From: Brian Gerst <bgerst@didntduck.org>
To: Chris Lattner <sabre@nondot.org>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [x86] Access off the bottom of stack causes a segfault?
Date: Tue, 14 Oct 2003 14:42:19 -0400 [thread overview]
Message-ID: <3F8C438B.9040802@didntduck.org> (raw)
In-Reply-To: <Pine.LNX.4.44.0310141320020.3869-100000@nondot.org>
Chris Lattner wrote:
>My compiler is generating accesses off the bottom of the stack (address
>below %esp). Is there some funny kernel interaction that I should be
>aware of with this? I'm periodically getting segfaults.
>
>Example:
>
>int main() {
> int test[4000];
>...
> return 0;
>}
>
>Generated code:
> .intel_syntax
>...
>main:
> mov DWORD PTR [%ESP - 16004], %EBP # Save EBP to stack
> mov %EBP, %ESP # Set up EBP
> sub %ESP, 16004 # Finally adjust ESP
> lea %EAX, DWORD PTR [%EBP - 16000] # Get the address of the array
>...
> mov %EAX, 0 # Setup return value
> mov %ESP, %EBP # restore ESP
> mov %EBP, DWORD PTR [%ESP - 16004] # Restore EBP from stack
> ret
>
>This seems like perfectly valid X86 code (though unconventional), but it
>is causing segfaults pretty consistently (on the first instruction).
>Does the linux kernel assume that page faults will be above the stack
>pointer if the stack needs to be expanded?
>
>Thanks,
>
>-Chris
>
>
>
From arch/i386/mm/fault.c:
/*
* accessing the stack below %esp is always a bug.
* The "+ 32" is there due to some instructions (like
* pusha) doing post-decrement on the stack and that
* doesn't show up until later..
*/
if (address + 32 < regs->esp)
goto bad_area;
--
Brian Gerst
next prev parent reply other threads:[~2003-10-14 18:42 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-14 18:31 [x86] Access off the bottom of stack causes a segfault? Chris Lattner
2003-10-14 18:37 ` Davide Libenzi
2003-10-14 19:00 ` Chris Lattner
2003-10-14 18:45 ` Davide Libenzi
2003-10-14 19:28 ` Richard B. Johnson
2003-10-14 19:48 ` Chris Lattner
2003-10-17 23:55 ` Jamie Lokier
2003-10-14 20:47 ` Mikael Pettersson
2003-10-14 18:42 ` Brian Gerst [this message]
2003-10-14 18:49 ` Chris Lattner
2003-10-14 18:42 ` Petr Vandrovec
2003-10-14 19:02 ` Chris Lattner
2003-10-14 19:18 ` Richard B. Johnson
2003-10-14 20:43 ` H. Peter Anvin
2003-10-17 0:23 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F8C438B.9040802@didntduck.org \
--to=bgerst@didntduck.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sabre@nondot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.