Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Skip the main thread's manual stack guard on Linux #43072
Linux doesn't allocate the whole stack right away, and the kernel has its own stack-guard mechanism to fault when growing too close to an existing mapping. If we map our own guard, then the kernel starts enforcing a rather large gap above that, rendering much of the possible stack space useless.
Instead, we'll just note where we expect rlimit to start faulting, so our handler can report "stack overflow", and trust that the kernel's own stack guard will work.
Strictly speaking, Rust claims support for Linux kernels >= 2.6.18, and stack guards were only added to mainline in 2.6.36 for CVE-2010-2240. But since that vulnerability was so severe, the guards were backported to many stable branches, and Red Hat patched this all the way back to RHEL3's 2.4.21! I think it's reasonable for us to assume that any supportable kernel should have these stack guards.
At that time, the kernel only enforced one page of padding between the stack and other mappings, but thanks to Stack Clash that padding is now much larger, causing #43052. The kernel side of those fixes are in CVE-2017-1000364, which Red Hat has backported to at least RHEL5's 2.6.18 so far.