Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751108AbWELOxY (ORCPT ); Fri, 12 May 2006 10:53:24 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751210AbWELOxX (ORCPT ); Fri, 12 May 2006 10:53:23 -0400 Received: from 167.imtp.Ilyichevsk.Odessa.UA ([195.66.192.167]:57040 "HELO ilport.com.ua") by vger.kernel.org with SMTP id S1751108AbWELOxX (ORCPT ); Fri, 12 May 2006 10:53:23 -0400 From: Denis Vlasenko To: "linux-os \(Dick Johnson\)" Subject: Re: Segfault on the i386 enter instruction Date: Fri, 12 May 2006 17:53:00 +0300 User-Agent: KMail/1.8.2 Cc: "Tomasz Malesinski" , linux-kernel@vger.kernel.org References: <20060512131654.GB2994@duch.mimuw.edu.pl> <200605121720.13820.vda@ilport.com.ua> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200605121753.00978.vda@ilport.com.ua> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1723 Lines: 45 On Friday 12 May 2006 17:42, linux-os (Dick Johnson) wrote: > >>> enter $10008, $0 > >>> # pushl %ebp > >>> # movl %esp,%ebp > >>> # subl $10008,%esp > >>> addl $-12,%esp > >> ^^^^^^^^^^^^^^____________ WTF > >> adding a negative number is subtracting that positive value. > >> You just subtracted 0xfffffff3 (on a 32-bit machine) from > >> the stack pointer. It damn-well better seg-fault! > > > > No. Try it yourself. > > -- > > vda > > It doesn't matter. It means that you still own the space there > (it's mapped into your process). The code is bogus, broken beyond > all repair. It has nothing to do with 'enter' it has to do with > putting the stack pointer (wrapping it) to somewhere it shouldn't > be. The stack pointer is normally around 0xafff0000. It just got > wrapped down past zero up to fafff00d, then stuff got pushed > onto it for the call. Obviously you (a) Don't want to actually try to compile and run it. It will run. For Tomasz, it runs ok with 3-insn instruction sequence instead of enter. For me, it works just fine with enter. But it works. Why do you think it is not enough? (b) can't do 32-bit math. You made two mistakes. -12 is 0xfffffff4, not 0xfffffff3. 0xafff0000 + 0xfffffff4 = 0xaffefff4, not 0xfafff00d and (c) do not realize that 32bit i386+ CPUs check segment limits AFTER performing 32bit math (i.e. overflow into 33th bit is truncated instead of triggering limit violation) -- vda - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/