lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 15 Mar 2007 09:57:28 -0600
From:	"David Mosberger-Tang" <dmosberger@...il.com>
To:	"KAMEZAWA Hiroyuki" <kamezawa.hiroyu@...fujitsu.com>
Cc:	"linux-ia64@...r.kernel.org" <linux-ia64@...r.kernel.org>,
	"tony.luck@...el.com" <tony.luck@...el.com>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [BUGFIX][PATCH] fixing placement of register stack under ulimit -s

But aren't you going to be limited to less than a page worth of
register-backing store even with your patch applied because the
backing store will end up overflowing the memory stack?

  --david

On 3/15/07, KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com> wrote:
> This patch fixes ia64's bug in ulimit -s handling. against 2.6.21-rc3.
>
> At first,the address of register stack is defined by this
> == ia64_set_rbs_bot()
> unsigned long stack_size = current->signal->rlim[RLIMIT_STACK].rlim_max & -16;
>
>         if (stack_size > MAX_USER_STACK_SIZE)
>                 stack_size = MAX_USER_STACK_SIZE;
>         current->thread.rbs_bot = STACK_TOP - stack_size;
> }
> ==
> default rlim[RLIMIT_STACK].rlim_max is very big.
>
> If ulimit -s is used, rlim_max can be small. As a result, rbs_bot can be
> very high address. Because of stack-address-randomize, there is a case that
> "regiter stack" is placed in the higher address than "memory stack".
> == example...
> [kamezawa@...q linux-2.6.21-rc2]$ ulimit -s
> 8192
> [kamezawa@...q linux-2.6.21-rc2]$ cat /proc/self/maps
> 00000000-00004000 r--p 00000000 00:00 0
> 2000000000000000-2000000000038000 r-xp 00000000 08:02 5991525            /lib/ld-2.5.so
> 2000000000044000-2000000000050000 rw-p 00034000 08:02 5991525            /lib/ld-2.5.so
> 2000000000064000-20000000002c8000 r-xp 00000000 08:02 5990699            /lib/libc-2.5.so
> 20000000002c8000-20000000002d4000 ---p 00264000 08:02 5990699            /lib/libc-2.5.so
> 20000000002d4000-20000000002e0000 rw-p 00260000 08:02 5990699            /lib/libc-2.5.so
> 20000000002e0000-20000000002ec000 rw-p 20000000002e0000 00:00 0
> 20000000002ec000-2000000003a24000 r--p 00000000 08:02 9472842            /usr/lib/locale/locale-archive
> 4000000000000000-4000000000008000 r-xp 00000000 08:02 4157490            /bin/cat
> 6000000000004000-600000000000c000 rw-p 00004000 08:02 4157490            /bin/cat
> 600000000000c000-6000000000030000 rw-p 600000000000c000 00:00 0          [heap]
> 60000fffff5f4000-60000fffff648000 rw-p 60000fffff5f4000 00:00 0          [stack]
> 60000fffff7fc000-60000fffff800000 rw-p 60000fffff7fc000 00:00 0          (*)
> a000000000000000-a000000000020000 ---p 00000000 00:00 0                  [vdso]
> (*) is register stack.
> ==
> This register-stack/memory-stack upside down is not expected.
> Current ia64 page fault handler doesn't handle this case. In this case,
> register stack expansion causes SEGV.
> This means that the user program can use only 1 page for its register stack.
>
> This patch fixes the above case by moving register stack to suitable place.
> Note) fixing page fault handler seems to be another way...but a bit complicated.
>
> Signed-off-by: KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>
> ---
> Index: linux-2.6.21-rc3/arch/ia64/mm/init.c
> ===================================================================
> --- linux-2.6.21-rc3.orig/arch/ia64/mm/init.c
> +++ linux-2.6.21-rc3/arch/ia64/mm/init.c
> @@ -155,7 +155,7 @@ ia64_set_rbs_bot (void)
>
>         if (stack_size > MAX_USER_STACK_SIZE)
>                 stack_size = MAX_USER_STACK_SIZE;
> -       current->thread.rbs_bot = STACK_TOP - stack_size;
> +       current->thread.rbs_bot = PAGE_ALIGN(current->mm->start_stack - stack_size);
>  }
>
>  /*
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-ia64" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>


-- 
Mosberger Consulting LLC, http://www.mosberger-consulting.com/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists