Re: [PATCH v7 1/4] support: Add support_stack_alloc

[Florian Weimer via Libc-alpha <libc-alpha@sourceware.org>]

* Adhemerval Zanella via Libc-alpha:

> The code to allocate a stack from xsigstack is refactored so it can
> be more generic.  The new support_stack_alloc() also set PROT_EXEC
> if DEFAULT_STACK_PERMS has PF_X.  This is required on some
>  architectures (hppa for instance) and trying to access the rtld
> global from testsuite will require more intrusive refactoring
> in the ldsodefs.h header.

DEFAULT_STACK_PERMS is misnamed, it's really HISTORIC_STACK_PERMS.
All architectures override it to RW permissions in the toolchain
(maybe with the exception of Hurd, which uses trampolines for nested
functions).

I have a cstack_allocate version that handles this.  It can only be done
from within glibc proper because we do not export the stack execution
status directly.  But I think it's out of scope for glibc 2.34 by now.

> +  /* The guard bands need to be large enough to intercept offset
> +     accesses from a stack address that might otherwise hit another
> +     mapping.  Make them at least twice as big as the stack itself, to
> +     defend against an offset by the entire size of a large
> +     stack-allocated array.  The minimum is 1MiB, which is arbitrarily
> +     chosen to be larger than any "typical" wild pointer offset.
> +     Again, no matter what the number is, round it up to a whole
> +     number of pages.  */
> +  size_t guardsize = roundup (MAX (2 * stacksize, 1024 * 1024), pagesize);
> +  size_t alloc_size = guardsize + stacksize + guardsize;
> +  /* Use MAP_NORESERVE so that RAM will not be wasted on the guard
> +     bands; touch all the pages of the actual stack before returning,
> +     so we know they are allocated.  */
> +  void *alloc_base = xmmap (0,
> +                            alloc_size,
> +                            PROT_NONE,
> +                            MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|MAP_STACK,
> +                            -1);
> +  /* PF_X can be overridden if PT_GNU_STACK is present.  */
> +  int prot = PROT_READ | PROT_WRITE
> +	     | (DEFAULT_STACK_PERMS & PF_X ? PROT_EXEC : 0);
> +  xmprotect (alloc_base + guardsize, stacksize, prot);
> +  memset (alloc_base + guardsize, 0xA5, stacksize);
> +  return (struct support_stack) { alloc_base + guardsize, stacksize, guardsize };

This doesn't handle different stack growth directions.

Thanks,
Florian