Preventing stack guard-page hopping

Posted Jun 21, 2017 14:57 UTC (Wed) by zblaxell (subscriber, #26385)
In reply to: Preventing stack guard-page hopping by nix
Parent article: Preventing stack guard-page hopping

If the program uses the huge thing it allocated on the stack then it's going to fault in all the pages anyway, and that's a pretty big hit the first time around, much larger than the cost of the probe.

On the other hand, if a function is being called in a loop then the probes keep happening over and over even though the page faults don't, so the probing gets expensive.

For programs that handle toxic data there might not be a quick and easy solution--they might just have to suck up the cost of doing probes all the time, or use other techniques (e.g. constant-stack algorithm proofs, coding standards forbidding alloca() and sparse structures, etc.) to make sure stack overflows don't happen.

Since changes to alloca require recompiling the program, it's up to individual applications to make the performance/security tradeoff anyway. Isn't there already a compiler option to do this?

Preventing stack guard-page hopping

Posted Jun 22, 2017 22:37 UTC (Thu) by mikemol (guest, #83507) [Link]

They could also tune these performance/security trade-offs on a routine-by-routine basis, by stuffing sensitive routines in their own compilation unit.

LTO will need to be careful to let these considerations bubble up to the final binary, however.