How is Stack memory allocated when using 'push' or 'sub' x86 instructions?
20 points by matklad
20 points by matklad
Kinda random StackOverflow question, but I personally haven’t realized that the stack memory for the main thread on Linux is not only lazily faulted in, but also lazily mmapped!
This is where the Stack-Clash vulnerability came from and why it wasn’t exploitable on FreeBSD (where the initial stack is mapped as normal).
This has “interesting” consequences for variable-length arrays on the stack. Traditionally, alloca() and VLAs simply adjusted the stack pointer, so they could be used as a fast bump allocator. But on modern systems stack allocation has to have a lot of extra machinery to touch pages to make sure the kernel can see what’s going on, and maybe prevent stack clash. So variable sized on-stack allocation might not be as much of a win as it might seem, plus it requires a great deal of care and attention to avoid oversize allocations: the only way VLA allocation can fail is by crashing the process, and there’s no way to find out what the limit is. VLAs are only usable in toy programs.