Re: [PATCH 1/3] signal(i386): alternative signal stack wraparound occurs

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Shi Weihua

Subject: Re: [PATCH 1/3] signal(i386): alternative signal stack wraparound occurs

Date: Thursday, October 4, 2007 - 5:55 pm

Mikael Pettersson wrote::
quoted text> On Thu, 4 Oct 2007 21:47:30 +0900, KAMEZAWA Hiroyuki wrote:
>> On Thu, 04 Oct 2007 21:33:12 +0900
>> Shi Weihua <shiwh@cn.fujitsu.com> wrote:
>>
>>> KAMEZAWA Hiroyuki wrote::
>>>> On Thu, 04 Oct 2007 20:56:14 +0900
>>>> Shi Weihua <shiwh@cn.fujitsu.com> wrote:
>>>>
>>>>> 	stack.ss_sp = addr + pagesize;
>>>>> 	stack.ss_flags = 0;
>>>>> 	stack.ss_size = pagesize;
>>>> Here is bad. 
>>>> stack,ss_sp = addr;
>>>> stack.ss_flags = 0;
>>>> stack.ss_size = pagesize * 2;
>>> [What the test code want to do]
>>> addr+pagesize*2 - addr+pagesize	 -> sigaltstack
>>> addr+pagesize	- addr		 -> protected region
>>> The code want to catch overflow when esp enter the protected region.
>>>
>> You have to protect the top of *registered* sigaltstack.
>> The reason of wraparound is %esp will be set to the bottom of sigaltstack
>> if it is not on sigaltstack area when signaled.
>> What you have to do is protect the top of registerd sigaltstack.
>> If %esp is in the range of registerd sigaltstack at SEGV, wraparound
>> will stop.
> 
> Exactly right. You mprotect or munmap the end of the altstack,
> not the area beyond it.
So we tell users "Even if you protectted half of mmap's space, but you must to register all space to 
kernel. " ?

The image about my test code's result:
               No patch        Patched
┌───────────┐
│           │← 1 ┌ ← 3          ← 1
│    A      │    │(wraparound)
│           │    │
│           │← 2 │              ← 2
│           │    │
├───────────┤    │
│▒▒▒▒▒▒▒▒▒▒▒│← 3 ┘              ← 3
│▒▒▒▒B▒▒▒▒▒▒│                  (caught)
│▒protected▒│
│▒▒▒▒▒▒▒▒▒▒▒│
│▒▒▒▒▒▒▒▒▒▒▒│
└───────────┘
A+B  mmap's space
A    sigaltstack
B    protectted

I agree that if register A+B to kernel, the wraparound will stop.
But if register A to kernel, why not kernel do something?

Thanks
Shi Weihua
quoted text> 
> /Mikael
> 
> 
> 

-
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: [PATCH 1/3] signal(i386): alternative signal stack wra ..., Mikael Pettersson, (Thu Oct 4, 6:08 am)

Re: [PATCH 1/3] signal(i386): alternative signal stack wra ..., Shi Weihua, (Thu Oct 4, 5:55 pm)

Navigation

Popular discussions


linux-kernel:
Greg KH	Og dreams of kernels
Jens Axboe	[PATCH 31/33] Fusion: sg chaining support
Arnd Bergmann	Re: finding your own dead "CONFIG_" variables
Mark Brown	[PATCH 2/2] Subject: natsemi: Allow users to disable workaround for DspCfg reset
Tony Breeds	[LGUEST] Look in object dir for .config
git:
Brian Downing	Re: Git in a Nutshell guide
John Benes	Re: master has some toys
Matthias Lederhofer	[PATCH 4/7] introduce GIT_WORK_TREE to specify the work tree
Alexander Sulfrian