From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS17314 8.43.84.0/22 X-Spam-Status: No, score=-3.4 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,NICE_REPLY_A, RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS,URIBL_BLACK shortcircuit=no autolearn=no autolearn_force=no version=3.4.2 Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 370AD1F8C6 for ; Wed, 7 Jul 2021 12:18:02 +0000 (UTC) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 163BE3850437 for ; Wed, 7 Jul 2021 12:18:01 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 163BE3850437 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1625660281; bh=VZt/UhP/lxGVgCpFu0ydyJBscNeTXy/Yf1PICKOzs+Q=; h=Subject:To:References:Date:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=CBbf2AL7a6qUZrYJ+DcX1ncx5ceW3HKMdz4TP43TaN605F+8/NM7NZ3IlZFzvFPKA khGbrdeAnFcNDxOCBhkIGhSTxjc4gT5v10p3vvkK9IBpjP7+5NLBaLKNim8c7JyF+3 i71KVhX3qCCh1uBkkawAaOMkDtMKvKnmVNRU/MBA= Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) by sourceware.org (Postfix) with ESMTPS id 801F43850437 for ; Wed, 7 Jul 2021 12:17:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 801F43850437 Received: by mail-pg1-x530.google.com with SMTP id w15so2009155pgk.13 for ; Wed, 07 Jul 2021 05:17:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=VZt/UhP/lxGVgCpFu0ydyJBscNeTXy/Yf1PICKOzs+Q=; b=SC6JXoX7aHarex1GktA5Hiiu3HJjEMuNvZEqJYAKW1WuoCFthOv3GZvVlvJdDkLacc oYOZho11drw88Ps006C1eGSY+l/kkkUUkbKNfVSneWyLDY80i9kjQp+eNZ7+mE7/tCpK sI7BACf7/wJZHRXCX3eMV1YV/N1KStwOuZg+gTJun5Zjo6KcssVXtOMZOA7ksCjDgYD+ WuXczCPhAhdunXKaHlcpUKNzwL5529RBK5TTzVN1U5JMCEPSBhrSVoBfK+y8h6Y4f1Ux +AE13l2OH052qDS4jV9y18xnxrsKOrvi5wHCN+YpL3W+AJ2XIBh31IR3zR6xHhrJQZoH OSTw== X-Gm-Message-State: AOAM530MRkVEngZvmOkKTEiUFviZDSbbrGlPwgXk7b3FopUZ/DZI34qY aciqNnhppuHAwGLUkmlG2SkTRqulpjxi+w== X-Google-Smtp-Source: ABdhPJxAscIxHSLLW4WVBjWCvFvDeP9s53YaSR45juyo6RA6WbcAYNLdXNY5sJh1pPaKtnzq66zpiQ== X-Received: by 2002:a63:145d:: with SMTP id 29mr14237428pgu.135.1625660258349; Wed, 07 Jul 2021 05:17:38 -0700 (PDT) Received: from [192.168.1.108] ([177.194.59.218]) by smtp.gmail.com with ESMTPSA id d2sm1012787pfa.84.2021.07.07.05.17.37 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 07 Jul 2021 05:17:37 -0700 (PDT) Subject: Re: [PATCH v7 1/4] support: Add support_stack_alloc To: Florian Weimer , Adhemerval Zanella via Libc-alpha References: <20210706145839.1658623-1-adhemerval.zanella@linaro.org> <20210706145839.1658623-2-adhemerval.zanella@linaro.org> <87k0m2a0na.fsf@oldenburg.str.redhat.com> Message-ID: Date: Wed, 7 Jul 2021 09:17:35 -0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 In-Reply-To: <87k0m2a0na.fsf@oldenburg.str.redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Adhemerval Zanella via Libc-alpha Reply-To: Adhemerval Zanella Errors-To: libc-alpha-bounces+e=80x24.org@sourceware.org Sender: "Libc-alpha" On 07/07/2021 07:17, Florian Weimer wrote: > * Adhemerval Zanella via Libc-alpha: > >> The code to allocate a stack from xsigstack is refactored so it can >> be more generic. The new support_stack_alloc() also set PROT_EXEC >> if DEFAULT_STACK_PERMS has PF_X. This is required on some >> architectures (hppa for instance) and trying to access the rtld >> global from testsuite will require more intrusive refactoring >> in the ldsodefs.h header. > > DEFAULT_STACK_PERMS is misnamed, it's really HISTORIC_STACK_PERMS. > All architectures override it to RW permissions in the toolchain > (maybe with the exception of Hurd, which uses trampolines for nested > functions). This is in fact two different requirements, this gnulib thread gives a nice summary about the permission required from trampolines [1]. Another requirement is how Linux layout the signal return code for the signal handler stack. It seems that hppa still requires executable stacks, since tst-xsigstack does fails without a executable stack even on a recent 5.10.46-1 kernel. > > I have a cstack_allocate version that handles this. It can only be done > from within glibc proper because we do not export the stack execution > status directly. But I think it's out of scope for glibc 2.34 by now. We can in theory access the ldsodes.h fields directly and then use GL (dl_stack_flags) information to set the stack executable or not. The problem is ldsodefs.h is quite convoluted and it would require more refactoring to use outside libc.so code. But I agree with you that having less hacky way to obtain this information is better. So are you ok with the current approach or being conservative and use DEFAULT_STACK_PERMS on libsupport? > >> + /* The guard bands need to be large enough to intercept offset >> + accesses from a stack address that might otherwise hit another >> + mapping. Make them at least twice as big as the stack itself, to >> + defend against an offset by the entire size of a large >> + stack-allocated array. The minimum is 1MiB, which is arbitrarily >> + chosen to be larger than any "typical" wild pointer offset. >> + Again, no matter what the number is, round it up to a whole >> + number of pages. */ >> + size_t guardsize = roundup (MAX (2 * stacksize, 1024 * 1024), pagesize); >> + size_t alloc_size = guardsize + stacksize + guardsize; >> + /* Use MAP_NORESERVE so that RAM will not be wasted on the guard >> + bands; touch all the pages of the actual stack before returning, >> + so we know they are allocated. */ >> + void *alloc_base = xmmap (0, >> + alloc_size, >> + PROT_NONE, >> + MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|MAP_STACK, >> + -1); >> + /* PF_X can be overridden if PT_GNU_STACK is present. */ >> + int prot = PROT_READ | PROT_WRITE >> + | (DEFAULT_STACK_PERMS & PF_X ? PROT_EXEC : 0); >> + xmprotect (alloc_base + guardsize, stacksize, prot); >> + memset (alloc_base + guardsize, 0xA5, stacksize); >> + return (struct support_stack) { alloc_base + guardsize, stacksize, guardsize }; > > This doesn't handle different stack growth directions. > At least for the usages of the routine it does not require any adjustment: xsigaltstack and xclone will handle it. I saw no regression for tst-xsigaltstack and tst-clone_range. [1] https://lists.gnu.org/archive/html/bug-gnulib/2021-05/msg00080.html