This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v3] aarch64: enforce >=64K guard size
- From: Szabolcs Nagy <szabolcs dot nagy at arm dot com>
- To: GNU C Library <libc-alpha at sourceware dot org>
- Cc: nd at arm dot com, Carlos O'Donell <carlos at redhat dot com>
- Date: Wed, 10 Jan 2018 11:48:17 +0000
- Subject: Re: [PATCH v3] aarch64: enforce >=64K guard size
- Authentication-results: sourceware.org; auth=none
- Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Szabolcs dot Nagy at arm dot com;
- Nodisclaimer: True
- References: <5A54987B.6040305@arm.com>
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
On 09/01/18 10:24, Szabolcs Nagy wrote:
> v3:
> - more comment in allocate_stack.
> - define ARCH_MIN_GUARD_SIZE explicitly for all targets.
> - rebase on top of master.
> v2:
> - only change guard size on aarch64
> - don't report the inflated guard size
>
> There are several compiler implementations that allow large stack
> allocations to jump over the guard page at the end of the stack and
> corrupt memory beyond that. See CVE-2017-1000364.
>
> Compilers can emit code to probe the stack such that the guard page
> cannot be skipped, but on aarch64 the probe interval is 64K instead
> of the minimum supported page size (4K).
>
> This patch enforces at least 64K guard on aarch64 unless the guard
> is disabled by its size to 0. For backward compatibility reasons
> the increased guard is not reported, so it is only observable by
> exhausting the address space or parsing /proc/self/maps on linux.
>
> On other targets the patch has no effect.
>
> The patch does not affect threads with user allocated stacks.
>
> 2018-01-09 Szabolcs Nagy <szabolcs.nagy@arm.com>
>
> * nptl/allocatestack.c (allocate_stack): Use ARCH_MIN_GUARD_SIZE.
> * sysdeps/aarch64/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/alpha/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/arm/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/hppa/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/i386/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/ia64/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/m68k/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/microblaze/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/mips/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/nios2/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/powerpc/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/s390/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/sh/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/sparc/sparc32/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/sparc/sparc64/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/tile/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> * sysdeps/x86_64/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>
meanwhile this passed a build-many-glibcs.py test
is this ok for 2.27 ?
$ grep '"FAIL"' build-state.json
"compilers-m68k-linux-gnu-coldfire gcc-first build": "FAIL",
"glibcs-hppa-linux-gnu check": "FAIL",
"glibcs-m68k-linux-gnu-coldfire check-compilers": "FAIL",
"glibcs-microblaze-linux-gnu check": "FAIL",
"glibcs-microblazeel-linux-gnu check": "FAIL",