On Saturday 24 December 2005 07:03, Denis Vlasenko wrote:
> + movl %esp, %edi
> + movl %edi, %ecx
> + andl $~0x1000, %edi
> + subl %edi, %ecx
>
> ecx will be equal to ?
0x1000 with 8k stacks, so long as %esp in in the top page of the 2 page
stack. 0x0 otherwise. Which explains why the poisoning crashes the kernel
with 4k stacks.
But there's another problem with Dick Johnson's approach, and that is that
he doesn't clear the poison when a kernel stack is freed. (I don't believe
the kernel does this automatically, though I could be mistaken). And that
means that the results can't be trusted: if you have a string of 20 Qs,
_something's_ overwritten the rest, but that something wasn't necessarily
using the memory as a stack at the time. More than that, with the Qs
spread over two pages it's quite possible for one page to be overwritten
and the other still free with it's 20 or so Qs.
HTH,
Andrew Wade
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]