The 08/09/2023 16:34, Mark Brown wrote:
On Wed, Aug 09, 2023 at 03:24:14PM +0100, Catalin Marinas wrote:
On Mon, Aug 07, 2023 at 11:00:08PM +0100, Mark Brown wrote:
+* When GCS is enabled for a thread a new Guarded Control Stack will be
- allocated for it of size RLIMIT_STACK / 2 or 2 gigabytes, whichever is
- smaller.
Is this number based on the fact that a function call would only push the LR to GCS while standard function prologue pushes at least two registers?
It's actually based on bitrot that I'd initially chosen a smaller value since it's likely that functions will push at least something as you suggest, the patches now just use RLIMIT_STACK. I'll fix.
the pcs requires 16byte aligned stack frames, with 8byte per gcs entry there is no need for same gcs size as stack size in userspace.
you can argue about a fixed size small increment (stacksize/2 + inc) for signal handling on alt stack and special tokens, but stack size is overkill i think.
fwiw my current makecontext patch uses roundup(stacksize/2+160). (threads guaranteed to have about 300bytes of data on the stack in glibc so if gcs is stacksize/2, that accounts for the increment. this is for the theoretical case when an empty thread just tries to overflow the stack and then handle the fault on sigaltstack.)