RFR: 8263476: Use reserved memory for stack guard pages [v3]
Albert Mingkun Yang
ayang at openjdk.org
Fri Aug 8 19:07:13 UTC 2025
On Fri, 8 Aug 2025 15:20:13 GMT, Thomas Stuefe <stuefe at openjdk.org> wrote:
> Why we first unmap the stack area to then re-map it again, leading to the potential race I mentioned.
To ensure the reserved stack memory is contiguous, after the stack-guard-pages are removed (unguarded).
The old code also performs `munmap` as well, and the reasoning is the same, covered in the doc right before `os::pd_create_stack_guard_pages` in Linux.
> Sorry, you lost me. What is stack_top in your description? Lowest or highest address?
The lowest-address. This is the C code I used: stack-memory for main-thread is reserved ("stolen") by others and main-thread encounters segfault. Ofc, the more realistic racing is that another thread steals the stack-memory, but this is just to show the idea.
<details>
<summary>C source code</summary>
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <unistd.h>
#include <sys/mman.h>
int main(void) {
size_t page_size = sysconf(_SC_PAGESIZE);
if (page_size == (size_t)-1) {
perror("sysconf");
return 1;
}
// Current stack address
void *stack_addr = __builtin_frame_address(0);
// Pick a page ~1MB below current stack and align down
uintptr_t target = ((uintptr_t)stack_addr - 1024 * 1024) & ~(page_size - 1);
// Map one page there — "stealing" it from potential stack growth
void *m = mmap((void *)target, page_size,
PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
if (m == MAP_FAILED) {
perror("mmap");
return 1;
}
// Now force the stack to grow downward into the stolen page
// This large local array will overlap the mapping
char buf[1024 * 1024]; // ~1MB
buf[0] = 1;
// If we get here, somehow no crash occurred
printf("Unexpectedly survived.\n");
return 0;
}
</details>
> Since we do an unconditional munmap, I assume the underlying pages are guaranteed to belong to this stack.
It's not really "unconditional", we check the memory-range to be munmap belongs to [stack-start, stack-end].
-------------
PR Comment: https://git.openjdk.org/jdk/pull/26571#issuecomment-3169031521
More information about the hotspot-runtime-dev
mailing list