lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20070316114824.a1b3f715.kamezawa.hiroyu@jp.fujitsu.com>
Date:	Fri, 16 Mar 2007 11:48:24 +0900
From:	KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>
To:	KAMEZAWA Hiroyuki <kamezawa.hiroyu@...fujitsu.com>
Cc:	linux-ia64@...r.kernel.org, tony.luck@...el.com,
	linux-kernel@...r.kernel.org, dmosberger@...il.com
Subject: Re: [BUGFIX][PATCH] fixing placement of register stack under ulimit
 -s

plz allow me to explain more.

"Why register-stack/memory-stack upside down is bad" is a bit complicated.
So...this is a test and result for explaining bug. 

This is a sample code and its result on 2.6.21-rc3.
Note: base address of memory'stack can be randomly change.

== sample code ==
[kamezawa@...q ~]$ cat sample.c
#include <stdio.h>

void do_print(int num)
{
        if (num == 0)
                return;
        printf("%d\n",num);
        do_print(num - 1);
}

int main(int argc, char *argv[])
{
        do_print(10000);
        return 0;
}

== before ulimit ==
[kamezawa@...q ~]$ uname -a
Linux drpq 2.6.21-rc3 #3 SMP Fri Mar 16 11:57:47 JST 2007 ia64 ia64 ia64 GNU/Linux
[kamezawa@...q ~]$ ulimit -s
8192
[kamezawa@...q ~]$ ulimit -s -H
unlimited
[kamezawa@...q ~]$ ./sample
10000
9999
....<snip>
1
[kamezawa@...q ~]$
== after ulimit -s 8192 ==

[kamezawa@...q ~]$ ulimit -s
8192
[kamezawa@...q ~]$ ulimit -s -H
8192
[kamezawa@...q ~]$ ./sample  
10000
9999
....<snip>

9612
9611
9610
9609
9608
Segmentation fault

[kamezawa@...q ~]$ ./sample   (when I'm lucky)
10000
9999
....<snip>
1
[kamezawa@...q ~]$
=====================================

This number 9608 is too short to use up all stack. The reason of this is 
"ulimit -s + memory stack randomization + register-stack-expansion" is buggy.
The program can only use one page for register stack if unlucky.
My patch will fix this case.

-Kame








-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ