From: Jann Horn <email@example.com> To: "Michael Kerrisk (man-pages)" <firstname.lastname@example.org> Cc: Christian Brauner <email@example.com>, Florian Weimer <firstname.lastname@example.org>, Christian Brauner <email@example.com>, lkml <firstname.lastname@example.org>, linux-man <email@example.com>, Kees Cook <firstname.lastname@example.org>, Oleg Nesterov <email@example.com>, Arnd Bergmann <firstname.lastname@example.org>, David Howells <email@example.com>, Pavel Emelyanov <firstname.lastname@example.org>, Andrew Morton <email@example.com>, Adrian Reber <firstname.lastname@example.org>, Andrei Vagin <email@example.com>, Linux API <firstname.lastname@example.org>, Ingo Molnar <email@example.com> Subject: Re: For review: documentation of clone3() system call Date: Mon, 11 Nov 2019 15:55:35 +0100 Message-ID: <CAG48ez2of684J6suPZpko7JFV6hg5KQsrP0KAn8B8-C3PM9OfQ@mail.gmail.com> (raw) In-Reply-To: <firstname.lastname@example.org> On Sat, Nov 9, 2019 at 9:10 AM Michael Kerrisk (man-pages) <email@example.com> wrote: [...] > On 11/7/19 4:19 PM, Christian Brauner wrote: > > On Fri, Oct 25, 2019 at 06:59:31PM +0200, Michael Kerrisk (man-pages) wrote: [...] > >> The stack argument specifies the location of the stack used by the > >> child process. Since the child and calling process may share mem‐ > >> ory, it is not possible for the child process to execute in the > >> same stack as the calling process. The calling process must > >> therefore set up memory space for the child stack and pass a > >> pointer to this space to clone(). Stacks grow downward on all > > > > It might be a good idea to advise people to use mmap() to create a > > stack. The "canonical" way of doing this would usually be something like > > > > #define DEFAULT_STACK_SIZE (4 * 1024 * 1024) /* 8 MB usually on Linux */ > > void *stack = mmap(NULL, DEFAULT_STACK_SIZE, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0); > > > > (Yes, the MAP_STACK is usally a noop but people should always include it > > in case some arch will have weird alignment requirement in which case > > this flag can be changed to actually do something...) > > So, I'm getting a little bit of an education here, and maybe you are > going to further educate me. Long ago, I added the documentation of > MAP_STACK to mmap(2), but I never quite connected the dots. > > However, you say MAP_STACK is *usually* a noop. As far as I can see, > in current kernels it is *always* a noop. And AFAICS, since it was first > added in 2.6.27 (2008), it has always been a noop. > > I wonder if it will always be a noop. [...] > So, my understanding from the above is that MAP_STACK was added to > allow a possible fix on some old architectures, should anyone decide it > was worth doing the work of implementing it. But so far, after 12 years, > no one did. It kind of looks like no one ever will (since those old > architectures become less and less relevant). > > So, AFAICT, while it's not wrong to tell people to use mmap(MAP_STACKED), > it doesn't provide any benefit (and perhaps never will), and it is a > more clumsy than plain old malloc(). > > But, it could well be that there's something I still don't know here, > and I'd be interested to get further education. Not on Linux, but on OpenBSD, they do use MAP_STACK now AFAIK; this was announced here: <http://openbsd-archive.7691.n7.nabble.com/stack-register-checking-td338238.html>. Basically they periodically check whether the userspace stack pointer points into a MAP_STACK region, and if not, they kill the process. So even if it's a no-op on Linux, it might make sense to advise people to use the flag to improve portability? I'm not sure if that's something that belongs in Linux manpages. Another reason against malloc() is that when setting up thread stacks in proper, reliable software, you'll probably want to place a guard page (in other words, a 4K PROT_NONE VMA) at the bottom of the stack to reliably catch stack overflows; and you probably don't want to do that with malloc, in particular with non-page-aligned allocations.
next prev parent reply index Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-10-25 16:59 Michael Kerrisk (man-pages) 2019-10-25 17:07 ` Christian Brauner 2019-11-07 12:26 ` Michael Kerrisk (man-pages) 2019-10-26 2:28 ` G. Branden Robinson 2019-10-31 6:06 ` Michael Kerrisk (man-pages) 2019-10-28 15:12 ` Jann Horn 2019-10-28 17:21 ` Christian Brauner 2019-10-28 19:09 ` Jann Horn 2019-10-29 11:27 ` Christian Brauner 2019-10-29 14:26 ` Christian Brauner 2019-10-29 14:36 ` Florian Weimer 2019-10-29 16:04 ` Christian Brauner 2019-10-29 15:20 ` Jann Horn 2019-10-29 16:05 ` Christian Brauner 2019-11-07 15:19 ` Christian Brauner 2019-11-07 16:10 ` Florian Weimer 2019-11-09 8:09 ` Michael Kerrisk (man-pages) 2019-11-09 16:53 ` Christian Brauner 2019-11-11 9:02 ` Michael Kerrisk (man-pages) 2019-11-11 11:36 ` Christian Brauner 2019-11-11 19:56 ` Michael Kerrisk (man-pages) 2019-11-11 14:55 ` Jann Horn [this message] 2019-11-11 16:58 ` Theodore Y. Ts'o 2019-11-11 20:24 ` Jann Horn 2019-11-12 23:03 ` Kees Cook 2019-11-14 12:15 ` Michael Kerrisk (man-pages) 2019-11-14 12:29 ` Christian Brauner 2019-11-11 15:03 ` Florian Weimer 2019-11-11 15:15 ` Jann Horn 2019-11-11 15:20 ` Florian Weimer
Reply instructions: You may reply publically to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=CAG48ez2of684J6suPZpko7JFV6hg5KQsrP0KAn8B8-C3PM9OfQ@mail.gmail.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Linux-man Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/linux-man/0 linux-man/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 linux-man linux-man/ https://lore.kernel.org/linux-man \ email@example.com public-inbox-index linux-man Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.linux-man AGPL code for this site: git clone https://public-inbox.org/public-inbox.git