Increase stack size to 128k and guard size to 16k

This improves our compatibility with Apple M1.
2025-07-01 16:58:30 +00:00 · 2022-12-18 22:58:29 -08:00 · 2022-12-18 22:58:29 -08:00 · dd04aeba1c
commit dd04aeba1c
parent 57c0dcdc29
36 changed files with 109 additions and 125 deletions
--- a/libc/calls/calls.mk
+++ b/libc/calls/calls.mk
@ -121,21 +121,12 @@ o/$(MODE)/libc/calls/execlp.o				\
 o/$(MODE)/libc/calls/statfs.o				\
 o/$(MODE)/libc/calls/fstatfs.o				\
 o/$(MODE)/libc/calls/execve-sysv.o			\
+o/$(MODE)/libc/calls/readlinkat-nt.o			\
 o/$(MODE)/libc/calls/execve-nt.greg.o			\
 o/$(MODE)/libc/calls/mkntenvblock.o: private		\
 		OVERRIDE_CPPFLAGS +=			\
 			-DSTACK_FRAME_UNLIMITED

-# we must disable static stack safety because:
-#   PATH_MAX*sizeof(char16_t)*2 exceeds 4096 byte frame limit
-o/$(MODE)/libc/calls/copyfile.o				\
-o/$(MODE)/libc/calls/symlinkat-nt.o			\
-o/$(MODE)/libc/calls/readlinkat-nt.o			\
-o/$(MODE)/libc/calls/linkat-nt.o			\
-o/$(MODE)/libc/calls/renameat-nt.o: private		\
-		OVERRIDE_CPPFLAGS +=			\
-			-DSTACK_FRAME_UNLIMITED
-
 # we must segregate codegen because:
 #   file contains multiple independently linkable apis
 o/$(MODE)/libc/calls/ioctl-siocgifconf.o		\
--- a/libc/calls/readlinkat-nt.c
+++ b/libc/calls/readlinkat-nt.c
@ -28,6 +28,7 @@
 #include "libc/nt/files.h"
 #include "libc/nt/runtime.h"
 #include "libc/nt/struct/reparsedatabuffer.h"
+#include "libc/runtime/stack.h"
 #include "libc/str/str.h"
 #include "libc/str/utf16.h"
 #include "libc/sysv/errfuns.h"
@ -45,7 +46,7 @@ textwindows ssize_t sys_readlinkat_nt(int dirfd, const char *path, char *buf,
  if (__mkntpathat(dirfd, path, 0, path16) == -1) return -1;
  mem = 16384;
  memory = alloca(mem);
-  for (i = 0; i < mem; i += PAGESIZE) memory[i] = 0;
+  CheckLargeStackAllocation(memory, mem);
  rdb = (struct NtReparseDataBuffer *)memory;
  if ((h = CreateFile(path16, 0, 0, 0, kNtOpenExisting,
                      kNtFileFlagOpenReparsePoint | kNtFileFlagBackupSemantics,
--- a/libc/integral/c.inc
+++ b/libc/integral/c.inc
@ -151,7 +151,7 @@ typedef struct {
 #define memcpyesque libcesque
 #define strlenesque libcesque nosideeffect paramsnonnull()
 #define vallocesque \
-  libcesque dontdiscard returnsaligned((PAGESIZE)) returnspointerwithnoaliases
+  libcesque dontdiscard returnsaligned((GUARDSIZE)) returnspointerwithnoaliases
 #define reallocesque libcesque returnsaligned((16))
 #define mallocesque  reallocesque returnspointerwithnoaliases
 #define interruptfn  nocallersavedregisters forcealignargpointer
@ -273,9 +273,9 @@ typedef struct {
  static __inline __attribute__((__always_inline__, __gnu_inline__, \
                                 __no_instrument_function__, __unused__))
 #else
-#define forceinline              \
-  static __inline __attribute__( \
-      (__always_inline__, __no_instrument_function__, __unused__))
+#define forceinline                                 \
+  static __inline __attribute__((__always_inline__, \
+                                 __no_instrument_function__, __unused__))
 #endif /* __GNUC_STDC_INLINE__ */
 #endif /* GCC >= 4.3 */
 #elif defined(_MSC_VER)
@ -677,19 +677,19 @@ typedef struct {
 #if defined(__GNUC__) || defined(__llvm__)
 #pragma GCC diagnostic ignored \
    "-Wundef" /* complaints about __ASSEMBLER__/__LINKER__  */
-#pragma GCC diagnostic ignored "-Wsign-compare" /* lint needs to change  */
-#pragma GCC diagnostic ignored "-Wtype-limits" /* makes macros unsafe  */
-#pragma GCC diagnostic ignored "-Woverflow" /* also breaks macros  */
-#pragma GCC diagnostic ignored "-Wformat" /* forces only gnu pf */
+#pragma GCC diagnostic ignored "-Wsign-compare"     /* lint needs to change  */
+#pragma GCC diagnostic ignored "-Wtype-limits"      /* makes macros unsafe  */
+#pragma GCC diagnostic ignored "-Woverflow"         /* also breaks macros  */
+#pragma GCC diagnostic ignored "-Wformat"           /* forces only gnu pf */
 #pragma GCC diagnostic ignored "-Wunused-parameter" /* extreme prejudice */
-#pragma GCC diagnostic ignored "-Wunused-function" /* contradicts dce! */
-#pragma GCC diagnostic ignored "-Wunused-const-variable" /* let me dce */
-#pragma GCC diagnostic ignored "-Wunused-variable" /* belongs in tidy */
-#pragma GCC diagnostic ignored "-Wformat-extra-args" /* is also broken */
-#pragma GCC diagnostic ignored "-Wparentheses" /* annoying tidy */
-#pragma GCC diagnostic ignored "-Wdangling-else" /* come on tidy */
-#pragma GCC diagnostic ignored "-Wformat-security" /* come on tidy */
-#pragma GCC diagnostic ignored "-Wunused-value" /* breaks macros */
+#pragma GCC diagnostic ignored "-Wunused-function"  /* contradicts dce! */
+#pragma GCC diagnostic ignored "-Wunused-const-variable"   /* let me dce */
+#pragma GCC diagnostic ignored "-Wunused-variable"         /* belongs in tidy */
+#pragma GCC diagnostic ignored "-Wformat-extra-args"       /* is also broken */
+#pragma GCC diagnostic ignored "-Wparentheses"             /* annoying tidy */
+#pragma GCC diagnostic ignored "-Wdangling-else"           /* come on tidy */
+#pragma GCC diagnostic ignored "-Wformat-security"         /* come on tidy */
+#pragma GCC diagnostic ignored "-Wunused-value"            /* breaks macros */
 #pragma GCC diagnostic ignored "-Wdeprecated-declarations" /* libcxx */
 #ifndef __cplusplus
 #pragma GCC diagnostic ignored "-Wimplicit-int"
@ -709,7 +709,7 @@ typedef struct {
 #if __GNUC__ >= 8
 #pragma GCC diagnostic ignored "-Wstringop-truncation"
 #pragma GCC diagnostic ignored "-Wstringop-overflow" /* breaks strndup */
-#endif /* GCC8+ */
+#endif                                               /* GCC8+ */
 #if __GNUC__ + 0 >= 9
 #pragma GCC diagnostic ignored /* "always true" breaks dce */ "-Waddress"
 #endif /* GCC9+ */
@ -720,8 +720,8 @@ typedef struct {
    "-Wincompatible-pointer-types-discards-qualifiers"
 #pragma clang diagnostic ignored "-Wbuiltin-requires-header"
 #pragma clang diagnostic ignored "-Wparentheses-equality" /*-save-temps*/
-#pragma clang diagnostic ignored "-Wunused-value" /*({-save-temps})*/
-#pragma clang diagnostic ignored "-Wstring-plus-int" /* special ed */
+#pragma clang diagnostic ignored "-Wunused-value"         /*({-save-temps})*/
+#pragma clang diagnostic ignored "-Wstring-plus-int"      /* special ed */
 #pragma clang diagnostic ignored "-Wunused-value" /* extreme prejudice */
 #pragma clang diagnostic ignored "-Wbuiltin-requires-header"
 #pragma clang diagnostic ignored \
@ -756,7 +756,7 @@ typedef struct {
 #if __GNUC__ >= 6
 #pragma GCC diagnostic error "-Wnonnull-compare"
 #if defined(COSMO) && !defined(MODE_DBG) && !defined(STACK_FRAME_UNLIMITED)
-#pragma GCC diagnostic error "-Wframe-larger-than=4096"
+#pragma GCC diagnostic error "-Wframe-larger-than=16384"
 #if __GNUC__ >= 9
 #pragma GCC diagnostic error "-Walloca-larger-than=1024"
 #pragma GCC diagnostic error "-Wvla-larger-than=1024"
--- a/libc/integral/normalize.inc
+++ b/libc/integral/normalize.inc
@ -70,13 +70,14 @@
 #if defined(COSMO) && (defined(MODE_DBG) || defined(__SANITIZE_ADDRESS__))
 #define STACKSIZE 262144 /* 256kb stack */
 #elif defined(COSMO)
-#define STACKSIZE 65536 /* 64kb stack */
+#define STACKSIZE 131072 /* 128kb stack */
 #else
 #define STACKSIZE 8388608 /* 8mb stack */
 #endif

 #define BIGPAGESIZE 0x200000
 #define FRAMESIZE   0x10000 /* 8086 */
+#define GUARDSIZE   0x4000  /* b/c apple m1 */
 #define PAGESIZE    0x1000  /* i386+ */
 #define BUFSIZ      0x1000  /* best stdio default */
 #define CACHELINE   0x40    /* nexgen32e */
--- a/libc/intrin/asan.c
+++ b/libc/intrin/asan.c
@ -1458,7 +1458,7 @@ static textstartup void __asan_shadow_mapping(struct MemoryIntervals *m,
 static textstartup void __asan_shadow_existing_mappings(void) {
  __asan_shadow_mapping(&_mmi, 0);
  __asan_map_shadow(GetStackAddr(), GetStackSize());
-  __asan_poison((void *)GetStackAddr(), PAGESIZE, kAsanStackOverflow);
+  __asan_poison((void *)GetStackAddr(), GUARDSIZE, kAsanStackOverflow);
 }

 __attribute__((__constructor__)) void __asan_init(int argc, char **argv,
@ -1482,7 +1482,7 @@ __attribute__((__constructor__)) void __asan_init(int argc, char **argv,
  __asan_shadow_existing_mappings();
  __asan_map_shadow((uintptr_t)_base, _end - _base);
  __asan_map_shadow(0, 4096);
-  __asan_poison(0, PAGESIZE, kAsanNullPage);
+  __asan_poison(0, GUARDSIZE, kAsanNullPage);
  if (!IsWindows()) {
    __sysv_mprotect((void *)0x7fff8000, 0x10000, PROT_READ);
  }
--- a/libc/intrin/extend.c
+++ b/libc/intrin/extend.c
@ -75,6 +75,7 @@ noasan void *_extend(void *p, size_t n, void *e, int f, intptr_t h) {
  char *q;
  _unassert(!((uintptr_t)SHADOW(p) & (G - 1)));
  _unassert((uintptr_t)p + (G << kAsanScale) <= h);
+  // TODO(jart): Make this spin less in non-ASAN mode.
  for (q = e; q < ((char *)p + n); q += 8) {
    if (!((uintptr_t)q & (G - 1))) {
      _unassert(q + G <= (char *)h);
--- a/libc/log/oncrash.c
+++ b/libc/log/oncrash.c
@ -232,7 +232,7 @@ relegated void ShowCrashReport(int err, int sig, struct siginfo *si,
      "  %s %s %s %s\n",
      !__nocolor ? "\e[30;101m" : "", !__nocolor ? "\e[0m" : "", sig,
      (ctx && (ctx->uc_mcontext.rsp >= GetStaticStackAddr(0) &&
-               ctx->uc_mcontext.rsp <= GetStaticStackAddr(0) + PAGESIZE))
+               ctx->uc_mcontext.rsp <= GetStaticStackAddr(0) + GUARDSIZE))
          ? "Stack Overflow"
          : GetSiCodeName(sig, si->si_code),
      host, getpid(), gettid(), program_invocation_name, names.sysname,
--- a/libc/mem/balloc.c
+++ b/libc/mem/balloc.c
@ -21,7 +21,7 @@

 /* TODO(jart): delete */

-#define kGuard PAGESIZE
+#define kGuard GUARDSIZE
 #define kGrain FRAMESIZE

 /**
--- a/libc/runtime/clone-linux.S
+++ b/libc/runtime/clone-linux.S
@ -44,9 +44,14 @@ sys_clone_linux:
 	ret
 2:	xor	%ebp,%ebp		# child thread
 	mov	%rbx,%rdi		# arg
+	mov	%r10,%r15		# experiment
 	mov	(%r10),%esi		# tid
 	call	*%r9			# func(arg,tid)
 	xchg	%eax,%edi		# func(arg,tid) → exitcode
+	mov	(%r15),%eax		# experiment
+	test	%eax,%eax		# experiment
+	jz	1f			# experiment
 	mov	$60,%eax		# __NR_exit(exitcode)
 	syscall
+1:	hlt				# ctid was corrupted by program!
 	.endfn	sys_clone_linux,globl,hidden
--- a/libc/runtime/clone.c
+++ b/libc/runtime/clone.c
@ -446,6 +446,7 @@ static int CloneLinux(int (*func)(void *arg, int rc), char *stk, size_t stksz,
    sp -= sizeof(int);
    sp = sp & -alignof(int);
    ctid = (int *)sp;
+    sp -= 8;  // experiment
  }
  sp = sp & -16;  // align the stack
  if ((rc = sys_clone_linux(flags, sp, ptid, ctid, tls, func, arg)) >= 0) {
--- a/libc/runtime/mmap.c
+++ b/libc/runtime/mmap.c
@ -381,10 +381,10 @@ static noasan inline void *Mmap(void *addr, size_t size, int prot, int flags,
      // however this 1mb behavior oddly enough is smart enough to not
      // apply if the mapping is a manually-created guard page.
      int e = errno;
-      if ((dm = sys_mmap(p + size - PAGESIZE, PAGESIZE, prot,
+      if ((dm = sys_mmap(p + size - GUARDSIZE, GUARDSIZE, prot,
                         f | MAP_GROWSDOWN_linux, fd, off))
              .addr != MAP_FAILED) {
-        _npassert(sys_mmap(p, PAGESIZE, PROT_NONE,
+        _npassert(sys_mmap(p, GUARDSIZE, PROT_NONE,
                           MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0)
                      .addr == p);
        dm.addr = p;
@ -412,11 +412,11 @@ static noasan inline void *Mmap(void *addr, size_t size, int prot, int flags,
    if (needguard) {
      if (!IsWindows()) {
        // make windows fork() code simpler
-        mprotect(p, PAGESIZE, PROT_NONE);
+        mprotect(p, GUARDSIZE, PROT_NONE);
      }
      if (IsAsan()) {
        __repstosb((void *)(((intptr_t)p >> 3) + 0x7fff8000),
-                   kAsanStackOverflow, PAGESIZE / 8);
+                   kAsanStackOverflow, GUARDSIZE / 8);
      }
    }
  }
--- a/libc/runtime/stack.h
+++ b/libc/runtime/stack.h
@ -122,7 +122,7 @@ extern char ape_stack_align[] __attribute__((__weak__));
 */
 #define HaveStackMemory(n) \
  (IsTiny() ||             \
-   (intptr_t)__builtin_frame_address(0) >= GetStackAddr() + PAGESIZE + (n))
+   (intptr_t)__builtin_frame_address(0) >= GetStackAddr() + GUARDSIZE + (n))

 forceinline void CheckLargeStackAllocation(void *p, ssize_t n) {
  for (; n > 0; n -= 4096) {
--- a/libc/str/memmem.c
+++ b/libc/str/memmem.c
@ -16,9 +16,9 @@
 │ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR             │
 │ PERFORMANCE OF THIS SOFTWARE.                                                │
 ╚─────────────────────────────────────────────────────────────────────────────*/
-#include "libc/intrin/likely.h"
 #include "libc/dce.h"
 #include "libc/intrin/asan.internal.h"
+#include "libc/intrin/likely.h"
 #include "libc/str/str.h"

 typedef char xmm_t __attribute__((__vector_size__(16), __aligned__(16)));
--- a/libc/str/str.mk
+++ b/libc/str/str.mk
@ -45,10 +45,6 @@ $(LIBC_STR_A).pkg:						\
 		$(LIBC_STR_A_OBJS)				\
 		$(foreach x,$(LIBC_STR_A_DIRECTDEPS),$($(x)_A).pkg)

-o/$(MODE)/libc/str/memmem.o: private				\
-		OVERRIDE_CPPFLAGS +=				\
-			-DSTACK_FRAME_UNLIMITED
-
 o/$(MODE)/libc/str/wmemset.o					\
 o/$(MODE)/libc/str/memset16.o					\
 o/$(MODE)/libc/str/dosdatetimetounix.o: private			\
--- a/libc/thread/pthread_attr_init.c
+++ b/libc/thread/pthread_attr_init.c
@ -27,7 +27,7 @@
 errno_t pthread_attr_init(pthread_attr_t *attr) {
  *attr = (pthread_attr_t){
      .__stacksize = GetStackSize(),
-      .__guardsize = PAGESIZE,
+      .__guardsize = GUARDSIZE,
  };
  return 0;
 }
--- a/libc/thread/pthread_create.c
+++ b/libc/thread/pthread_create.c
@ -174,12 +174,12 @@ static errno_t pthread_create_impl(pthread_t *thread,
    pt->flags = PT_OWNSTACK;
    pt->attr.__stacksize = MAX(pt->attr.__stacksize, GetStackSize());
    pt->attr.__stacksize = _roundup2pow(pt->attr.__stacksize);
-    pt->attr.__guardsize = ROUNDUP(pt->attr.__guardsize, PAGESIZE);
-    if (pt->attr.__guardsize + PAGESIZE >= pt->attr.__stacksize) {
+    pt->attr.__guardsize = ROUNDUP(pt->attr.__guardsize, GUARDSIZE);
+    if (pt->attr.__guardsize + GUARDSIZE >= pt->attr.__stacksize) {
      _pthread_free(pt);
      return EINVAL;
    }
-    if (pt->attr.__guardsize == PAGESIZE) {
+    if (pt->attr.__guardsize == GUARDSIZE) {
      // user is wisely using smaller stacks with default guard size
      pt->attr.__stackaddr =
          mmap(0, pt->attr.__stacksize, PROT_READ | PROT_WRITE,