Seth Arnold wrote: > > On Mon, Sep 09, 2002 at 03:09:51PM -0600, Joseph A. Knapka wrote: > > > > [kernel stack protection using redpages] > > > Iterate over $n processes .. where $n is disturbingly large on some > > > systems. > > Hmm... Why not just look at the stack for "current"? > > It isn't exactly that easy -- adding a red page at the end of the stack > space would need to be implemented in one of two fashions: either > allocate a new redpage in the kernel address space on context switch or > allocate a redpage at task creation time. > > The first method, allocating a redpage on every context switch, is > likely to be hideously expensive, though it would be more conservative > with memory usage. > > The second method, allocating a redpage at task creation time, is > cheaper, but it would throw away a whole page of storage for every task > on the system. On my piddly desktop, that would be throwing away 512k of > memory. (That is a _lot_ of dentries and inodes! :) But you wouldn't need to actually allocate a page, since the storage would never be (successfully) written or read. All you'd need would be a read-only PTE mapping of, say, the cow_zero_page. Actually you wouldn't even need that, all you'd need would be a not-present PTE at the given location. IOW, you merely need to ensure that (a) the task struct and the kernel stack are arranged suitably for this scheme to work (the stack must grow away from the task_struct), and (b) you must ensure that nothing ever uses the virtual page adjacent to the top-of-stack page. (b) -would- be hard in low memory, since there a virtual page is effectively equivalent to a physical page. But if stack pages were allocated using vmalloc or in highmem, it could work without wasting physical memory. Actually, it could be made to work without wastage even in low memory, but it would be painful: when constructing a stack, add the "red" page to a list of "please use these first for vmalloc, because we can't get to them via the physical mapping anymore" pages. Managing that would be tedious and bug-prone, I imagine - special cases for task exit and/or unmapping vmalloced red pages... bleagh. Yeah, that would probably never get in the mainline kernel :-) Cheers, -- Joe "I'd rather chew my leg off than maintain Java code, which sucks, 'cause I have a lot of Java code to maintain and the leg surgery is starting to get expensive." - Me -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
