Re: Linux kernel patch to remove stack exec permission

Mike Meissner (meissner@cygnus.com)
Tue, 15 Apr 1997 12:52:07 -0400

terry jones writes:
|
| is there a one-sentence description of what a trampoline is?
| i studied compilers (and wrote a nearly complete pascal
| compiler from scratch), but until a couple of days ago
| had never heard of trampolines...
|
| thanks! don't waste time over it though (of course)
|
| Terry Jones (terry@teclata.es).

Since I've gotten more than one request for what trampolines are, I'm
posting it to the whole mailing list.

Normal C functions are not nested.

GNU C adds nested functions (ala Pascal) that can modify variables in
the outer functions:

int outer(){
int i = 0;

void inner () {
i = 1;
}

inner ();
return i;
}

The compiler, when calling a nested function, passes in a register
its own stack frame, which is known as the static chain.

In addition, you can pass the address of a nested function:

int outer() {
int i = 0;

void inner () {
i++;
}

other_func (inner);
return i;
}

However, you have a problem, because the static chain is not passed,
and so inner could clobber random memory or segfault. So what the
compiler does is construct what it calls a trampoline on the stack
that has executable code in it to load the static chain and jump to
the real function. You can't use static storage for the trampoline,
since the outer function might be called recursively. You can't use
malloc'ed storage for the trampoline, since a longjmp would not free
the allocated blocks.

-- 
Michael Meissner, Cygnus Solutions (East Coast)
4th floor, 955 Massachusetts Avenue, Cambridge, MA 02139, USA
meissner@cygnus.com,	617-354-5416 (office),	617-354-7161 (fax)