There are several compiler implementations that allow large stack
allocations to jump over the guard page at the end of the stack and
corrupt memory beyond that. See CVE-2017-
1000364.
Compilers can emit code to probe the stack such that the guard page
cannot be skipped, but on aarch64 the probe interval is 64K by default
instead of the minimum supported page size (4K).
This patch enforces at least 64K guard on aarch64 unless the guard
is disabled by setting its size to 0. For backward compatibility
reasons the increased guard is not reported, so it is only observable
by exhausting the address space or parsing /proc/self/maps on linux.
On other targets the patch has no effect. If the stack probe interval
is larger than a page size on a target then ARCH_MIN_GUARD_SIZE can
be defined to get large enough stack guard on libc allocated stacks.
The patch does not affect threads with user allocated stacks.
Fixes bug 26691.
{
/* Allocate some anonymous memory. If possible use the cache. */
size_t guardsize;
+ size_t reported_guardsize;
size_t reqsize;
void *mem;
const int prot = (PROT_READ | PROT_WRITE
assert (size != 0);
/* Make sure the size of the stack is enough for the guard and
- eventually the thread descriptor. */
+ eventually the thread descriptor. On some targets there is
+ a minimum guard size requirement, ARCH_MIN_GUARD_SIZE, so
+ internally enforce it (unless the guard was disabled), but
+ report the original guard size for backward compatibility:
+ before POSIX 2008 the guardsize was specified to be one page
+ by default which is observable via pthread_attr_getguardsize
+ and pthread_getattr_np. */
guardsize = (attr->guardsize + pagesize_m1) & ~pagesize_m1;
+ reported_guardsize = guardsize;
+ if (guardsize > 0 && guardsize < ARCH_MIN_GUARD_SIZE)
+ guardsize = ARCH_MIN_GUARD_SIZE;
if (guardsize < attr->guardsize || size + guardsize < guardsize)
/* Arithmetic overflow. */
return EINVAL;
/* The pthread_getattr_np() calls need to get passed the size
requested in the attribute, regardless of how large the
actually used guardsize is. */
- pd->reported_guardsize = guardsize;
+ pd->reported_guardsize = reported_guardsize;
}
/* Initialize the lock. We have to do this unconditionally since the
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE (64 * 1024)
+
/* Required stack pointer alignment at beginning. */
#define STACK_ALIGN 16
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (4 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. The ABI requires 16. */
#define STACK_ALIGN 16
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. */
#define STACK_ALIGN 4
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. SSE requires 16
bytes. */
#define STACK_ALIGN 16
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. */
#define STACK_ALIGN 8
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (8 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. */
#define STACK_ALIGN 64
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. SSE requires 16
bytes. */
#define STACK_ALIGN 16
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (32 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* IA-64 uses a normal stack and a register stack. */
#define NEED_SEPARATE_REGISTER_STACK
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. */
#define STACK_ALIGN 16
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. */
#define STACK_ALIGN 16
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. */
#define STACK_ALIGN 16
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. */
#define STACK_ALIGN 4
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (4 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. The ABI requires 16
bytes (for both 32-bit and 64-bit PowerPC). */
#define STACK_ALIGN 16
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. */
#define STACK_ALIGN 16
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. SSE requires 16
bytes. */
#define STACK_ALIGN 16
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. */
#define STACK_ALIGN 8
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. */
#define STACK_ALIGN 16
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (4 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. */
#define STACK_ALIGN 16
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. SSE requires 16
bytes. */
#define STACK_ALIGN 16
projects / thirdparty / glibc.git / commitdiff
