVE-2017-1000364. > > Compilers can emit code to probe the stack such that the guard page > cannot be skipped, but on aarch64 the probe interval is 64K by default > instead of the minimum supported page size (4K). > > This patch enforces at least 64K guard on aarch64 unless the guard > is disabled by setting its size to 0. For backward compatibility > reasons the increased guard is not reported, so it is only observable > by exhausting the address space or parsing /proc/self/maps on linux. > > On other targets the patch has no effect. If the stack probe interval > is larger than a page size on a target then ARCH_MIN_GUARD_SIZE can > be defined to get large enough stack guard on libc allocated stacks. > > The patch does not affect threads with user allocated stacks. I think this is okay. I checked that all architectures still build. I filed bug 26691 to help with tracking the backports. Would you please reference this bug in your commit message? Thanks, Florian -- Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill