On 06/19/2017 07:50 PM, Joseph Myers wrote: > There's a platform ABI issue here. At least some kernel fixes for these > stack issues, as I understand it, increase the size of the stack guard to > more than a single page. It would be possible to define the ABI to > require such a larger guard for protection and so reduce the number of > (non-alloca/VLA-using) functions that need probes generated, depending on > whether a goal is to achieve security on kernels without such a fix. > (Thinking in terms of how to get to enabling such probes by default.)
I think architectures such as aarch64 without implied stack probing as part of the function call sequence would benefit most from an ABI agreement (splitting the probing responsibility in some way between caller and callee). For architectures with some form of implied probing, the complications from negotiating a guard region size between GCC, kernel, glibc, and perhaps even applications (see Jakub's comment about thread stacks) outweigh the performance gains. Thanks, Florian