mirror of
https://sourceware.org/git/glibc.git
synced 2025-01-15 05:20:05 +00:00
238032ead6
There are several compiler implementations that allow large stack allocations to jump over the guard page at the end of the stack and corrupt memory beyond that. See CVE-2017-1000364. Compilers can emit code to probe the stack such that the guard page cannot be skipped, but on aarch64 the probe interval is 64K by default instead of the minimum supported page size (4K). This patch enforces at least 64K guard on aarch64 unless the guard is disabled by setting its size to 0. For backward compatibility reasons the increased guard is not reported, so it is only observable by exhausting the address space or parsing /proc/self/maps on linux. On other targets the patch has no effect. If the stack probe interval is larger than a page size on a target then ARCH_MIN_GUARD_SIZE can be defined to get large enough stack guard on libc allocated stacks. The patch does not affect threads with user allocated stacks. Fixes bug 26691.
45 lines
1.7 KiB
C
45 lines
1.7 KiB
C
/* Copyright (C) 2002-2020 Free Software Foundation, Inc.
|
|
This file is part of the GNU C Library.
|
|
|
|
The GNU C Library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2.1 of the License, or (at your option) any later version.
|
|
|
|
The GNU C Library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
License along with the GNU C Library. If not, see
|
|
<https://www.gnu.org/licenses/>. */
|
|
|
|
/* Default stack size. */
|
|
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
|
|
|
|
/* Minimum guard size. */
|
|
#define ARCH_MIN_GUARD_SIZE 0
|
|
|
|
/* Required stack pointer alignment at beginning. SSE requires 16
|
|
bytes. */
|
|
#define STACK_ALIGN 16
|
|
|
|
/* Minimal stack size after allocating thread descriptor and guard size. */
|
|
#define MINIMAL_REST_STACK 2048
|
|
|
|
/* Alignment requirement for TCB. */
|
|
#define TCB_ALIGNMENT 16
|
|
|
|
|
|
/* Location of current stack frame.
|
|
|
|
__builtin_frame_address (0) returns the value of the hard frame
|
|
pointer, which will point at the location of the saved PC on the
|
|
stack. Below this in memory is the remainder of the linkage info,
|
|
occupying 12 bytes. Therefore in order to address from
|
|
CURRENT_STACK_FRAME using "struct layout", we need to have the macro
|
|
return the hard FP minus 12. Of course, this makes no sense
|
|
without the obsolete APCS stack layout... */
|
|
#define CURRENT_STACK_FRAME (__builtin_frame_address (0) - 12)
|