From: Szabolcs Nagy <nsz@port70.net>
To: Rich Felker <dalias@libc.org>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
linux-api@vger.kernel.org, libc-alpha@sourceware.org,
musl@lists.openwall.com
Subject: Re: [musl] AT_MINSIGSTKSZ mismatched interpretation kernel vs libc
Date: Sat, 31 Aug 2024 11:29:02 +0200 [thread overview]
Message-ID: <20240831092902.GA2724612@port70.net> (raw)
In-Reply-To: <20240829205436.GA14562@brightrain.aerifal.cx>
* Rich Felker <dalias@libc.org> [2024-08-29 16:54:38 -0400]:
> As I understand it, the AT_MINSIGSTKSZ auxv value is supposed to be a
> suitable runtime value for MINSIGSTKSZ (sysconf(_SC_MINSIGSTKSZ)),
> such that it's safe to pass as a size to sigaltstack. However, this is
> not how the kernel actually implements it. At least on x86 and
> powerpc, the kernel fills it via get_sigframe_size, which computes the
> size of the sigcontext/siginfo/etc to be pushed and uses that
> directly, without allowing any space for actual execution, and without
> ensuring the value is at least as large as the legacy constant
> MINSIGSTKSZ. This leads to two problems:
>
> 1. If userspace uses the value without clamping it not-below
> MINSIGSTKSZ, sigaltstack will fail with ENOMEM.
>
> 2. If the kernel needs more space than MINSIGSTKSZ just for the signal
> frame structures, userspace that trusts AT_MINSIGSTKSZ will only
> allocate enough for the frame, and the program will immediately
> crash/stack-overflow once execution passes to userspace.
>
> Since existing kernels in the wild can't be fixed, and since it looks
> like the problem is just that the kernel chose a poor definition of
> AT_MINSIGSTKSZ, I think userspace (glibc, musl, etc.) need to work
> around the problem, adding a per-arch correction term to
> AT_MINSIGSTKSZ that's basically equal to:
>
> legacy_MINSIGSTKSZ - AT_MINSIGSTKSZ as returned on legacy hw
>
> such that adding the correction term would reproduce the expected
> value MINSIGSTKSZ.
>
> The only question is whether the kernel will commit to keeping this
> behavior, or whether it would be "fixed" to include all the needed
> working space when they eventually decide they want bigger stacks for
> some new register file bloat. I think keeping the current behavior, so
> we can just add a fixed offset, is probably the best thing to do.
i think it makes sense that the kernel sets AT_MINSIGSTKSZ
according to what the kernel needs (signal frame size)
anything beyond that is up to userspace requirements (e.g.
the kernel cannot know if the libc wraps signal handlers)
it's up to the libc to adjust sysconf(_SC_MINSIGSTKSZ)
according to posix or backward compat requirements.
next prev parent reply other threads:[~2024-08-31 9:29 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-29 20:54 Rich Felker
2024-08-31 9:29 ` Szabolcs Nagy [this message]
2024-08-31 15:02 ` Rich Felker
2024-08-31 15:09 ` H.J. Lu
2024-08-31 15:41 ` Rich Felker
2024-09-02 12:07 ` Florian Weimer
2024-09-02 12:51 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240831092902.GA2724612@port70.net \
--to=nsz@port70.net \
--cc=dalias@libc.org \
--cc=libc-alpha@sourceware.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).