-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'solaris' runtime stack guard conflicts with OS stack-clash mitigation #52577
Comments
Please submit a PR with the patch. |
The most important question here probably concerns the backwards compatibility. "Just" disabling the code path for Seems to me that "fixing" this in illumos would be better if we care about back-compat. |
I planned to wait until consensus was reached about the right path forward before submitting a PR with anything.
The same can be said about older deployments of Linux which lack the enhanced stack-clash protections. Is it inappropriate to rely on its simpler OS-provided guard page on systems without stack-clash protection? The mapping of
Considering that there are over 9 months of illumos platforms in the wild on which rust's latest bits will abort, "fixing" illumos does not seem so attractive. How would it differ from Linux's change to its own stack handling? |
Is it true that this bug has only begun with 1.27 (I’ve only noticed this point now)? Given that the only changes present in 1.27 in that file are from #48575 perhaps reverting that PR would fix the issue altogether? The only other approach I’m comfortable with is ignoring the errors from syscalls on solaris, which will hide the actual bugs if they ever happen, but at least both new and old solarises will be properly supported. |
@nagisa I think stack guard is always enabled so it has nothing to do with my PR? |
seems to imply that 1.24 was working but 1.27 is not, everything else being the same? @pfmooney is that right? Is the "2018Q2 update" something resembling an update between, say, Ubuntu releases? If so, can you please check versions 1.26 to 1.24 with other parts of your system being the same? |
My argument for #43072 was that this is fine. Rust was only adding a simple single-page guard, so if the OS already has this, we're not protecting it any better. Then with the additional protections for Stack Clash, Rust's guard page made things actually worse. Do the older illumos systems still have some basic protection for overflow? If so, then I think you can use the same logic I did. Trust that the older OS guard is at least as good as our own, and that the newer OS will do even better with Stack Clash. So perhaps
If you look at the backtrace, this error is happening from the |
Correct. The rustc 1.24.1 shipped in 2018Q1 works fine on a system bearing the stack-clash protections. In pre-release testing of 1.27.0 for 2018Q2, it was found to abort due to the added guard. (In order to make it useful, 2018Q2 bears the included patch)
SmartOS ships images based on branches/snapshots of pkgsrc. The OS platform image, consisting of the kernel and system libraries, is independent of these images and can vary from machine to machine. My test environment, for example, happens to be running a
I only have the 1.24.0 binaries presently at hand, but I can look into building a few of the intermediary versions.
On older platforms, the deterministic layout of the address space results in an unoccupied page between the upper limit of the stack and the last mapping of
Yep, that sounds ideal to me. |
Binaries from 1.26.2 appear to work fine on a system with the stack-clash protection. |
discussed at T-compiler meeting. Assigning to self to take point on this. Not 100% sure whether we will treat this as P-medium (which is my current inclination) or P-high, so I'm leaving the P- label unset for now until I can investigate further |
By the way @pfmooney are there any instances of illumos getting their own target triplet? |
I've heard nothing besides what you wrote up in #55553. |
Just to follow up on this, we're in the process of creating and testing a new illumos OS target for rust. The current proposed plan is that the illumos target will disable rust stack probes in its spec file. Newer versions of the rust toolchain in pkgsrc will be updated to use this new target as the default (instead of x86_64-sun-solaris). This should I believe fix the problem, while allowing anyone using rust on actual Solaris platforms to benefit from the rust stack guards while allowing illumos platforms to use the built-in stack-clash mitigation. Once ready, we would also like to contribute back the code for the new target (essentially the spec files + a small amount of updates other crates to make them aware of the illumos target as necessary, plus a few bits fo code to fill in a few gaps). |
There has been significant changes to the code is hypothesized to have injected this bug. We've gone back to running rustc in a spawned thread by default (in PR #56813; though that did not restore all aspects of the code from before PR #48575 landed). And then well after that, PR #56732 got rid of In parallel, I have to imagine that much has happened on the Illumos side. So the question now is: Is there still a bug to resolve here? cc @pfmooney and @jasonbking |
@pnkfelix , @jasonbking You might want to follow up with @jperkin about confirming the behavior and pulling that patch out of the pkgsrc build. |
Additional testing seems to suggest this is not currently an issue. Absent evidence to the contrary, I'm closing this out. Thanks for your help. |
We have found the stack guard logic present in rust 1.27 conflicts with the OS-provided mitigation present in illumos distributions. This became clear on SmartOS when the 2018Q2 pkgsrc update moved from rust 1.24 to 1.27. Those binaries, compiled on an old platform without the mitigation, bail immediately on machines that do possess it
The details of how the two guards are conflicting can be found written up in OS-7059. The stack-clash mitigation was added to SmartOS and OmniOS back in October 2017. It was merged into illumos-gate this past week, marking its availability for any remaining downstream distributions.
Our temporary mitigation has been to float a patch in pkgsrc to treat the 'solaris' platform like 'linux', disabling the stack-guard mapping:
Considering the rest of the illumos ecosystem is (or soon will be) effected by this issue, it would be nice to get that stack-guard exclusion moved into upstream rust.
The text was updated successfully, but these errors were encountered: