From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: Two issues with stack overflow protection Date: Wed, 29 Jul 2015 19:24:57 +0300 Message-ID: <834mknx76u.fsf@gnu.org> References: <838ua0xkln.fsf@gnu.org> <55B85E43.6050306@cs.ucla.edu> <55B86E65.6030000@dancol.org> <55B87B84.4000105@cs.ucla.edu> <55B8B899.8020508@dancol.org> <55B8D299.9010704@cs.ucla.edu> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org X-Trace: ger.gmane.org 1438187141 23177 80.91.229.3 (29 Jul 2015 16:25:41 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 29 Jul 2015 16:25:41 +0000 (UTC) Cc: dancol@dancol.org, emacs-devel@gnu.org To: Paul Eggert Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Jul 29 18:25:32 2015 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1ZKUAa-0003F2-T8 for ged-emacs-devel@m.gmane.org; Wed, 29 Jul 2015 18:25:29 +0200 Original-Received: from localhost ([::1]:36033 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZKUAa-0008Gb-Bu for ged-emacs-devel@m.gmane.org; Wed, 29 Jul 2015 12:25:28 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:53507) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZKUAK-0008GV-2r for emacs-devel@gnu.org; Wed, 29 Jul 2015 12:25:12 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZKUAE-0007o2-AA for emacs-devel@gnu.org; Wed, 29 Jul 2015 12:25:12 -0400 Original-Received: from mtaout29.012.net.il ([80.179.55.185]:48344) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZKUAE-0007kD-2D for emacs-devel@gnu.org; Wed, 29 Jul 2015 12:25:06 -0400 Original-Received: from conversion-daemon.mtaout29.012.net.il by mtaout29.012.net.il (HyperSendmail v2007.08) id <0NS900M00C84YS00@mtaout29.012.net.il> for emacs-devel@gnu.org; Wed, 29 Jul 2015 19:24:42 +0300 (IDT) Original-Received: from HOME-C4E4A596F7 ([87.69.4.28]) by mtaout29.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NS900INEC96KG50@mtaout29.012.net.il>; Wed, 29 Jul 2015 19:24:42 +0300 (IDT) In-reply-to: <55B8D299.9010704@cs.ucla.edu> X-012-Sender: halo1@inter.net.il X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 80.179.55.185 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:188168 Archived-At: > Date: Wed, 29 Jul 2015 06:18:17 -0700 > From: Paul Eggert > > Daniel Colascione wrote: > >>> What's wrong with just mprotecting a guard page at the end of the stack, > >>> >>and on overflow, giving that region normal protection, unwinding as > >>> >>normal, then, at top level, restoring the guard page? > >> > > >> >Unwinding can grow the stack. > > Sure. That's why you open up more stack to do the unwinding. Having done > > that, if you still overflow, just abort. > > Yes, that was my point. Emacs already does the business about the guard page, > and opening up more stack, and so forth. The tricky part is the "if you still > overflow, just abort", something that's easy enough to describe at the high > level but perhaps not so easy to actually write the code. Part of the issue is > that the guard page business is done under the covers by the OS, not by Emacs > directly -- in general Emacs doesn't know where the guard page(s) are. Maybe I'm missing something, but none of the data structures involved in "normal" throw to top-level are on the stack, right? So why cannot we call the equivalent of (top-level) _after_ we sig_longjmp out of the signal handler?