Re: [PATCH 2/2] arch: wire-up clone6() syscall on x86

From: Linus Torvalds
Date: Mon May 27 2019 - 15:04:32 EST

Next message: Wolfram Sang: "Re: [PATCH] i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr"
Previous message: Tord Johan Espe: "Feature request for `hid-magicmouse`"
In reply to: Christian Brauner: "Re: [PATCH 2/2] arch: wire-up clone6() syscall on x86"
Next in thread: Linus Torvalds: "Re: [PATCH 1/2] fork: add clone6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, May 27, 2019 at 5:34 AM Christian Brauner <christian@xxxxxxxxxx> wrote:
>
> Afaict, stack_size is *only* used on ia64:

That's because ia64 "stacks" are an odd non-stack thing (like so much
of the architecture).

In computer science, a stack is a FIFO that grows/shrinks according to
use. In practical implementations, it also has a direction, but the
"size" is basically not relevant if you just allow it to grow
dynamically. The key word here being "dynamically": the stack size is
inherently a dynamic thing.

So you don't really need a "stack size". The whole concept doesn't
make sense, outside of the obvious maximum limit things (ie
RLIMIT_STACK) and simply just hitting other allocations.

But ia64 is "special".

The ia64 stack isn't actually a stack. It's *two* stacks, growing in
opposite directions. One for the hardware spilling of the register
state and call frame ("backing store"), and one for the traditional
software stack.

So on ia64, the stack size suddenly becomes a fixed thing, because
it's not a dynamically growing single stack that grows in one
direction, it's literally a fixed virtual area that has two different
stacks growing towards each other.

Btw, don't get me wrong. Two stacks can be a good thing, and a lot of
security people want to have two stacks - one for actual call frame
data, and a separate one for automatic stack variables that have their
address taken.

Having separate stacks avoids the whole traditional stack smash model
(well, it avoids the one that overwrites the return frame - you can
still possibly have security issues because one function smashes the
automatic stack of a caller and then cause the caller to be confused
and do something insecure).

And the ia64 double stack kind of works that way automatically. So
"double stack" very much isn't wrong per se, but doing it the way ia64
did was too inflexible and the register stack (and rotation) was and
is just a bad idea.

Two stacks without the hw register renaming and flushing can be
lovely, and can even merit some hw support (ie the whole "Shadow
stack" model).

Linus

Next message: Wolfram Sang: "Re: [PATCH] i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr"
Previous message: Tord Johan Espe: "Feature request for `hid-magicmouse`"
In reply to: Christian Brauner: "Re: [PATCH 2/2] arch: wire-up clone6() syscall on x86"
Next in thread: Linus Torvalds: "Re: [PATCH 1/2] fork: add clone6"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]