From: Dave Martin via Libc-alpha <libc-alpha@sourceware.org>
To: Florian Weimer <fweimer@redhat.com>
Cc: linux-arch <linux-arch@vger.kernel.org>,
Len Brown <len.brown@intel.com>, Tony Luck <tony.luck@intel.com>,
Dave Martin via Libc-alpha <libc-alpha@sourceware.org>,
"Ravi V. Shankar" <ravi.v.shankar@intel.com>,
Linux API <linux-api@vger.kernel.org>,
"Chang S. Bae" <chang.seok.bae@intel.com>,
the arch/x86 maintainers <x86@kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Dave Hansen <dave.hansen@intel.com>,
Andy Lutomirski <luto@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
Borislav Petkov <bp@suse.de>, Ingo Molnar <mingo@kernel.org>
Subject: Re: [RFC PATCH 0/4] x86: Improve Minimum Alternate Stack Size
Date: Wed, 7 Oct 2020 11:19:34 +0100 [thread overview]
Message-ID: <20201007101933.GF6642@arm.com> (raw)
In-Reply-To: <87362rp65v.fsf@oldenburg2.str.redhat.com>
On Tue, Oct 06, 2020 at 08:21:00PM +0200, Florian Weimer wrote:
> * Dave Martin via Libc-alpha:
>
> > On Tue, Oct 06, 2020 at 08:33:47AM -0700, Dave Hansen wrote:
> >> On 10/6/20 8:25 AM, Dave Martin wrote:
> >> > Or are people reporting real stack overruns on x86 today?
> >>
> >> We have real overruns. We have ~2800 bytes of XSAVE (regisiter) state
> >> mostly from AVX-512, and a 2048 byte MINSIGSTKSZ.
> >
> > Right. Out of interest, do you believe that's a direct consequence of
> > the larger kernel-generated signal frame, or does the expansion of
> > userspace stack frames play a role too?
>
> I must say that I do not quite understand this question.
>
> 32 64-*byte* registers simply need 2048 bytes of storage space worst
> case, there is really no way around that.
If the architecture grows more or bigger registers, and if those
registers are used in general-purpose code, then all stack frames will
tend to grow, not just the signal frame.
So a stack overflow might be caused by the larger signal frame by
itself; or it might be caused by the growth of the stack of 20 function
frames created by someone's signal handler.
In the latter case, this is just a "normal" stack overflow, and nothing
really to do with signals or SIGSTKSZ. Rebuilding with different
compiler flags could also grow the stack usage and cause just the same
problem.
I also strongly suspect that people often don't think about signal
nesting when allocating signal stacks. So, there might be a pre-
existing potential overflow that just becomes more likely when the
signal frame grows. That's not really SIGSTKSZ's fault.
Of course, AVX-512 might never be used in general-purpose code. On
AArch64, SVE can be used in general-purpose code, but it's too early to
say what its prevalence will be in signal handlers. Probably low.
> > In practice software just assumes SIGSTKSZ and then ignores the problem
> > until / unless an actual stack overflow is seen.
> >
> > There's probably a lot of software out there whose stack is
> > theoretically too small even without AVX-512 etc. in the mix, especially
> > when considering the possibility of nested signals...
>
> That is certainly true. We have seen problems with ntpd, which
> requested a 16 KiB stack, at a time when there were various deductions
> from the stack size, and since the glibc dynamic loader also uses XSAVE,
> ntpd exceeded the remaining stack space. But in this case, we just
> fudged the stack size computation in pthread_create and made it less
> likely that the dynamic loader was activated, which largely worked
> around this particular problem. For MINSIGSTKSZ, we just don't have
> this option because it's simply too small in the first place.
>
> I don't immediately recall a bug due to SIGSTKSZ being too small. The
> test cases I wrote for this were all artificial, to raise awareness of
> this issue (applications treating these as recommended values, rather
> than minimum value to avoid immediately sigaltstack/phtread_create
> failures, same issue with PTHREAD_STACK_MIN).
Ack, I think if SIGSTKSZ was too small significantly often, there would
be more awareness of the issue.
Cheers
---Dave
next prev parent reply other threads:[~2020-10-07 10:19 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-29 20:57 [RFC PATCH 0/4] x86: Improve Minimum Alternate Stack Size Chang S. Bae via Libc-alpha
2020-09-29 20:57 ` [RFC PATCH 1/4] x86/signal: Introduce helpers to get the maximum signal frame size Chang S. Bae via Libc-alpha
2020-10-05 13:42 ` Dave Martin via Libc-alpha
2020-10-06 17:45 ` Bae, Chang Seok via Libc-alpha
2020-10-07 10:05 ` Dave Martin via Libc-alpha
2020-10-08 22:43 ` Bae, Chang Seok via Libc-alpha
2020-10-12 13:26 ` Dave Martin via Libc-alpha
2020-09-29 20:57 ` [RFC PATCH 2/4] x86/elf: Support a new ELF aux vector AT_MINSIGSTKSZ Chang S. Bae via Libc-alpha
2020-09-29 20:57 ` [RFC PATCH 3/4] x86/signal: Prevent an alternate stack overflow before a signal delivery Chang S. Bae via Libc-alpha
2020-09-29 20:57 ` [RFC PATCH 4/4] selftest/x86/signal: Include test cases for validating sigaltstack Chang S. Bae via Libc-alpha
2020-10-05 13:45 ` [RFC PATCH 0/4] x86: Improve Minimum Alternate Stack Size Dave Martin via Libc-alpha
2020-10-05 21:17 ` H.J. Lu via Libc-alpha
2020-10-06 9:25 ` Dave Martin via Libc-alpha
2020-10-06 12:12 ` H.J. Lu via Libc-alpha
2020-10-06 15:18 ` H.J. Lu via Libc-alpha
2020-10-06 15:43 ` Dave Martin via Libc-alpha
2020-10-06 16:52 ` H.J. Lu via Libc-alpha
2020-10-06 15:25 ` Dave Martin via Libc-alpha
2020-10-06 15:33 ` Dave Hansen via Libc-alpha
2020-10-06 17:00 ` Dave Martin via Libc-alpha
2020-10-06 18:21 ` Florian Weimer via Libc-alpha
2020-10-07 10:19 ` Dave Martin via Libc-alpha [this message]
2020-10-06 18:30 ` Dave Hansen via Libc-alpha
2020-10-07 10:20 ` Dave Martin via Libc-alpha
2020-10-06 15:34 ` H.J. Lu via Libc-alpha
2020-10-06 16:55 ` Dave Martin via Libc-alpha
2020-10-06 17:44 ` H.J. Lu via Libc-alpha
2020-10-07 10:47 ` Dave Martin via Libc-alpha
2020-10-07 13:30 ` H.J. Lu via Libc-alpha
2020-10-07 15:45 ` Dave Martin via Libc-alpha
2020-10-07 17:43 ` H.J. Lu via Libc-alpha
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/libc/involved.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201007101933.GF6642@arm.com \
--to=libc-alpha@sourceware.org \
--cc=Dave.Martin@arm.com \
--cc=bp@suse.de \
--cc=chang.seok.bae@intel.com \
--cc=dave.hansen@intel.com \
--cc=fweimer@redhat.com \
--cc=len.brown@intel.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@kernel.org \
--cc=ravi.v.shankar@intel.com \
--cc=tglx@linutronix.de \
--cc=tony.luck@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).