From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) by sourceware.org (Postfix) with ESMTPS id 801F43850437 for ; Wed, 7 Jul 2021 12:17:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 801F43850437 Received: by mail-pg1-x530.google.com with SMTP id w15so2009155pgk.13 for ; Wed, 07 Jul 2021 05:17:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=VZt/UhP/lxGVgCpFu0ydyJBscNeTXy/Yf1PICKOzs+Q=; b=SC6JXoX7aHarex1GktA5Hiiu3HJjEMuNvZEqJYAKW1WuoCFthOv3GZvVlvJdDkLacc oYOZho11drw88Ps006C1eGSY+l/kkkUUkbKNfVSneWyLDY80i9kjQp+eNZ7+mE7/tCpK sI7BACf7/wJZHRXCX3eMV1YV/N1KStwOuZg+gTJun5Zjo6KcssVXtOMZOA7ksCjDgYD+ WuXczCPhAhdunXKaHlcpUKNzwL5529RBK5TTzVN1U5JMCEPSBhrSVoBfK+y8h6Y4f1Ux +AE13l2OH052qDS4jV9y18xnxrsKOrvi5wHCN+YpL3W+AJ2XIBh31IR3zR6xHhrJQZoH OSTw== X-Gm-Message-State: AOAM530MRkVEngZvmOkKTEiUFviZDSbbrGlPwgXk7b3FopUZ/DZI34qY aciqNnhppuHAwGLUkmlG2SkTRqulpjxi+w== X-Google-Smtp-Source: ABdhPJxAscIxHSLLW4WVBjWCvFvDeP9s53YaSR45juyo6RA6WbcAYNLdXNY5sJh1pPaKtnzq66zpiQ== X-Received: by 2002:a63:145d:: with SMTP id 29mr14237428pgu.135.1625660258349; Wed, 07 Jul 2021 05:17:38 -0700 (PDT) Received: from [192.168.1.108] ([177.194.59.218]) by smtp.gmail.com with ESMTPSA id d2sm1012787pfa.84.2021.07.07.05.17.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 07 Jul 2021 05:17:37 -0700 (PDT) Subject: Re: [PATCH v7 1/4] support: Add support_stack_alloc To: Florian Weimer , Adhemerval Zanella via Libc-alpha References: <20210706145839.1658623-1-adhemerval.zanella@linaro.org> <20210706145839.1658623-2-adhemerval.zanella@linaro.org> <87k0m2a0na.fsf@oldenburg.str.redhat.com> From: Adhemerval Zanella Message-ID: Date: Wed, 7 Jul 2021 09:17:35 -0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <87k0m2a0na.fsf@oldenburg.str.redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-5.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, URIBL_BLACK autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Jul 2021 12:17:42 -0000 On 07/07/2021 07:17, Florian Weimer wrote: > * Adhemerval Zanella via Libc-alpha: > >> The code to allocate a stack from xsigstack is refactored so it can >> be more generic. The new support_stack_alloc() also set PROT_EXEC >> if DEFAULT_STACK_PERMS has PF_X. This is required on some >> architectures (hppa for instance) and trying to access the rtld >> global from testsuite will require more intrusive refactoring >> in the ldsodefs.h header. > > DEFAULT_STACK_PERMS is misnamed, it's really HISTORIC_STACK_PERMS. > All architectures override it to RW permissions in the toolchain > (maybe with the exception of Hurd, which uses trampolines for nested > functions). This is in fact two different requirements, this gnulib thread gives a nice summary about the permission required from trampolines [1]. Another requirement is how Linux layout the signal return code for the signal handler stack. It seems that hppa still requires executable stacks, since tst-xsigstack does fails without a executable stack even on a recent 5.10.46-1 kernel. > > I have a cstack_allocate version that handles this. It can only be done > from within glibc proper because we do not export the stack execution > status directly. But I think it's out of scope for glibc 2.34 by now. We can in theory access the ldsodes.h fields directly and then use GL (dl_stack_flags) information to set the stack executable or not. The problem is ldsodefs.h is quite convoluted and it would require more refactoring to use outside libc.so code. But I agree with you that having less hacky way to obtain this information is better. So are you ok with the current approach or being conservative and use DEFAULT_STACK_PERMS on libsupport? > >> + /* The guard bands need to be large enough to intercept offset >> + accesses from a stack address that might otherwise hit another >> + mapping. Make them at least twice as big as the stack itself, to >> + defend against an offset by the entire size of a large >> + stack-allocated array. The minimum is 1MiB, which is arbitrarily >> + chosen to be larger than any "typical" wild pointer offset. >> + Again, no matter what the number is, round it up to a whole >> + number of pages. */ >> + size_t guardsize = roundup (MAX (2 * stacksize, 1024 * 1024), pagesize); >> + size_t alloc_size = guardsize + stacksize + guardsize; >> + /* Use MAP_NORESERVE so that RAM will not be wasted on the guard >> + bands; touch all the pages of the actual stack before returning, >> + so we know they are allocated. */ >> + void *alloc_base = xmmap (0, >> + alloc_size, >> + PROT_NONE, >> + MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|MAP_STACK, >> + -1); >> + /* PF_X can be overridden if PT_GNU_STACK is present. */ >> + int prot = PROT_READ | PROT_WRITE >> + | (DEFAULT_STACK_PERMS & PF_X ? PROT_EXEC : 0); >> + xmprotect (alloc_base + guardsize, stacksize, prot); >> + memset (alloc_base + guardsize, 0xA5, stacksize); >> + return (struct support_stack) { alloc_base + guardsize, stacksize, guardsize }; > > This doesn't handle different stack growth directions. > At least for the usages of the routine it does not require any adjustment: xsigaltstack and xclone will handle it. I saw no regression for tst-xsigaltstack and tst-clone_range. [1] https://lists.gnu.org/archive/html/bug-gnulib/2021-05/msg00080.html