diff options
author | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2017-12-13 15:50:21 +0000 |
---|---|---|
committer | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2020-10-02 09:57:44 +0100 |
commit | 238032ead6f34c41542890b968d973eb5c839673 (patch) | |
tree | e75973d3676e26ecb1bfe37c0d7d4947d48c55c7 /support/capture_subprocess.h | |
parent | 2deb7793907c7995b094b3778017c0ef0bd432d5 (diff) | |
download | glibc-238032ead6f34c41542890b968d973eb5c839673.tar.gz glibc-238032ead6f34c41542890b968d973eb5c839673.tar.xz glibc-238032ead6f34c41542890b968d973eb5c839673.zip |
aarch64: enforce >=64K guard size [BZ #26691]
There are several compiler implementations that allow large stack allocations to jump over the guard page at the end of the stack and corrupt memory beyond that. See CVE-2017-1000364. Compilers can emit code to probe the stack such that the guard page cannot be skipped, but on aarch64 the probe interval is 64K by default instead of the minimum supported page size (4K). This patch enforces at least 64K guard on aarch64 unless the guard is disabled by setting its size to 0. For backward compatibility reasons the increased guard is not reported, so it is only observable by exhausting the address space or parsing /proc/self/maps on linux. On other targets the patch has no effect. If the stack probe interval is larger than a page size on a target then ARCH_MIN_GUARD_SIZE can be defined to get large enough stack guard on libc allocated stacks. The patch does not affect threads with user allocated stacks. Fixes bug 26691.
Diffstat (limited to 'support/capture_subprocess.h')
0 files changed, 0 insertions, 0 deletions