On 06/17/2016 07:11 AM, Peter Maydell wrote: > Some architectures require the stack to be executable; notably > this includes MIPS, because the kernel's floating point emulator > may try to put trampoline code on the stack to handle some cases. > (See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815409 > for an example of this causing QEMU to crash.) > > Create a utility function qemu_alloc_stack() which allocates a > block of memory for use as a stack with the correct permissions. > Since we would prefer to make the stack non-executable if we can > as a defence against code execution exploits, we detect whether > the existing stack is mapped executable. Unfortunately this > requires us to grovel through /proc/self/maps to determine the > permissions on it. > > Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> > --- > This method of figuring out the correct perms for the stack is > not exactly pretty; better suggestions welcome. > > NB that this utility function also gives us a handy place to put > code for allocating a guard page at the bottom of the stack, or > mapping it as MAP_GROWSDOWN, or whatever. ... > + /* Some architectures (notably MIPS) require an executable stack, but > + * we would prefer to avoid making the stack executable unnecessarily, > + * to defend against code execution exploits. > + * Check whether the current stack is executable, and follow its lead. > + * Unfortunately to do this we have to wade through /proc/self/maps > + * looking for the stack memory. We default to assuming we need an > + * executable stack and remove the permission only if we can successfully > + * confirm that non-executable is OK. > + */ > + > + prot = PROT_READ | PROT_WRITE | PROT_EXEC; ... > +#else > +static int stack_prot(void) > +{ > + /* Assume an executable stack is needed, since we can't detect it. */ > + return PROT_READ | PROT_WRITE | PROT_EXEC; > +} > +#endif
What about using dl_iterate_phdr, looking for PT_GNU_STACK? That interface is present on a few other hosts besides Linux. But really this is a place that I'd much rather fall back to an ifdef ladder than assume executable permission is required. r~