You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The mmap range for rlimit(RLIMIT_STACK) == RLIM_INFINITY is:
[0x2aaa'aaaaa000, 0x2baa'aaaaa000)
But that's just the base: the endpoint can go well beyond that.
Technically with different stack rlimits mmap can go anywhere from the
MAX_GAP base (the 0x1455' one) up to 0x7fff', which is a problem b/c
Umbra's mask is 0xfff' and we can easily become indistinguishable from the
low app region.
# ulimit -S -s 17179869184
# for ((i=0; i<5; i++)); do /tmp/mmap; done
mmap is 0x6f86498ae000-0x6f86518ae000
mmap is 0x6f13c0b86000-0x6f13c8b86000
mmap is 0x6f6d859f1000-0x6f6d8d9f1000
mmap is 0x6ff7d3415000-0x6ff7db415000
mmap is 0x6f10dcf06000-0x6f10e4f06000
# ulimit -S -s 1717986918400
# for ((i=0; i<5; i++)); do /tmp/mmap; done
mmap is 0x154a5db2d000-0x154a65b2d000
mmap is 0x145bcdaed000-0x145bd5aed000
mmap is 0x15128a83c000-0x15129283c000
mmap is 0x146b439e6000-0x146b4b9e6000
mmap is 0x150708103000-0x150710103000
So if we assume nobody will set the stack limit to anything between 16GB
and unlimited, we just need to handle 0x2aaa' - 0x2baa' (as the base: a
large mmap could extend well beyond there: but again if we assume no single
mmap will be over 256GB or sthg).
The solution taken for EfficiencySanitizer is similar to that used by ThreadSanitizer: if the stack rlimit is beyond what is easy to support, re-exec the process with a smaller rlimit.
The text was updated successfully, but these errors were encountered:
Xref #1889
The mmap range for rlimit(RLIMIT_STACK) == RLIM_INFINITY is:
But that's just the base: the endpoint can go well beyond that.
Technically with different stack rlimits mmap can go anywhere from the
MAX_GAP base (the 0x1455' one) up to 0x7fff', which is a problem b/c
Umbra's mask is 0xfff' and we can easily become indistinguishable from the
low app region.
So if we assume nobody will set the stack limit to anything between 16GB
and unlimited, we just need to handle 0x2aaa' - 0x2baa' (as the base: a
large mmap could extend well beyond there: but again if we assume no single
mmap will be over 256GB or sthg).
The solution taken for EfficiencySanitizer is similar to that used by ThreadSanitizer: if the stack rlimit is beyond what is easy to support, re-exec the process with a smaller rlimit.
The text was updated successfully, but these errors were encountered: