Re: [PATCH] posix_spawn: use a larger min stack for -fstack-check [BZ #21253]

[Adhemerval Zanella <adhemerval dot zanella at linaro dot org>]

On 16/03/2017 05:17, Florian Weimer wrote:
> On 03/16/2017 08:30 AM, Mike Frysinger wrote:
>> When glibc is built with -fstack-check, trying to use posix_spawn can
>> lead to segfaults due to gcc internally probing stack memory too far.
>> The new spawn API will allocate a minimum of 1 page, but the stack
>> checking logic might probe a couple of pages.  When it tries to walk
>> them, everything falls apart.
>>
>> The gcc internal docs [1] state the default interval checking is one
>> page.  Which means we need two pages (the current one, and the next
>> probed).  No target currently defines it larger.
> 
> GCC miscomputes the offsets in some cases, so I would not rely on this.
> 
> Would it be possible compile the functions involved without -fstack-check instead?

There is some old bug reports about this GCC option which states it
somewhat unreliable in some cases [1].  However what really worries me
is the bug report [2] stating that the probe check range can wrap
around and thus totally infective in some cases (although this case
indeed might be not common).

Anyway, I am with Florian, we should not rely on this.

[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=13182
[2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66479

> 
>>    /* Add a slack area for child's stack.  */
>>    size_t argv_size = (argc * sizeof (void *)) + 512;
>> -  size_t stack_size = ALIGN_UP (argv_size, GLRO(dl_pagesize));
>> +  /* We need at least a few pages in case the compiler's stack checking is
>> +     enabled.  In some configs, it is known to use at least 24KiB.  */
>> +  size_t stack_size = ALIGN_UP (argv_size, 32 * 1024);
> 
> 64 KiB pages are common, so this reduces the stack size in many cases.
> 
> Thanks,
> Florian
>