1

I test stack overflow with linux 5.10 and qemu 5.2.93. It also can't detect the overflow on stack. Here is my sample example

#include <stdio.h>

int main(int argc, char** argv)
{
    volatile char pad[10];
    char s[10];
    for(int i=0; i<atoi(argv[1]); i++)
    {
        s[i] = i;
    }
    return 0;
}

I compile it with clang-13

clang -target aarch64-linux -march=armv8+memtag -fuse-ld=lld stack.c -o stack -fsanitize=memtag -static

I run the qemu with a simple filesystem

qemu-system-aarch64 -machine virt,mte=on -cpu max -kernel ./linux/arch/arm64/boot/Image -nographic -append "console=ttyAMA0" -m 1024 -initrd ./filesystem.cpio.gz -net nic -monitor /dev/null

and

./stack 17

There is nothing happen.

Or anyone can tell me how to run this on fvp monitor. I also use a MTE enabled kernel, fvp version 11.8.37. And I enable fvp mte with -C cluster0.memory_tagging_support_level=2. After all of this, there is also nothing happened with above stack overflow program.

echo
  • 11
  • 1
  • You run linux guest in qemu and when it loads, run your program with an argument begger than 10? – nevilad Apr 26 '21 at 15:51
  • I also test with ./stack 11, and There is the same result. And I think MTE will tag memory with 16byte aligned, so I test it with 17. – echo Apr 27 '21 at 01:35
  • Did you ran your binary on the host? Does it crash? – nevilad Apr 27 '21 at 14:00
  • I'm going to make the same suggestion I did for the very similar question here: https://stackoverflow.com/questions/67071289/qemu-hosting-mte-enabled-kernel-does-not-raise-fault -- try the example MTE program from the kernel documentation. That will tell you whether the issue is in the kernel/emulator, or if the problem is clang not doing what you expect. – Peter Maydell Apr 27 '21 at 14:20
  • @nevilad Host is X86_64 ubuntu which obviously does not support MTE, and it should never crash. – echo Apr 28 '21 at 01:59
  • @PeterMaydell Thanks a lot, I tested example MTE program from kernel documentation, and it does work, it seems must enable PROT_MTE on memory. I view the above qeustion and missed this suggestion. Thanks for answer me again. – echo Apr 28 '21 at 02:20
  • Right, that's what the other questioner found too. I think that clang is just not behaving the way that you or they were expecting. It would probably be a good idea to ask about this on a clang mailing list or similar place. – Peter Maydell Apr 28 '21 at 15:48

0 Answers0