glibc/support/support_stack_alloc.c
H.J. Lu 17cef890c9 support: Replace _SC_MINSIGSTKSZ with _SC_SIGSTKSZ
Replace _SC_MINSIGSTKSZ with _SC_SIGSTKSZ since sysconf (_SC_MINSIGSTKSZ)
returns the minimum number of bytes of free stack space required in order
to guarantee successful, non-nested handling of a single signal whose
handler is an empty function while sysconf (_SC_SIGSTKSZ) returns the
suggested minimum number of bytes of stack space required for a signal
stack.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-07-11 07:57:31 -07:00

84 lines
3.3 KiB
C

/* Allocate a stack suitable to be used with xclone or xsigaltstack.
Copyright (C) 2021 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#include <support/check.h>
#include <support/support.h>
#include <support/xunistd.h>
#include <stdint.h>
#include <string.h>
#include <stackinfo.h>
#include <sys/mman.h>
#include <sys/param.h> /* roundup, MAX */
#ifndef MAP_NORESERVE
# define MAP_NORESERVE 0
#endif
#ifndef MAP_STACK
# define MAP_STACK 0
#endif
struct support_stack
support_stack_alloc (size_t size)
{
size_t pagesize = sysconf (_SC_PAGESIZE);
if (pagesize == -1)
FAIL_EXIT1 ("sysconf (_SC_PAGESIZE): %m\n");
/* Always supply at least sysconf (_SC_SIGSTKSZ) space; passing 0
as size means only that much space. No matter what the number is,
round it up to a whole number of pages. */
size_t stacksize = roundup (size + sysconf (_SC_SIGSTKSZ),
pagesize);
/* The guard bands need to be large enough to intercept offset
accesses from a stack address that might otherwise hit another
mapping. Make them at least twice as big as the stack itself, to
defend against an offset by the entire size of a large
stack-allocated array. The minimum is 1MiB, which is arbitrarily
chosen to be larger than any "typical" wild pointer offset.
Again, no matter what the number is, round it up to a whole
number of pages. */
size_t guardsize = roundup (MAX (2 * stacksize, 1024 * 1024), pagesize);
size_t alloc_size = guardsize + stacksize + guardsize;
/* Use MAP_NORESERVE so that RAM will not be wasted on the guard
bands; touch all the pages of the actual stack before returning,
so we know they are allocated. */
void *alloc_base = xmmap (0,
alloc_size,
PROT_NONE,
MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|MAP_STACK,
-1);
/* Some architecture still requires executable stack for the signal return
trampoline, although PF_X could be overridden if PT_GNU_STACK is present.
However since glibc does not export such information with a proper ABI,
it uses the historical permissions. */
int prot = PROT_READ | PROT_WRITE
| (DEFAULT_STACK_PERMS & PF_X ? PROT_EXEC : 0);
xmprotect (alloc_base + guardsize, stacksize, prot);
memset (alloc_base + guardsize, 0xA5, stacksize);
return (struct support_stack) { alloc_base + guardsize, stacksize, guardsize };
}
void
support_stack_free (struct support_stack *stack)
{
void *alloc_base = (void *)((uintptr_t) stack->stack - stack->guardsize);
size_t alloc_size = stack->size + 2 * stack->guardsize;
xmunmap (alloc_base, alloc_size);
}