Re: [RFC] Enable nxstack by default

From: Garrett Cooper <yanegomi_at_gmail.com>
Date: Tue, 18 Oct 2011 09:35:00 -0700
On Oct 18, 2011, at 9:26 AM, Arnaud Lacombe wrote:

> Hi,
> 
> On Tue, Oct 18, 2011 at 11:44 AM, Garrett Cooper <yanegomi_at_gmail.com> wrote:
>> On Tue, 18 Oct 2011, Arnaud Lacombe wrote:
>> 
>>> Hi,
>>> 
>>> On Tue, Oct 18, 2011 at 5:07 AM, Kostik Belousov <kostikbel_at_gmail.com>
>>> wrote:
>>>> 
>>>> On Mon, Oct 17, 2011 at 09:30:56PM +0200, Oliver Pinter wrote:
>>>>> 
>>>>> Hi all!
>>>>> 
>>>>> I think, it's the time to enable the nxstack feature. Any comments,
>>>>> pros, cons?
>>>> 
>>>> I dragged the change long enough for it to miss the 9.0.
>>>> After the 9.0 is released, I will flip the switch with the following
>>>> change.
>>>> 
>>>> diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
>>>> index 8455f48..926fe64 100644
>>>> --- a/sys/kern/imgact_elf.c
>>>> +++ b/sys/kern/imgact_elf.c
>>>> _at__at_ -118,7 +118,12 _at__at_ static int elf_legacy_coredump = 0;
>>>>  SYSCTL_INT(_debug, OID_AUTO, __elfN(legacy_coredump), CTLFLAG_RW,
>>>>     &elf_legacy_coredump, 0, "");
>>>> 
>>>> -static int __elfN(nxstack) = 0;
>>>> +int __elfN(nxstack) =
>>>> +#if defined(__amd64__) || defined(__powerpc64__) /* both 64 and 32 bit
>>>> */
>>>> 
>>> Why leaving 32bits x86 CPU supporting the NX feature behind ?
>> 
>> Most likely because it was assumed that i386 doesn't fully support it.
>> According to ye great Wikipedia, NX support didn't roll into i386 until
>> Prescott, which was pretty late in the non-64-bit capable family of CPUs, as
>> its successor -- Conroe -- was 64-bit. Intel detuned some of the early Dual
>> Core Pentiums, e.g. the Yonahs to not talk 64-bit. Not sure about AMD.
>> 
>> There are probably more details in binutils, gcc, etc, that I'm missing and
>> Kostik can expound on.
>> 
> NX support is advertised in the cpuid flags, just add the logic to
> handle this interface. Kostik's patch is just incomplete, but he's got
> a commit bit so he can commit it as-is, as he will.
> 
> If nonexec_stack becomes the default, it should be on every CPU
> supporting the feature, not just the low-hanging one.

It gets a bit trickier because now you're putting MD code into MI code, but that should be easy enough to abstract out into amd64, i386, etc.

Still wondering if the toolchain is lacking support though, because I remember a few committers (dim?, kib?) making some modifications in order to get NX working about a year ago.

-Garrett
Received on Tue Oct 18 2011 - 14:35:05 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:19 UTC