Re: crashme fault

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Sat, 15 Sep 2007, Randy Dunlap wrote:
> Command: ./crashme +2000 666 1000 1:00:00 1

Ok, that's close to what I was testing (one of the examples from the 
crashme docs).

> > The original gjc crashme doesn't even do a "mprotect(PROT_EXEC)" by default
> > (nor does it even compile on a modern unix), so it's not going to do
> > anything. I hacked it up, and it appears to work ok for me, but I'm not at
> > all confident that I'm even close to recreating what you are doing.
> 
> So I'm missing some mprotect() call also?
> Oops.

Yeah, by default, it won't do a mprotect(), so as far as I can tell, 
you're always going to hit NX on a writable data page. I'm running with 
the appended patch.

That said, I didn't actually *check* that the mprotect makes any 
difference, and maybe you have one of the early EM64T chips that didn't 
have NX support at all. Or maybe it's dodgy, and is actually the whole 
*reason* for the page fault problem..

I don't have any P4's capable of 64-bit operation (nor do I really want 
any ;)

		Linus

---
diff --git a/crashme.c b/crashme.c
index 5e7e663..19a2fbb 100644
--- a/crashme.c
+++ b/crashme.c
@@ -1,3 +1,5 @@
+#define pyr
+#define PAGSIZ 4096
 /* crashme: Create a string of random bytes and then jump to it.
             crashme [+]<nbytes>[.inc] <srand> <ntrys> [nsub] [verboseness] */
 
@@ -143,7 +145,6 @@ a script.
 #include <sys/mman.h>
 #include <sys/types.h>
 #include <sys/param.h>
-#include <sys/vmmac.h>
 #define strchr index
 #endif
 
@@ -215,7 +216,7 @@ unsigned char *bad_malloc(n)
 {unsigned char *data;
  data = (unsigned char *) malloc(n);
 #ifdef pyr
- if (mprotect(((int)data/PAGSIZ)*PAGSIZ, (n/PAGSIZ+1)*PAGSIZ,
+ if (mprotect(((long)data/PAGSIZ)*PAGSIZ, (n/PAGSIZ+1)*PAGSIZ,
 	      PROT_READ|PROT_WRITE|PROT_EXEC))
    perror("mprotect");
 #endif
@@ -259,11 +260,8 @@ void my_signal(sig, func)
  signal(sig, func);
 #else
  struct sigaction act;
+ memset(&act, 0, sizeof(act));
  act.sa_handler = func;
- act.sa_mask = 0;
-#ifdef linux
- act.sa_restorer = 0;
-#endif /* linux */
  act.sa_flags = SA_NOMASK;
 #ifdef SA_RESTART
  act.sa_flags |= SA_RESTART;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux