== Detailed Description == * Compile all binaries with stack clash protection (-fstack-clash-protection). As a result, all stack overflows (i.e., situations where the allocated stack is completely exhausted) will reliably result in crashes.
Further investigation reveals that the intent is to insure that for each thread the in-use portion of the stack has no "holes" of pages that are not mapped and present in the virtual memory of the process, and any interval of stack pages belongs to exactly one thread. The mechanism is an explicit probe which writes ~0 into [one word on] each page [incrementally] whenever a new page or pages might be added to the stack such that there could be a gap of PAGE_SIZE or more. Infinite recursion is aborted by demanding (assuming) that a page with PROT_NONE separates the growing edge of the stack from any non-stack pages. The mechanism has consequences that I have not seen mentioned in the documentation: 1) Each on-stack allocation (both fixed- and variable-sized [alloca()]) always is present and "dirty". The stack probe (or the incremental growth of <= PAGE_SIZE bytes at a time) forces it to consume separate, real RAM. In a local declaration such as this, the comment is not valid: char temp[1000000]; /* only a prefix matters for resource consumption */ 2) The explicit write by the stack probe can mask a memcheck(valgrind) violation, at least until memcheck groks the probe. 3) The stack must be at least one page of real RAM, with at least one terminating guard page that has PROT_NONE. No more threads with small stacks packed sequentially adjacent. 4) All code must be generated by a compiler that enforces the probing policy, and all language support run-time routines also must enforce the policy. No mixing of old or foreign compilers with the new gcc. No mixing of old or foreign C libraries with the new glibc. Direct use by an app developer of the 'clone' system call is forbidden. -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
