From: "Vincent W. Freeh" <vin@csc.ncsu.edu>
To: linux-kernel@vger.kernel.org
Subject: Re: Understanding Linux addr space, malloc, and heap
Date: Fri, 21 Oct 2005 11:37:07 -0400 [thread overview]
Message-ID: <43590B23.2090101@csc.ncsu.edu> (raw)
In-Reply-To: <1129908179.2786.23.camel@laptopd505.fenrus.org>
The point of the code is to show that one can protect malloc code. It
is a short example. It is not my application. The comments criticising
the code are the beside the point.
One can mprotect malloc'd pages. My code does it. The mprotect man
page does it.
But I can't mprotect the 66th page I malloc. And mprotect fails SILENTLY!
Is this interesting or not? Does anyone understand why?
Thanks,
vince.
Arjan van de Ven wrote:
> On Fri, 2005-10-21 at 11:11 -0400, Vincent W. Freeh wrote:
>
>>Arjan van de Ven wrote:
>>
>>>On Fri, 2005-10-21 at 09:45 -0400, Vincent W. Freeh wrote:
>>>
>>>
>>>>Thanks for your quick response. It basically confirmed that I observed
>>>>what I thought I did. However, I am no closer to solving my problem. I
>>>>cannot mprotect data that I malloc beyond the first 65 pages.
>>>
>>>
>>>you can't mprotect malloc() memory period ..
>>
>>Actually, I can and do. Simple program at end.
>
>
> Ok I meant in the "while adhering to the standard" :)
>
>
>
>>I call mprotect and it return 0--meaning it succeeded. But the
>>permissions on the page remain rw. So it fails to change the
>>permissions, but doesn't give any indication of this.
>>
>>Thanks,
>>vince.
>>
>>------------------
>>#include <stdio.h>
>>#include <stdlib.h>
>>#include <sys/mman.h>
>>#include <unistd.h>
>>
>>int main(int argc, char *argv[])
>>{
>> void *p;
>> int pgsize = getpagesize();
>>
>> p = malloc(1024);
>> mprotect((void*)((unsigned)p & ~(pgsize-1)), 1024, PROT_NONE);
>> printf("\t*p = %d\n", *(int *)p);
>> return 0;
>>}
>
>
> this has a bug, the 1024 is wrong... what if your "p" point actually
> spans 2 pages?
>
> but to have "some effect" even for malloc-falling-back-to-mmap..
> just there's a bunch of collateral damage since you mprotect more than
> just the memory you got from malloc. mprotect works on page size.. so if
> p spans 2 pages (why wouldn't it ;) you mprotect either the wrong memory
> (as in your example) or too much (eg both pages)...
>
>
next prev parent reply other threads:[~2005-10-21 15:37 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-21 13:45 Understanding Linux addr space, malloc, and heap Vincent W. Freeh
2005-10-21 14:03 ` Arjan van de Ven
2005-10-21 15:11 ` Vincent W. Freeh
2005-10-21 15:20 ` Anton Altaparmakov
2005-10-21 15:21 ` Paulo Marques
2005-10-21 15:22 ` Arjan van de Ven
2005-10-21 15:37 ` Vincent W. Freeh [this message]
2005-10-21 15:48 ` Arjan van de Ven
2005-10-21 16:04 ` Vincent W. Freeh
2005-10-21 16:23 ` Arjan van de Ven
2005-10-21 15:52 ` Kyle Moffett
2005-10-21 16:10 ` Vincent W. Freeh
2005-10-21 16:19 ` Theodore Ts'o
2005-10-21 16:26 ` Paulo Marques
2005-10-21 16:14 ` Andreas Schwab
2005-10-21 16:24 ` Vincent W. Freeh
2005-10-22 19:27 ` Kyle Moffett
2005-10-21 15:37 ` Alex Bligh - linux-kernel
2005-10-21 15:47 ` Arjan van de Ven
2005-10-21 15:58 ` Paulo Marques
[not found] <505ru-8qi-1@gated-at.bofh.it>
[not found] ` <505Lp-B4-81@gated-at.bofh.it>
[not found] ` <506QZ-2cH-3@gated-at.bofh.it>
[not found] ` <5070Y-2qP-23@gated-at.bofh.it>
[not found] ` <507ac-2Cm-25@gated-at.bofh.it>
[not found] ` <507NL-3Em-29@gated-at.bofh.it>
[not found] ` <507Xd-3QT-19@gated-at.bofh.it>
[not found] ` <50xnU-7s2-37@gated-at.bofh.it>
2005-10-23 10:41 ` Bodo Eggert
2005-10-23 10:44 ` Arjan van de Ven
2005-10-23 21:29 ` Kyle Moffett
-- strict thread matches above, loose matches on Subject: below --
2005-10-21 12:46 Vincent W. Freeh
2005-10-21 13:00 ` Arjan van de Ven
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43590B23.2090101@csc.ncsu.edu \
--to=vin@csc.ncsu.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.