3

I'm using a 32-bit x86 Ubuntu desktop. I looked at the /proc/[pid]/mmaps, and found the stack base address always changes (e.g. 0xbfe76000 in the following case). So I guess the kernel (or the ELF loader) must randomize the stack location every time the process starts.

I'm wondering what/where is the exact code (in kernel or ELF loader) for the stack base address randomization. Cause I want to allocate (e.g. via mmap) a few pages right below 0xC0000000, and I'm just not sure whether there is any possibility the stack could be located at, let's say, 0xbffff000. Thank you!

... ...
b7762000-b7763000 rw-p 00020000 fc:00 1188263    /lib/i386-linux-gnu/ld-2.19.so
bfe55000-bfe76000 rw-p 00000000 00:00 0          [stack]
xiaogw
  • 653
  • 8
  • 18

1 Answers1

0

Not a direct answer (and ASLR machinery has slighty evolved in different kernel versions). Recent 4.6 kernel has several occurrence of aslr string.

But regarding your issue, you could simply query the kernel thru /proc/self/maps to find the stack segments and later use MAP_FIXED flag to mmap to map something outside of these segments.

Basile Starynkevitch
  • 223,805
  • 18
  • 296
  • 547
  • Thank you but that does not totally solve my problem. Cause I want to allocate memory on top of all the user space memory regions. So the best way is to figure out how the stack pages are allocated (I guess the ASLR reserves a range for stack base address, hopefully that range excludes the top most userspace addresses) – xiaogw May 20 '16 at 02:18