This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] posix_spawn: use a larger min stack for -fstack-check [BZ #21253]
- From: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
- To: Florian Weimer <fweimer at redhat dot com>, Mike Frysinger <vapier at gentoo dot org>, libc-alpha at sourceware dot org
- Date: Thu, 16 Mar 2017 08:29:26 -0300
- Subject: Re: [PATCH] posix_spawn: use a larger min stack for -fstack-check [BZ #21253]
- Authentication-results: sourceware.org; auth=none
- References: <20170316073012.22763-1-vapier@gentoo.org> <d2bf9ba2-b152-a747-6311-8078665c3dec@redhat.com>
On 16/03/2017 05:17, Florian Weimer wrote:
> On 03/16/2017 08:30 AM, Mike Frysinger wrote:
>> When glibc is built with -fstack-check, trying to use posix_spawn can
>> lead to segfaults due to gcc internally probing stack memory too far.
>> The new spawn API will allocate a minimum of 1 page, but the stack
>> checking logic might probe a couple of pages. When it tries to walk
>> them, everything falls apart.
>>
>> The gcc internal docs [1] state the default interval checking is one
>> page. Which means we need two pages (the current one, and the next
>> probed). No target currently defines it larger.
>
> GCC miscomputes the offsets in some cases, so I would not rely on this.
>
> Would it be possible compile the functions involved without -fstack-check instead?
There is some old bug reports about this GCC option which states it
somewhat unreliable in some cases [1]. However what really worries me
is the bug report [2] stating that the probe check range can wrap
around and thus totally infective in some cases (although this case
indeed might be not common).
Anyway, I am with Florian, we should not rely on this.
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=13182
[2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66479
>
>> /* Add a slack area for child's stack. */
>> size_t argv_size = (argc * sizeof (void *)) + 512;
>> - size_t stack_size = ALIGN_UP (argv_size, GLRO(dl_pagesize));
>> + /* We need at least a few pages in case the compiler's stack checking is
>> + enabled. In some configs, it is known to use at least 24KiB. */
>> + size_t stack_size = ALIGN_UP (argv_size, 32 * 1024);
>
> 64 KiB pages are common, so this reduces the stack size in many cases.
>
> Thanks,
> Florian
>