Re: [x86] Access off the bottom of stack causes a segfault?
From: Richard B. Johnson
Date: Tue Oct 14 2003 - 14:29:20 EST
On Tue, 14 Oct 2003, Chris Lattner wrote:
> > > Generated code:
> > > .intel_syntax
> > > ...
> > > main:
> > > mov DWORD PTR [%ESP - 16004], %EBP # Save EBP to stack
> > ^^^^^^^^^^^^
> >
> > Yes, this is the problem (even Windows does that IIRC).
>
> Ok, I realize what's going on here. The question is, why does the linux
> kernel consider this to be a bug? Where (in the X86 specs) is it
> documented that it's illegal to access off the bottom of the stack?
>
> My compiler does a nice leaf function optimization where it does not even
> bother to adjust the stack for leaf functions, which eliminates the adds
> and subtracts entirely from these (common) functions. This completely
> invalidates the optimization.
>
> Since I'm going to have to live with lots of preexisting kernels, it looks
> like I'm going to have to disable it entirely, which is disappointing.
> I'm still curious though why this is thought to be illegal.
>
> -Chris
Any interrupt causes the return address to be pushed onto the
stack. This will overwrite any data you've put there. In principle,
in user-mode, you can write below the stack-pointer because an
interrupt uses the kernel stack. However, your data will still
get corrupted by signal delivery, etc. So as to not corrupt your
user-mode stack, the kernel calls your signal code, just like
a nested call. This means the new return address will be below
the non-signal user-mode stack-pointer value. This will surely
corrupt anything you have written below the stack-pointer.
Cheers,
Dick Johnson
Penguin : Linux version 2.4.22 on an i686 machine (797.90 BogoMips).
Note 96.31% of all statistics are fiction.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/