Re: Differences between zelenka and zandonai

To: Mike Hommey <mh@glandium.org>
Cc: debian-s390@lists.debian.org
Subject: Re: Differences between zelenka and zandonai
From: Philipp Kern <pkern@debian.org>
Date: Sun, 31 Oct 2010 10:38:06 +0100
Message-id: <[🔎] 20101031093806.GA6499@thrall.0x539.de>
In-reply-to: <[🔎] 20101031075410.GA4126@glandium.org>
References: <[🔎] 20101031075410.GA4126@glandium.org>

Mike,

am Sun, Oct 31, 2010 at 08:54:10AM +0100 hast du folgendes geschrieben:
> Firefox uses a technique they call "frame poisoning" to mitigate
> dangling pointer bugs. It reserves a poison area at a fixed location
> in the address space (and tries other places if that can't be done)
> and makes dangling pointers point there so that the application ends
> up crashing instead of being exploitable.
> 
> There is validation test in their test suite that verifies if that
> technique works properly. While upstream version doesn't support s390,
> adding support for it is pretty straightforward. The only problem I have
> now is that while this works properly on zelenka, it doesn't work on
> zandonai during the test suite run part of the build.
> 
> Is there a difference in the kernel or hardware that would explain this
> behaviour?

they are hosted on the same physical box, so there's no difference in hardware
at all.  However, zandonai runs a backports kernel (2.6.32-bpo.5-s390x), and
zelenka runs a release kernel (2.6.26-2-s390x).  I don't know why that is.

> I'm attaching the test program in question. It can be simply built with
> g++ -o TestPoisonArea TestPoisonArea.cpp

Simly compiling and running it does seem to work, however.

(sid-s390-sbuild)buildd@zandonai:/build$ g++ -o TestPoisonArea TestPoisonArea.cpp
(sid-s390-sbuild)buildd@zandonai:/build$ ./TestPoisonArea
INFO | negative control allocated at 0x77fd9000
INFO | positive control allocated at 0x77cac000
INFO | poison area assumed at 0xf0dea000 (preferred addr)
TEST-PASS | reading negative control
TEST-PASS | executing negative control
TEST-PASS | writing negative control
TEST-PASS | reading positive control | Segmentation fault
TEST-PASS | executing positive control | Segmentation fault
TEST-PASS | writing positive control | Segmentation fault
TEST-PASS | reading poison area | Segmentation fault
TEST-PASS | executing poison area | Segmentation fault
TEST-PASS | writing poison area | Segmentation fault

Kind regards,
Philipp Kern

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Differences between zelenka and zandonai
  - From: Mike Hommey <mh@glandium.org>

References:
- Differences between zelenka and zandonai
  - From: Mike Hommey <mh@glandium.org>

Prev by Date: Differences between zelenka and zandonai
Next by Date: Re: Differences between zelenka and zandonai
Previous by thread: Differences between zelenka and zandonai
Next by thread: Re: Differences between zelenka and zandonai
Index(es):
- Date
- Thread