<html>
    <head>
      <base href="http://llvm.org/bugs/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - Windows implementation of segmented stacks uses invalid TCB slot"
   href="http://llvm.org/bugs/show_bug.cgi?id=21081">21081</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Windows implementation of segmented stacks uses invalid TCB slot
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>libraries
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>trunk
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>PC
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Backend: X86
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>unassignedbugs@nondot.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>andersrb@gmail.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>llvmbugs@cs.uiuc.edu
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr></table>
      <p>
        <div>
        <pre>The implementation of segmented stacks for i686 and x86_64 Windows uses the
'pvArbitrary' (aka 'ArbitraryUserPointer') field of the TCB to store the stack
limit (`$fs:0x14` on win32 or `$gs:0x28` on win64).

As indicated by Raymond Chen[1] this slot is, contrary to some information, not
free for use by applications, and will cause various mysterious bugs.

This has been a major source of pain in Rust[2][3][4], which at this point only
uses segmented stacks for stack overflow protection, and is presently switching
to stack probes instead.

I'm not aware of other candidate TCB slots to use for this purpose, so
segmented stacks on Windows may not be viable with the current technique.

[1]: <a href="http://stackoverflow.com/questions/9261455/tib-custom-storage">http://stackoverflow.com/questions/9261455/tib-custom-storage</a>
[2]: <a href="https://github.com/rust-lang/rust/issues/13259">https://github.com/rust-lang/rust/issues/13259</a>
[3]: <a href="https://github.com/rust-lang/rust/issues/13073">https://github.com/rust-lang/rust/issues/13073</a>
[4]: <a href="https://github.com/rust-lang/rust/issues/10315">https://github.com/rust-lang/rust/issues/10315</a></pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are on the CC list for the bug.</li>
      </ul>
    </body>
</html>