MT_HIGH_VECTOR mapping set read-only creating illegal access

Nicolas Pitre nico at
Tue Apr 19 23:01:41 EDT 2011

On Tue, 19 Apr 2011, Michael Bohan wrote:

> On 4/19/2011 5:21 PM, Nicolas Pitre wrote:
> > Are you saying that your user space libc was reading at 0xffff0ff0
> > directly?  I hope not, because if you did so, you clearly abused the
> > interface and the contract between user space and the kernel.  Here's
> > what I wrote in the comment right above the related code:
> > 
> >   * These are segment of kernel provided user code reachable from user space
> >   * at a fixed address in kernel memory.  This is used to provide user space
> >   * with some operations which require kernel help because of unimplemented
> >   * native feature and/or instructions in many ARM CPUs. The idea is for
> >   * this code to be executed directly in user mode for best efficiency but
> >   * which is too intimate with the kernel counter part to be left to user
> >   * libraries.  In fact this code might even differ from one CPU to another
> >   * depending on the available  instruction set and restrictions like on
> >   * SMP systems.  In other words, the kernel reserves the right to change
> >   * this code as needed without warning. Only the entry points and their
> >   * results are guaranteed to be stable.
> > 
> > This has been there since April 29th 2005 i.e. 6 years ago.
> Yes, unfortunately Android appears to do this as an 'optimization' in the case
> of dynamically linked execs. That is, it skips the helper code all together.

You should find the persons responsible for this aberration and flame 
them with extreme prejudice!  As if this could make any measurable 
difference on any benchmark...

Either you have the hw reg for TLS and may use it directly, or you use 
the provided helper dammit!  I think I'll just move the implementation 
private 0xffff0ff0 location around just to make sure it breaks any user 
code that wrongly started to abuse this interface.


More information about the linux-arm-kernel mailing list