On Thu, 2008-04-24 at 21:09 +0530, sahlot arvind wrote: > I feel there are two stacks for security reasons but I dont know what > they are precisely. there are both read and write security questions.. on the read side you're concerned about data you leave behind (or the cost of zeroing it) - remember that linux doesn't even take the penalty of save/restore of the floating point registers, and the stack trick would be much bigger. on the write side you should be really concerned about taking the userspace settable stackpointer as an address to start pushing stuff onto - what if it isn't really the stack pointer, or if there isn't at least 4KB mapped after the value passed in? I guess you could validate the next 4KB of stack on every switch to kernelspace the same way copy_to_user does now.. but it is going to slow down the gettimeofday() benchmark ;) beyond that there are serious paging issues.. kernel stacks are normally in lowmem and can't be swapped out - but that's not true of userspace stacks.. what if it wasn't even swapped in when the kernel code ran? you could take a page fault (and reschedule) just touching the stack frame, maybe while holding a spinlock or something along those lines. Bad news. -Patrick -- www.ducksong.com -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
