Re: Non-Exec stack patches

From: David Mosberger
Date: Wed Mar 24 2004 - 12:13:57 EST

>>>>> On Wed, 24 Mar 2004 08:29:24 -0800, John Reiser <jreiser@xxxxxxxxxxxx> said:

Jakub> but it is still possible some language interpreter or
Jakub> something builds code on the fly on the stack).

David> That's why there is mprotect().

John> But mprotect() costs enough (hundreds of cycles) to be a
John> significant burden in some cases. Generating code to a stack
John> region that is inherently executable is inexpensive (even
John> allowing for restrictive alignment and avoiding I/D cache
John> conflicts), is thread safe, is async-signal safe, and takes
John> less work than other alternatives. Yes, the "black hats" do
John> this; so do the "white hats." Please do not increase the
John> minimum cost for applications that want generate-and-execute
John> on the stack at upredictable high frequency.

Huh? Only one mprotect() call is needed to make the entire stack

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at