This is an archive of the discontinued LLVM Phabricator instance.

Differential D23589

Fix hang caused by memory corruption caused by insufficient alternate stack space for signal handlers.
ClosedPublic

Authored by bryant on Aug 16 2016, 4:18 PM.

Details

Reviewers
rsmith
Summary

On systems that support alternate signal stack frames,, the code currently asks
for MINSIGSTKSZ + 8192 _bytes_, which translates to roughly 10 KiB. However,
this amount is far too low and results in later signal handlers writing past the
bounds of their allotted space.

On trunk builds compiled with the latest libcxx/-abi, the result is an acutely
unpleasant hang (as opposed to abort) upon false assertions.

The new size of 8 MiB was on the discerned similarity between "8192" and the
default Linux stack size of 8192 KiB:

$ ulimit -s
8192

Source of original code: https://reviews.llvm.org/rL270273

Diff Detail

Repository
rL LLVM

Event Timeline

bryant updated this revision to Diff 68270.Aug 16 2016, 4:18 PM
bryant retitled this revision from to Fix hang caused by memory corruption caused by insufficient alternate stack space for signal handlers..
bryant updated this object.
bryant added a reviewer: rsmith.
bryant set the repository for this revision to rL LLVM.
bryant added a subscriber: llvm-commits.
bryant updated this revision to Diff 68280.Aug 16 2016, 4:29 PM

Fix typo.

joerg added a subscriber: joerg.Aug 17 2016, 1:31 AM

I find that size to be excessive. Sure, two pages on many architectures is very small, but a more reasonable and still conservative limit would be 1MB top.

bryant updated this revision to Diff 68463.Aug 17 2016, 5:29 PM

8 MiB => 1 MiB

rsmith edited edge metadata.EditedAug 22 2016, 3:26 PM

1MB is *huge* for a sigaltstack. What are we doing in our signal handlers that requires more than 8KB? It'd be preferable to figure out how much we're actually using, and allocate some small multiple of that.

bryant added a comment.Aug 22 2016, 3:57 PM

I don't know of any technique to measure max stack usage outside of breaking on writes to $rsp in gdb, or binary searching for the value of AltStackSize that causes a hang. Both are terrible for large programs. If you or anyone else have suggestions to do this, I'd love to hear them.

bryant added a comment.Aug 22 2016, 4:23 PM

So I bit the bullet and binary searched for the hang. The magic value seems to be MINSIGSTKSZ + 8192 + 512 + 256 - 128 + 64 - 32 + 16 - 8 - 4 - 2 + 1 + 1 = MINGSIGSTKSZ + 8868. Below this, hang. So I suppose 64KiB as discussed over IRC would be reasonable for the near future. 64K ought to be enough for anyone.

bryant updated this revision to Diff 68929.Aug 22 2016, 4:26 PM
bryant edited edge metadata.

"'64K ought to be enough for anyone' -- bill gates " -- bryant.

rsmith accepted this revision.Aug 22 2016, 4:49 PM
rsmith edited edge metadata.
This revision is now accepted and ready to land.Aug 22 2016, 4:49 PM
rsmith closed this revision.Aug 23 2016, 6:03 PM

Committed as r279599.

vitalybuka added a subscriber: vitalybuka.Aug 24 2016, 1:14 PM

This patch has memory leaks:
http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fast/builds/15762/steps/check-llvm%20asan/logs/stdio

vitalybuka added a comment.Aug 24 2016, 1:47 PM

it is already fixed by r279605

Revision Contents

PathSize
lib/
Support/
Unix/
2 lines

Diff 68929

lib/Support/Unix/Signals.inc

Show First 20 LinesShow All 121 Lines▼ Show 20 Lines
#if defined(HAVE_SIGALTSTACK) #if defined(HAVE_SIGALTSTACK)
// Hold onto the old alternate signal stack so that it's not reported as a leak. // Hold onto the old alternate signal stack so that it's not reported as a leak.
// We don't make any attempt to remove our alt signal stack if we remove our // We don't make any attempt to remove our alt signal stack if we remove our
// signal handlers; that can't be done reliably if someone else is also trying // signal handlers; that can't be done reliably if someone else is also trying
// to do the same thing. // to do the same thing.
static stack_t OldAltStack; static stack_t OldAltStack;
static void CreateSigAltStack() { static void CreateSigAltStack() {
const size_t AltStackSize = MINSIGSTKSZ + 8192; const size_t AltStackSize = MINSIGSTKSZ + 64 * 1024;
// If we're executing on the alternate stack, or we already have an alternate // If we're executing on the alternate stack, or we already have an alternate
// signal stack that we're happy with, there's nothing for us to do. Don't // signal stack that we're happy with, there's nothing for us to do. Don't
// reduce the size, some other part of the process might need a larger stack // reduce the size, some other part of the process might need a larger stack
// than we do. // than we do.
if (sigaltstack(nullptr, &OldAltStack) != 0 || if (sigaltstack(nullptr, &OldAltStack) != 0 ||
OldAltStack.ss_flags & SS_ONSTACK || OldAltStack.ss_flags & SS_ONSTACK ||
(OldAltStack.ss_sp && OldAltStack.ss_size >= AltStackSize)) (OldAltStack.ss_sp && OldAltStack.ss_size >= AltStackSize))
▲ Show 20 LinesShow All 359 LinesShow Last 20 Lines