| |||||||||||||
The hazards of 32/64-bit compatibilityThe hazards of 32/64-bit compatibilityPosted Sep 23, 2010 16:57 UTC (Thu) by nix (subscriber, #2304)Parent article: The hazards of 32/64-bit compatibility
> This path allows an attacker to write a chosen value to anywhere within the top 31 bits of the kernel address space.
So, is that the top four bytes of the kernel address space, or every 8-billionth byte throughout the address space?
(I suspect what is meant is 'to anywhere within the top half'? Perhaps?)
(I am definitely being too pedantic.)
(Log in to post comments)
The hazards of 32/64-bit compatibility Posted Sep 23, 2010 17:06 UTC (Thu) by nelhage (subscriber, #59579) [Link]
What is meant is the top ~2 billion (2^31) addresses. That is to say, any address accessible via a 31-bit offset from the top of the kernel address space.
The expression "top 31 bits of kernel address space" is a bit jargony, but I suspect most kernel developers would get what it means without thinking too hard.
The hazards of 32/64-bit compatibility Posted Oct 3, 2010 23:00 UTC (Sun) by nix (subscriber, #2304) [Link]
I thought I knew what it meant, too, but the more I thought about it the more the meaning slipped away from me.
The hazards of 32/64-bit compatibility Posted Sep 24, 2010 14:45 UTC (Fri) by price (subscriber, #59790) [Link] The expression "N bits of address space" is used in the kernel tree itself in places like Documentation/x86/x86_64/mm.txt. It's well understood to mean "a region of address space 2^N bytes wide", but is more concise.
|
|||||||||||||