Re: mprotect



"David T. Ashley" <dta@xxxxxxxx> writes:

#1: The smallest granularity of mprotect() is a page (presumably a virtual
memory page). What guarantee do you have that the area of memory you've
obtained via malloc() spans only one page?

He has a guarantee that his area spans two pages, since he asked
for PAGESIZE+1023

#2: This statement:

p = (char *)(((int) p + PAGESIZE-1) & ~(PAGESIZE-1));

can lead to serious airthmetic trouble if a pointer on your system is bigger
than an integer.

True, but he is (apparenly) on x86, and so can assume
sizeof(int)==sizeof(char*)==4.

#4: This statement:
p = (char *)(((int) p + PAGESIZE-1) & ~(PAGESIZE-1));

seems unnecessary, as the definition of mprotect() inducates it will do this
anyway,

Which definition of mprotect() is that?
The linux one says mprotect will fail if p is not page-aligned.
So does SUSv3:

if (mprotect(p, 1024, PROT_EXEC|PROT_WRITE|PROT_READ)) {

??

This creates an almost guaranteed failure if the memory returned by malloc()
spans a virtual page boundary.

It doesn't since he page-aligned it.

First, you round p down to be modulo PAGESIZE, then you specify a length
which is almost certainly less than or equal to a PAGESIZE, indicating that
you will give permissions to at most one page. If the memory you got via
malloc() is near a page boundary, you are sunk.

Huh? I think you are mistaken.

Summary #1: I don't think you're giving permissions to the pages you want
to.

No, he appears to do exactly as he should. In fact his code follows
example usage given in the Linux "man mprotect".

Summary #2: There still may be other problems because the pages you are
changing the permissions on may contain other things, i.e. you haven't
determined that the pages you're messing with are fully free for you to muck
around with. I believe there are uncovered boundary cases.

The pages he got from malloc() are garanteed to have PROT_READ|PROT_WRITE.
Adding PROT_EXEC shouldn't really cause any problems (though it
may modify behaviour of other buggy code that may try to execute
"malloc data").

Cheers,
--
In order to understand recursion you must first understand recursion.
Remove /-nsp/ for email.
.



Relevant Pages

  • Re: mprotect
    ... What guarantee do you have that the area of memory you've ... obtained via malloc() spans only one page? ... He has a guarantee that his area spans two pages, ...
    (comp.unix.programmer)
  • Re: Memory allocation problem
    ... This means that when malloc() returns non-NULL there is no guarantee ... that the memory really is available. ... This is a really bad bug." ...
    (alt.os.linux)
  • Re: style question,itoa
    ... guarantee that memory is available on Linux (see man 3 malloc). ...
    (comp.unix.programmer)
  • Thank You -- Thomas J. Gritzan
    ... Thomas -- Your suggestion to malloc() out a block of memory was the ... Below are some details of my memory issues ... ... As a work around solution I guessed a ram disk would solve the ... persistence will frustrate the off topic police and give them a target ...
    (comp.lang.c)
  • Re: Simple question about headers and malloc!
    ... Therefore I am making all of its declarations ... memory (using malloc) and then exit back to main. ... allocation, I get data strored from the second allocation... ...
    (microsoft.public.vc.language)