On Mon, Oct 31, 2016 at 10:10:41PM +0100, Florian Weimer wrote: > * Daniel Micay: > > >> It makes a lot of sense on x86_64 where it means the canary is > >> still 56 bits. Also, you want -fstack-check for protecting again > >> stack overflows rather than stack *buffer* overflow. SSP won't > >> really help you in that regard. Sadly, while -fstack-check now > >> works well in GCC 6 with little performance cost, it's not really a > > I think GCC still does not treat the return address push on > architectures which have such a CALL instruction as an implicit stack > probe. > > >> complete feature (and Clang impls it as a no-op!). > > How many guard pages at the end of the stack does the kernel > guarantee? I saw some -fstack-check-generated code which seemed to > jump over a single guard page.
Until recently: Zero, no guard pages below stacks, stack overflow goes straight into some other allocation. Now: One guard page, thanks to a lot of work by Andy Lutomirski. (I think that change is in the current 4.9-rc3 kernel, but not in any stable kernel yet.) > The other thing I've seen which could impact the effectiveness of > -fstack-check: mmap *without* MAP_FIXED and a hint within stack > allocation can create a mapping inside the stack. That's rather > surprising, and I'm not sure if the net result is that there actually > is a guard page in all cases. > > > Note: talking about userspace after the entropy bit. The kernel doesn't > > really -fstack-check, at least in even slightly sane code... > > There used to be lots of discussions about kernel stack sizes ...
signature.asc
Description: Digital signature
