Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use stack probes instead of split stacks for overflow protection on windows #17563

Merged
merged 5 commits into from
Sep 30, 2014
Merged

Use stack probes instead of split stacks for overflow protection on windows #17563

merged 5 commits into from
Sep 30, 2014

Conversation

brson
Copy link
Contributor

@brson brson commented Sep 26, 2014

This is the bare minimum to stop using split stacks on Windows, fixing #13259 and #14742, by turning on stack probes for all functions and disabling compiler and runtime support for split stacks on Windows.

It does not restore the out-of-stack error message, which requires more runtime work.

This includes a test that the Windows TCB is no longer being clobbered, but the out-of-stack test itself is pretty weak, only testing that the program exits abnormally, not that it isn't writing to bogus memory, so I haven't truly verified that this is providing the safety we claim.

A more complete solution is in #16388, which has some unresolved issues yet.

cc @Zoxc @klutzy @vadimcn

@rust-highfive
Copy link
Collaborator

warning Warning warning

  • These commits modify unsafe code. Please review it carefully!

@brson
Copy link
Contributor Author

brson commented Sep 26, 2014

There's at least one other place to fix: 09:15 < klutzy> brson: librustdoc/lib.rs also contains #13259-related hack

@brson
Copy link
Contributor Author

brson commented Sep 26, 2014

Added the rustdoc fix.

@brson
Copy link
Contributor Author

brson commented Sep 26, 2014

This is still not quite right. 'probe-stack' is not needed (and doesn't do anything); llvm automatically generates stack probes on windows.

@brson
Copy link
Contributor Author

brson commented Sep 26, 2014

Should be complete now.

@thestinger
Copy link
Contributor

The test needs to be ignored / stubbed out on non-Windows platforms. An alternative is having a test of #[thread_local] that's only ignored on Android, since it will now work fine on Windows in the main thread.

@thestinger thestinger mentioned this pull request Sep 27, 2014
Closed
bors added a commit that referenced this pull request Sep 30, 2014
@bors
auto merge of #17563 : brson/rust/wintcbfix, r=thestinger
d2f8d4c 
This is the bare minimum to stop using split stacks on Windows, fixing #13259 and #14742, by turning on stack probes for all functions and disabling compiler and runtime support for split stacks on Windows.

It does not restore the out-of-stack error message, which requires more runtime work.

This includes a test that the Windows TCB is no longer being clobbered, but the out-of-stack test itself is pretty weak, only testing that the program exits abnormally, not that it isn't writing to bogus memory, so I haven't truly verified that this is providing the safety we claim.

A more complete solution is in #16388, which has some unresolved issues yet.

cc @Zoxc @klutzy @vadimcn
@bors bors closed this Sep 30, 2014
@bors bors merged commit bdeb1d7 into rust-lang:master Sep 30, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@brson @rust-highfive @thestinger @bors