Re: [RFC] Enable nxstack by default

From: Kostik Belousov <kostikbel_at_gmail.com> Date: Tue, 18 Oct 2011 12:07:50 +0300 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:19 UTC

On Mon, Oct 17, 2011 at 09:30:56PM +0200, Oliver Pinter wrote:
> Hi all!
> 
> I think, it's the time to enable the nxstack feature. Any comments,
> pros, cons?

I dragged the change long enough for it to miss the 9.0.
After the 9.0 is released, I will flip the switch with the following
change.

diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
index 8455f48..926fe64 100644
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
_at__at_ -118,7 +118,12 _at__at_ static int elf_legacy_coredump = 0;
 SYSCTL_INT(_debug, OID_AUTO, __elfN(legacy_coredump), CTLFLAG_RW, 
     &elf_legacy_coredump, 0, "");

-static int __elfN(nxstack) = 0;
+int __elfN(nxstack) =
+#if defined(__amd64__) || defined(__powerpc64__) /* both 64 and 32 bit */
+	1;
+#else
+	0;
+#endif
 SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO,
     nxstack, CTLFLAG_RW, &__elfN(nxstack), 0,
     __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": enable non-executable stack");
diff --git a/sys/powerpc/aim/mmu_oea64.c b/sys/powerpc/aim/mmu_oea64.c
index 7500462..0e27351 100644
--- a/sys/powerpc/aim/mmu_oea64.c
+++ b/sys/powerpc/aim/mmu_oea64.c
_at__at_ -1445,6 +1445,8 _at__at_ moea64_uma_page_alloc(uma_zone_t zone, int bytes, u_int8_t *flags, int wait)
 	return (void *)va;
 }

+extern int elf32_nxstack;
+
 void
 moea64_init(mmu_t mmu)
 {
_at__at_ -1464,6 +1466,8 _at__at_ moea64_init(mmu_t mmu)
 		uma_zone_set_allocf(moea64_mpvo_zone,moea64_uma_page_alloc);
 	}

+	elf32_nxstack = 1;
+
 	moea64_initialized = TRUE;
 }

diff --git a/sys/powerpc/booke/machdep.c b/sys/powerpc/booke/machdep.c
index c2b5e6f..82a37e1 100644
--- a/sys/powerpc/booke/machdep.c
+++ b/sys/powerpc/booke/machdep.c
_at__at_ -192,6 +192,8 _at__at_ void print_kernel_section_addr(void);
 void print_kenv(void);
 u_int booke_init(uint32_t, uint32_t);

+extern int elf32_nxstack;
+
 static void
 cpu_e500_startup(void *dummy)
 {
_at__at_ -227,6 +229,9 _at__at_ cpu_e500_startup(void *dummy)
 	/* Set up buffers, so they can be used to read disk labels. */
 	bufinit();
 	vm_pager_bufferinit();
+
+	/* Cpu supports execution permissions on the pages. */
+	elf32_nxstack = 1;
 }

 static char *