This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH v3] aarch64: enforce >=64K guard size

From: Szabolcs Nagy <szabolcs dot nagy at arm dot com>
To: GNU C Library <libc-alpha at sourceware dot org>
Cc: nd at arm dot com, Carlos O'Donell <carlos at redhat dot com>
Date: Wed, 10 Jan 2018 11:48:17 +0000
Subject: Re: [PATCH v3] aarch64: enforce >=64K guard size
Authentication-results: sourceware.org; auth=none
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Szabolcs dot Nagy at arm dot com;
Nodisclaimer: True
References: <5A54987B.6040305@arm.com>
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99

On 09/01/18 10:24, Szabolcs Nagy wrote:
> v3:
> - more comment in allocate_stack.
> - define ARCH_MIN_GUARD_SIZE explicitly for all targets.
> - rebase on top of master.
> v2:
> - only change guard size on aarch64
> - don't report the inflated guard size
> 
> There are several compiler implementations that allow large stack
> allocations to jump over the guard page at the end of the stack and
> corrupt memory beyond that. See CVE-2017-1000364.
> 
> Compilers can emit code to probe the stack such that the guard page
> cannot be skipped, but on aarch64 the probe interval is 64K instead
> of the minimum supported page size (4K).
> 
> This patch enforces at least 64K guard on aarch64 unless the guard
> is disabled by its size to 0.  For backward compatibility reasons
> the increased guard is not reported, so it is only observable by
> exhausting the address space or parsing /proc/self/maps on linux.
> 
> On other targets the patch has no effect.
> 
> The patch does not affect threads with user allocated stacks.
> 
> 2018-01-09  Szabolcs Nagy  <szabolcs.nagy@arm.com>
> 
>         * nptl/allocatestack.c (allocate_stack): Use ARCH_MIN_GUARD_SIZE.
>         * sysdeps/aarch64/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/alpha/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/arm/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/hppa/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/i386/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/ia64/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/m68k/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/microblaze/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/mips/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/nios2/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/powerpc/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/s390/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/sh/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/sparc/sparc32/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/sparc/sparc64/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/tile/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
>         * sysdeps/x86_64/nptl/pthreaddef.h (ARCH_MIN_GUARD_SIZE): Define.
> 


meanwhile this passed a build-many-glibcs.py test
is this ok for 2.27 ?

$ grep '"FAIL"' build-state.json
      "compilers-m68k-linux-gnu-coldfire gcc-first build": "FAIL",
      "glibcs-hppa-linux-gnu check": "FAIL",
      "glibcs-m68k-linux-gnu-coldfire check-compilers": "FAIL",
      "glibcs-microblaze-linux-gnu check": "FAIL",
      "glibcs-microblazeel-linux-gnu check": "FAIL",

Follow-Ups:
- Re: [PATCH v3] aarch64: enforce >=64K guard size
  - From: Florian Weimer
- Re: [PATCH v3] aarch64: enforce >=64K guard size
  - From: Szabolcs Nagy

References:
- [PATCH v3] aarch64: enforce >=64K guard size
  - From: Szabolcs Nagy

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]