Re: Non-Exec stack patches

From: John Reiser
Date: Wed Mar 24 2004 - 11:40:08 EST

Next message: Greg KH: "Re: [PATCH 2.6 RFT] add class support to floppy tape driver zftape-init.c"
Previous message: Martin J. Bligh: "Re: [PATCH] anobjrmap 1/6 objrmap"
In reply to: David Mosberger: "Re: Non-Exec stack patches"
Next in thread: David Mosberger: "Re: Non-Exec stack patches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jakub> but it is still possible some language interpreter or
Jakub> something builds code on the fly on the stack).

David> That's why there is mprotect().

But mprotect() costs enough (hundreds of cycles) to be a significant burden
in some cases. Generating code to a stack region that is inherently
executable is inexpensive (even allowing for restrictive alignment and
avoiding I/D cache conflicts), is thread safe, is async-signal safe, and
takes less work than other alternatives. Yes, the "black hats" do this;
so do the "white hats." Please do not increase the minimum cost for
applications that want generate-and-execute on the stack at upredictable
high frequency.

--
John Reiser, jreiser@xxxxxxxxxxxx

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: [PATCH 2.6 RFT] add class support to floppy tape driver zftape-init.c"
Previous message: Martin J. Bligh: "Re: [PATCH] anobjrmap 1/6 objrmap"
In reply to: David Mosberger: "Re: Non-Exec stack patches"
Next in thread: David Mosberger: "Re: Non-Exec stack patches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]