Re: [x86] Access off the bottom of stack causes a segfault?

[Brian Gerst]

Chris Lattner wrote:

> My compiler is generating accesses off the bottom of the stack (address
> below %esp).  Is there some funny kernel interaction that I should be
> aware of with this?  I'm periodically getting segfaults.
>
> Example:
>
> int main() {
>   int test[4000];
> ...
>   return 0;
> }
>
> Generated code:
>        .intel_syntax
> ...
> main:
>        mov DWORD PTR [%ESP - 16004], %EBP    # Save EBP to stack
>        mov %EBP, %ESP                        # Set up EBP
>        sub %ESP, 16004                       # Finally adjust ESP
>        lea %EAX, DWORD PTR [%EBP - 16000]    # Get the address of the array
> ...
>        mov %EAX, 0                           # Setup return value
>        mov %ESP, %EBP                        # restore ESP
>        mov %EBP, DWORD PTR [%ESP - 16004]    # Restore EBP from stack
>        ret
>
> This seems like perfectly valid X86 code (though unconventional), but it
> is causing segfaults pretty consistently (on the first instruction).
> Does the linux kernel assume that page faults will be above the stack
> pointer if the stack needs to be expanded?
>
> Thanks,
>
> -Chris
>
>  
From arch/i386/mm/fault.c:
               /*
                * accessing the stack below %esp is always a bug.
                * The "+ 32" is there due to some instructions (like
                * pusha) doing post-decrement on the stack and that
                * doesn't show up until later..
                */
               if (address + 32 < regs->esp)
                       goto bad_area;

--
               Brian Gerst

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/