On 10/10/20 5:08 AM, Bruno Haible wrote:
On Linux, the kernel allows the stack to grow by any amount, if it does not become closer than 1 MB to another VMA and does not violate the set limits. See linux/mm/mmap.c:expand_downwards and linux/mm/mmap.c:acct_stack_growth. Therefore on Linux, there is no need for a guard page and no need for 'gcc -fstack-clash-protection'.
There's still a need, if a function declares a large local variable, as the stack pointer can jump around the 1 MB barrier and trash other storage. If I compile the attached program with 'gcc -m32 -O2 stackish.c' on Fedora 31 x86-64, the program exits with status 255 (instead of crashing with a stack overflow as it should), because the stack has overflowed and has stomped on the heap. So stack overflow checking is not "just working", at least for this particular case.
#include <stdlib.h> #include <string.h> int growby (int bsize, int argc) { char b[bsize]; for (int i = 0; i <= argc + 256; i++) b[i] = i; return b[argc] - b[argc + 256]; } int main (int argc, char **argv) { int psize = argc + 1024 * 1024 * 1024; char *p = calloc (psize, 1); int bsize = (char *) &p - (p + psize/2); int status = growby (bsize, argc); for (int i = 0; i < psize; i++) status |= p[i]++; return status; }