Subject: Re: ssp and gcc-4.1
To: Andrew Reilly <firstname.lastname@example.org>
From: David Laight <email@example.com>
Date: 11/07/2006 18:42:05
On Tue, Nov 07, 2006 at 04:47:40PM +1100, Andrew Reilly wrote:
> On Mon, Nov 06, 2006 at 08:39:56PM -0500, Thor Lancelot Simon wrote:
> > it will be quite tricky to replace with malloc -- e.g. because it is
> > in the VM system itself, or because it is called from interrupt context
> > but has no graceful way to report an allocation failure.
> Isn't consuming indeterminate quantities of kernel stack space
> in interrupt context an extremely bad idea anyway? What sort of
> use is this, really? It's not as though you can comfortably
> back out on a stack protection fault in that situation...
My thoughts exactly...
Since the kernel has a relatively small stack available, any use of
alloca() must not exceed the available stack size when given the
largest possible size buffer to allocate. Since it is unlikely that
the use of a large buffer in one routine will lead to a smaller buffer
being used further down the call chain (of v.v.), it seems to me that
the use of alloca() itself is just likely to be hiding a kernel stack
overflow that is now data-dependant.
Clearly there is scope for having a small on-stack buffer that is
likely to be large enough for 'normal' requests, and using a larger
malloced (or lock-protected global) buffer when it isn't.
David Laight: firstname.lastname@example.org