I think there is an misunderstanding. What I was trying to say was:
It is legal to put arbitary data between code sequences in any code page
(e.g. gcc does it for switch I think). Now there is this classic problem
while writing a disassembler: how can it distingush between code and data.
If you add a simple scanner for the instruction sequences that break
the Ultra and the program contains these patterns as inline data then it
will not work. If you remove the exec bit on that page then the code around
the inline data won't execute and the program will break.
The same problem occurs when the crash patterns appear in the data segment
and the data segment is executable: then a crash program will still work.
Or the program could mmap() some data space and write the crash sequence
there: linux can't check when the page is first mapped because it may be
changed later. Now you could implement something like 'check-on-execute'
in the page fault handler, but the problem is that the page may still
change later: to solve it the page would need to be toggled between read-only
and non-executable: as soon as an execution occurs mark it readonly, as
soon as a write occurs mark it non executable and do checking-on-fault.
This all is horrible slow, does not work in all cases (inline data), and
would make JITs pretty pointless.
Or do I miss something here?
-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/