-
Notifications
You must be signed in to change notification settings - Fork 10.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add MAP_GROWSDOWN flag for call to mmap in Linux for stack auto-resizing #2276
Conversation
252407455 |
@Peter-Levine thank you for this change. Could you please provide a bit more information:
Since this seems to be working for a majority of cases ( I assume since no one said otherwise :-) ) what are the differences between "your system" and "not your system"? Thanks again |
@gennadiycivil It's understandable. Gentoo is a source-based distribution that primarily uses sandbox during the phases of building, testing, and installing packages to ensure that the local filesystem isn't accessed or modified and that no impermissible binaries are run during such phases. One of the methods employed is the use of LD_PRELOAD to preload libsandbox.so which defines various libc filesystem related syscall wrapper function's symbols that might access, modify, or execute files of a given path, such as On my system, Note, there is, to my knowledge, no other instance of a process failing with sandbox due to a stack overflow. It is, admittedly, a problem specific to sandbox which is predominantly used in Gentoo Linux. It's your call. I can maintain the patch for the duration that I maintain the package downstream. |
@gennadiycivil So, I looked into this a bit further. In Linux, when a process runs out of stack space it gets resized as needed. A thread, with its own stack, is still supposed to behave in a similar fashion. I found this entry in the mmap Linux man page:
This flag is currently not included in the call to |
90ed9cb
to
a39906b
Compare
a39906b
to
e8f0daa
Compare
@Peter-Levine thank you for the changes. Would you be able to re-base? |
e8f0daa
to
23c9a00
Compare
@gennadiycivil Done. |
253622730 |
23c9a00
to
0f331f4
Compare
Sorry, I'm not as familiar with git as some others. I rebased to master HEAD. Is 253622730 a Google Piper rev-id? |
0f331f4
to
a3a17e3
Compare
Updated code to keep lines under 80 character. |
@Peter-Levine would it be possible to add a reproduction test? Since gentoo is using sandbox it seems plausible to add this exact scenario as one of the travis CI builds. What do you think? |
a3a17e3
to
40b6245
Compare
We are actually hoping that while you work on setting up the repro CI test you would disover that your sandbox can be set up differently and would make this change not needed. Perhaps your sandbox is set up in such as way that limits virtual memory available? |
@gennadiycivil I'll take a look at it in the next few days and see if I can reproduce it in Travis CL. |
The problem is that the sandbox is run in the same address space and with the same stack as the calling process. Upon further observation, it seems that the issue is reproducible in the portage build environment when the Regardless, I suppose it would be wrong to lay at upstream's doorstep a workaround for an outdated, largely unmaintained, and likely insecure Gentoo related library. |
I'm encountering this same issue running on CentOS 7 and compiling with gcc 10.0.2 with the |
#1274 was, I believe, closed prematurely. The downstream bug was closed as it is being patched but I'm hoping that you would consider applying the necessary change upstream. Currently, only one page of memory is allocated to
clone()
inExecDeathTestSpawnChild()
. On my system, a page is 4 KB. Examples I've seen show 1MB as a reasonable stack size for clone(). In this PR, I have chosengetpagesize() * 8
since 8 is the first multiple of 2 that, when multiplied by the page size, provides enough stack space to prevent a stack overflow in a sandboxed environment.