summaryrefslogtreecommitdiff
path: root/sysdeps/sh
diff options
context:
space:
mode:
authorSzabolcs Nagy <szabolcs.nagy@arm.com>2017-12-13 15:50:21 +0000
committerSzabolcs Nagy <szabolcs.nagy@arm.com>2020-10-02 09:57:44 +0100
commit238032ead6f34c41542890b968d973eb5c839673 (patch)
treee75973d3676e26ecb1bfe37c0d7d4947d48c55c7 /sysdeps/sh
parent2deb7793907c7995b094b3778017c0ef0bd432d5 (diff)
downloadglibc-238032ead6f34c41542890b968d973eb5c839673.tar.gz
aarch64: enforce >=64K guard size [BZ #26691]
There are several compiler implementations that allow large stack allocations to jump over the guard page at the end of the stack and corrupt memory beyond that. See CVE-2017-1000364. Compilers can emit code to probe the stack such that the guard page cannot be skipped, but on aarch64 the probe interval is 64K by default instead of the minimum supported page size (4K). This patch enforces at least 64K guard on aarch64 unless the guard is disabled by setting its size to 0. For backward compatibility reasons the increased guard is not reported, so it is only observable by exhausting the address space or parsing /proc/self/maps on linux. On other targets the patch has no effect. If the stack probe interval is larger than a page size on a target then ARCH_MIN_GUARD_SIZE can be defined to get large enough stack guard on libc allocated stacks. The patch does not affect threads with user allocated stacks. Fixes bug 26691.
Diffstat (limited to 'sysdeps/sh')
-rw-r--r--sysdeps/sh/nptl/pthreaddef.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/sysdeps/sh/nptl/pthreaddef.h b/sysdeps/sh/nptl/pthreaddef.h
index 12106e79e1..50cedcefa6 100644
--- a/sysdeps/sh/nptl/pthreaddef.h
+++ b/sysdeps/sh/nptl/pthreaddef.h
@@ -20,6 +20,9 @@
/* Default stack size. */
#define ARCH_STACK_DEFAULT_SIZE (2 * 1024 * 1024)
+/* Minimum guard size. */
+#define ARCH_MIN_GUARD_SIZE 0
+
/* Required stack pointer alignment at beginning. */
#define STACK_ALIGN 8