diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2022-10-22 08:07:09 +0200 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2022-10-22 08:46:57 +0200 |
| commit | b68da100ba37623ca9655c70125d744c11486f7d (patch) | |
| tree | 090e18afebac18206a0891108779bf11270370a4 | |
| parent | 5715a297a77c7497a4ec936cedc28a0b35c2bf9d (diff) | |
| download | passt-b68da100ba37623ca9655c70125d744c11486f7d.tar passt-b68da100ba37623ca9655c70125d744c11486f7d.tar.gz passt-b68da100ba37623ca9655c70125d744c11486f7d.tar.bz2 passt-b68da100ba37623ca9655c70125d744c11486f7d.tar.lz passt-b68da100ba37623ca9655c70125d744c11486f7d.tar.xz passt-b68da100ba37623ca9655c70125d744c11486f7d.tar.zst passt-b68da100ba37623ca9655c70125d744c11486f7d.zip | |
util: Set NS_FN_STACK_SIZE to one eighth of ulimit-reported maximum stack size2022_10_22.b68da10
...instead of one fourth. On the main() -> conf() -> nl_sock_init()
call path, LTO from gcc 12 on (at least) x86_64 decides to inline...
everything: nl_sock_init() is effectively part of main(), after
commit 3e2eb4337bc0 ("conf: Bind inbound ports with
CAP_NET_BIND_SERVICE before isolate_user()").
This means we exceed the maximum stack size, and we get SIGSEGV,
under any condition, at start time, as reported by Andrea on a recent
build for CentOS Stream 9.
The calculation of NS_FN_STACK_SIZE, which is the stack size we
reserve for clones, was previously obtained by dividing the maximum
stack size by two, to avoid an explicit check on architecture (on
PA-RISC, also known as hppa, the stack grows up, so we point the
clone to the middle of this area), and then further divided by two
to allow for any additional usage in the caller.
Well, if there are essentially no function calls anymore, this is
not enough. Divide it by eight, which is anyway much more than
possibly needed by any clone()d callee.
I think this is robust, so it's a fix in some sense. Strictly
speaking, though, we have no formal guarantees that this isn't
either too little or too much.
What we should do, eventually: check cloned() callees, there are just
thirteen of them at the moment. Note down any stack usage (they are
mostly small helpers), bonus points for an automated way at build
time, quadruple that or so, to allow for extreme clumsiness, and use
as NS_FN_STACK_SIZE. Perhaps introduce a specific condition for hppa.
Reported-by: Andrea Bolognani <abologna@redhat.com>
Fixes: 3e2eb4337bc0 ("conf: Bind inbound ports with CAP_NET_BIND_SERVICE before isolate_user()")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
| -rw-r--r-- | util.h | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -72,7 +72,7 @@ #define IPV4_IS_LOOPBACK(addr) \ ((addr) >> IN_CLASSA_NSHIFT == IN_LOOPBACKNET) -#define NS_FN_STACK_SIZE (RLIMIT_STACK_VAL * 1024 / 4) +#define NS_FN_STACK_SIZE (RLIMIT_STACK_VAL * 1024 / 8) #define NS_CALL(fn, arg) \ do { \ char ns_fn_stack[NS_FN_STACK_SIZE]; \ |