On Mar 25, 2021, at 09:20, Borislav Petkov [off-list ref] wrote:

$ gcc tst-minsigstksz-2.c -DMY_MINSIGSTKSZ=3453 -o tst-minsigstksz-2
$ ./tst-minsigstksz-2
tst-minsigstksz-2: changed byte 50 bytes below configured stack

Whoops.

And the debug print said:

[ 5395.252884] signal: get_sigframe: sp: 0x7f54ec39e7b8, sas_ss_sp: 0x7f54ec39e6ce, sas_ss_size 0xd7d

which tells me that, AFAICT, your check whether we have enough alt stack
doesn't seem to work in this case.

Yes, in this case.

tst-minsigstksz-2.c has this code:

static void
handler (int signo)
{
  /* Clear a bit of on-stack memory.  */
  volatile char buffer[256];
  for (size_t i = 0; i < sizeof (buffer); ++i)
    buffer[i] = 0;
  handler_run = 1;
}
…

  if (handler_run != 1)
    errx (1, "handler did not run");

  for (void *p = stack_buffer; p < stack_bottom; ++p)
    if (*(unsigned char *) p != 0xCC)
      errx (1, "changed byte %zd bytes below configured stack\n",
            stack_bottom - p);
…

I think the message comes from the handler’s overwriting, not from the kernel.

The patch's check is to detect and prevent the kernel-induced overflow --
whether alt stack enough for signal delivery itself.  The stack is possibly
not enough for the signal handler's use as the kernel does not know for it.

Thanks,
Chang