Re: [PATCH 1/3] signal(i386): alternative signal stack wraparoundoccurs
From: Shi Weihua
Date: Thu Oct 04 2007 - 20:55:29 EST
Mikael Pettersson wrote::
On Thu, 4 Oct 2007 21:47:30 +0900, KAMEZAWA Hiroyuki wrote:
On Thu, 04 Oct 2007 21:33:12 +0900
Shi Weihua <shiwh@xxxxxxxxxxxxxx> wrote:
KAMEZAWA Hiroyuki wrote::
On Thu, 04 Oct 2007 20:56:14 +0900
Shi Weihua <shiwh@xxxxxxxxxxxxxx> wrote:
stack.ss_sp = addr + pagesize;
stack.ss_flags = 0;
stack.ss_size = pagesize;
Here is bad.
stack,ss_sp = addr;
stack.ss_flags = 0;
stack.ss_size = pagesize * 2;
[What the test code want to do]
addr+pagesize*2 - addr+pagesize -> sigaltstack
addr+pagesize - addr -> protected region
The code want to catch overflow when esp enter the protected region.
You have to protect the top of *registered* sigaltstack.
The reason of wraparound is %esp will be set to the bottom of sigaltstack
if it is not on sigaltstack area when signaled.
What you have to do is protect the top of registerd sigaltstack.
If %esp is in the range of registerd sigaltstack at SEGV, wraparound
will stop.
Exactly right. You mprotect or munmap the end of the altstack,
not the area beyond it.
So we tell users "Even if you protectted half of mmap's space, but you must to register all space to
kernel. " ?
The image about my test code's result:
No patch Patched
âââââââââââââ
â ââ 1 â â 3 â 1
â A â â(wraparound)
â â â
â ââ 2 â â 2
â â â
âââââââââââââ â
ââââââââââââââ 3 â â 3
âââââBâââââââ (caught)
ââprotectedââ
âââââââââââââ
âââââââââââââ
âââââââââââââ
A+B mmap's space
A sigaltstack
B protectted
I agree that if register A+B to kernel, the wraparound will stop.
But if register A to kernel, why not kernel do something?
Thanks
Shi Weihua
/Mikael
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/