Re: Non-Exec stack patches

From: John Reiser
Date: Wed Mar 24 2004 - 11:40:08 EST

Jakub> but it is still possible some language interpreter or
Jakub> something builds code on the fly on the stack).

David> That's why there is mprotect().

But mprotect() costs enough (hundreds of cycles) to be a significant burden
in some cases. Generating code to a stack region that is inherently
executable is inexpensive (even allowing for restrictive alignment and
avoiding I/D cache conflicts), is thread safe, is async-signal safe, and
takes less work than other alternatives. Yes, the "black hats" do this;
so do the "white hats." Please do not increase the minimum cost for
applications that want generate-and-execute on the stack at upredictable
high frequency.

John Reiser, jreiser@xxxxxxxxxxxx

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at