svn commit: r226343 - head/sys/vm
Kostik Belousov
kostikbel at gmail.com
Fri Oct 14 18:24:49 UTC 2011
On Thu, Oct 13, 2011 at 06:50:30PM -0400, David Schultz wrote:
> On Thu, Oct 13, 2011, Marcel Moolenaar wrote:
> >
> > On Oct 13, 2011, at 2:07 PM, John Baldwin wrote:
> > >>
> > >> That's really besides the point. ABI changes are made deliberately
> > >> and ABIs must be well-documented for anyone to adhere to it. You
> > >> can't post hoc wave your hand and say that at some unspecified time
> > >> in the past the ABI changed: at what precise time does "supported
> > >> by hardware mean" and how does that tie to a major FreeBSD version?
> > >>
> > >> Point in case: the JDK 1.4.x still works on FreeBSD 9.x (i386), so
> > >> the ABI really hasn't changed at all in that respect.
> > >
> > > I think if you booted a FreeBSD 9.x i386 PAE kernel you'd find that the
> > > jdk did not work. That will be true for any i386 PAE kernel back to
> > > when PG_NX support was introduced.
> >
> > That's bad.
After more thought about the issue, I do not agree with you.
Elf specification says about the PF_R flag that only read permission
for the memory image of the segment is required, but read and execute
is allowed.
In other words, it is a bug in the old jre, which is further confirmed
by the fact that later jres run with non-executable head.
>
> Recent binutils support a PT_GNU_HEAP flag in the ELF header that
> controls whether heap allocations are executable by default. In
> Linux, the flag can be set using an ld option or the execstack(8)
> command. That seems like a better way to go than breaking old
> JVMs or disabling the security feature.
No, recent binutils do not support PT_GNU_HEAD. git grep -e PT_GNU_HEAD
on the up to date checkout of binutils head gives zero matches. There are
indeed PT_GNU_HEAP patches floating around from some hardening projects.
There is indeed PT_GNU_STACK, which we do support.
I want to commit the following refinement:
diff --git a/sys/compat/freebsd32/freebsd32_misc.c b/sys/compat/freebsd32/freebsd32_misc.c
index 6638ec8..fc2932b 100644
--- a/sys/compat/freebsd32/freebsd32_misc.c
+++ b/sys/compat/freebsd32/freebsd32_misc.c
@@ -445,7 +445,7 @@ freebsd32_mprotect(struct thread *td, struct freebsd32_mprotect_args *uap)
ap.len = uap->len;
ap.prot = uap->prot;
#if defined(__amd64__) || defined(__ia64__)
- if (ap.prot & PROT_READ)
+ if (i386_read_exec && (ap.prot & PROT_READ) != 0)
ap.prot |= PROT_EXEC;
#endif
return (sys_mprotect(td, &ap));
@@ -536,7 +536,7 @@ freebsd32_mmap(struct thread *td, struct freebsd32_mmap_args *uap)
#endif
#if defined(__amd64__) || defined(__ia64__)
- if (prot & PROT_READ)
+ if (i386_read_exec && (prot & PROT_READ))
prot |= PROT_EXEC;
#endif
diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
index 669c652..9970386 100644
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@@ -118,11 +118,24 @@ static int elf_legacy_coredump = 0;
SYSCTL_INT(_debug, OID_AUTO, __elfN(legacy_coredump), CTLFLAG_RW,
&elf_legacy_coredump, 0, "");
-static int __elfN(nxstack) = 0;
+static int __elfN(nxstack) =
+#if defined(__amd64__) || defined(__powerpc__) /* both 64 and 32 bit */
+ 1;
+#else
+ 0;
+#endif
SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO,
nxstack, CTLFLAG_RW, &__elfN(nxstack), 0,
__XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": enable non-executable stack");
+#if __ELF_WORD_SIZE == 32
+#if defined(__amd64__) || defined(__ia64__)
+int i386_read_exec = 0;
+SYSCTL_INT(_kern_elf32, OID_AUTO, read_exec, CTLFLAG_RW, &i386_read_exec, 0,
+ "enable execution from readable segments");
+#endif
+#endif
+
static Elf_Brandinfo *elf_brand_list[MAX_BRANDS];
#define trunc_page_ps(va, ps) ((va) & ~(ps - 1))
@@ -1666,7 +1679,7 @@ __elfN(trans_prot)(Elf_Word flags)
prot |= VM_PROT_READ;
#if __ELF_WORD_SIZE == 32
#if defined(__amd64__) || defined(__ia64__)
- if (flags & PF_R)
+ if (i386_read_exec && (flags & PF_R))
prot |= VM_PROT_EXECUTE;
#endif
#endif
diff --git a/sys/sys/sysent.h b/sys/sys/sysent.h
index 6a4b485..3694ceb 100644
--- a/sys/sys/sysent.h
+++ b/sys/sys/sysent.h
@@ -151,6 +152,10 @@ extern struct sysentvec null_sysvec;
extern struct sysent sysent[];
extern const char *syscallnames[];
+#if defined(__amd64__) || defined(__ia64__)
+extern int i386_read_exec;
+#endif
+
#define NO_SYSCALL (-1)
struct module;
diff --git a/sys/vm/vm_unix.c b/sys/vm/vm_unix.c
index d4ea3b7..253ab77 100644
--- a/sys/vm/vm_unix.c
+++ b/sys/vm/vm_unix.c
@@ -141,7 +141,7 @@ sys_obreak(td, uap)
prot = VM_PROT_RW;
#ifdef COMPAT_FREEBSD32
#if defined(__amd64__) || defined(__ia64__)
- if (SV_PROC_FLAG(td->td_proc, SV_ILP32))
+ if (i386_read_exec && SV_PROC_FLAG(td->td_proc, SV_ILP32))
prot |= VM_PROT_EXECUTE;
#endif
#endif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/svn-src-all/attachments/20111014/660e59a9/attachment.pgp
More information about the svn-src-all
mailing list