On Tue, Oct 01, 2024 at 11:59:01PM +0100, Mark Brown wrote:
When a new thread is created by a thread with GCS enabled the GCS needs to be specified along with the regular stack.
Unfortunately plain clone() is not extensible and existing clone3() users will not specify a stack so all existing code would be broken if we mandated specifying the stack explicitly. For compatibility with these cases and also x86 (which did not initially implement clone3() support for shadow stacks) if no GCS is specified we will allocate one so when a thread is created which has GCS enabled allocate one for it. We follow the extensively discussed x86 implementation and allocate min(RLIMIT_STACK/2, 2G). Since the GCS only stores the call stack and not any variables this should be more than sufficient for most applications.
GCSs allocated via this mechanism will be freed when the thread exits.
I think Szabolcs mentioned a GCS leak with v12:
https://lore.kernel.org/r/ZtrihWQFyb2/XrQV@arm.com
(and in some private messages IIRC)
Has this been identified? The changelog only mentions a leak in v8.