about summary refs log tree commit diff
path: root/resource/vlimit.c
diff options
context:
space:
mode:
authorSzabolcs Nagy <szabolcs.nagy@arm.com>2017-12-13 15:50:21 +0000
committerSzabolcs Nagy <szabolcs.nagy@arm.com>2020-10-02 09:57:44 +0100
commit238032ead6f34c41542890b968d973eb5c839673 (patch)
treee75973d3676e26ecb1bfe37c0d7d4947d48c55c7 /resource/vlimit.c
parent2deb7793907c7995b094b3778017c0ef0bd432d5 (diff)
downloadglibc-238032ead6f34c41542890b968d973eb5c839673.tar.gz
glibc-238032ead6f34c41542890b968d973eb5c839673.tar.xz
glibc-238032ead6f34c41542890b968d973eb5c839673.zip
aarch64: enforce >=64K guard size [BZ #26691]
There are several compiler implementations that allow large stack
allocations to jump over the guard page at the end of the stack and
corrupt memory beyond that. See CVE-2017-1000364.

Compilers can emit code to probe the stack such that the guard page
cannot be skipped, but on aarch64 the probe interval is 64K by default
instead of the minimum supported page size (4K).

This patch enforces at least 64K guard on aarch64 unless the guard
is disabled by setting its size to 0.  For backward compatibility
reasons the increased guard is not reported, so it is only observable
by exhausting the address space or parsing /proc/self/maps on linux.

On other targets the patch has no effect. If the stack probe interval
is larger than a page size on a target then ARCH_MIN_GUARD_SIZE can
be defined to get large enough stack guard on libc allocated stacks.

The patch does not affect threads with user allocated stacks.

Fixes bug 26691.
Diffstat (limited to 'resource/vlimit.c')
0 files changed, 0 insertions, 0 deletions