Re: Non-Exec stack patches
From: Jakub Jelinek
Date: Wed Mar 24 2004 - 12:29:42 EST
On Wed, Mar 24, 2004 at 09:12:30AM -0800, David Mosberger wrote:
> David> That's why there is mprotect().
> John> But mprotect() costs enough (hundreds of cycles) to be a
> John> significant burden in some cases. Generating code to a stack
> John> region that is inherently executable is inexpensive (even
> John> allowing for restrictive alignment and avoiding I/D cache
> John> conflicts), is thread safe, is async-signal safe, and takes
> John> less work than other alternatives. Yes, the "black hats" do
> John> this; so do the "white hats." Please do not increase the
> John> minimum cost for applications that want generate-and-execute
> John> on the stack at upredictable high frequency.
> Huh? Only one mprotect() call is needed to make the entire stack
Nope. Think about multithreaded apps. Furthermore, getting the exact
extents of the particular stack is difficult to find for applications,
but e.g. the threading library has to know such things.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/