[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Re: Stack Overflow Protection

On Sat, Dec 06, 2003 at 12:33:04PM +0100, Bernhard Walle wrote:
> But: What does the Kernel Stack Protection do, where can I read
> something about this?

It just does a quick check on every hardware interrupt whether there is less
than 1KB of stack space free, and if this is the case, prints a warning
message. The code for this is quite simple. For example everything for i386
architecture is:

        long esp;

        /* Debugging check for stack overflow: is there less than 1KB free? */
        __asm__ __volatile__("andl %%esp,%0" : "=r" (esp) : "0" (8191));
        if (unlikely(esp < (sizeof(struct task_struct) + sysctl_stackwarn))) {
                static unsigned long next_jiffies;      /* ratelimiting */
                static long least_esp = THREAD_SIZE;

                if (time_after(jiffies, next_jiffies) || (esp < least_esp)) {
                        least_esp = esp;
                        next_jiffies = jiffies + 5*HZ;
                        printk("WARNING: do_IRQ: near stack overflow: %ld\n",
                                esp - sizeof(struct task_struct));

This next_jiffies stuff is just to prevent that the same message is printed
hundreds of thousand times in a row.


Robert Schiele			Tel.: +49-621-181-2517
Dipl.-Wirtsch.informatiker	mailto:rschiele@xxxxxxxxxxxxxxx

Attachment: pgpyURWuUVJAH.pgp
Description: PGP signature