Re: [PATCH v5] powerpc: Do not make the entire heap executable

* Jason Gunthorpe: > Eg that 32 bit powerpc currently unconditionally injects writable, > executable pages into a user space process. > > This critically undermines all the W^X security work that has been > done in the tool chain and user space by the PPC community. Exactly, this is how we found

ppc64 sbrk returns executable heap in 32-bit emulation mode

We noticed that on ppc64, the sbrk system call in the 32-bit subsystem returns executable memory. I assume it is related to this, in arch/powerpc/include/asm/page.h: /* * Unfortunately the PLT is in the BSS in the PPC32 ELF ABI, * and needs to be executable. This means the whole heap ends

Re: ppc64 sbrk returns executable heap in 32-bit emulation mode

On 05/16/2016 08:24 AM, Alan Modra wrote: On Thu, May 12, 2016 at 03:41:09PM +0200, Florian Weimer wrote: We noticed that on ppc64, the sbrk system call in the 32-bit subsystem returns executable memory. I assume it is related to this, in arch/powerpc/include/asm/page.h: /* * Unfortunately

Re: ppc64 sbrk returns executable heap in 32-bit emulation mode

On 05/16/2016 10:49 AM, Andreas Schwab wrote: (If I'm wrong about heap+stack needing the same protection then I can't think of any reason to require an executable heap.) The heap and the BSS initially share the same page. But my test says that at least part of .bss in the main executable is

Re: ppc64 sbrk returns executable heap in 32-bit emulation mode

On 05/16/2016 11:09 AM, Andreas Schwab wrote: Florian Weimer writes: But my test says that at least part of .bss in the main executable is *not* executable. Build with -mbss-plt -Wl,--bss-plt. This gives me: FAIL exec .bss data (unexpected result) FAIL exec .data (unexpected result

Re: [PATCH v4 17/29] arm64: implement PKEYS support

* Szabolcs Nagy: >> A user can still set it by interacting with the register directly, but I >> guess >> we want something for the glibc interface.. >> >> Dave, any thoughts here? > > adding Florian too, since i found an old thread of his that tried > to add separate PKEY_DISABLE_READ and PKEY_D

Re: [PATCH v4 17/29] arm64: implement PKEYS support

* Szabolcs Nagy: >> However, does it matter much? That's only for the initial setup, the >> user can then change the permissions directly via the sysreg. So maybe >> we don't need all those combinations upfront. A PKEY_DISABLE_EXECUTE >> together with the full PKEY_DISABLE_ACCESS would probably su

Re: [PATCH Linux] powerpc: add documentation for HWCAPs

* Nicholas Piggin: > +2. Facilities > +- > +The Power ISA uses the term "facility" to describe a class of instructions, > +registers, interrupts, etc. The presence or absence of a facility indicates > +whether this class is available to be used, but the specifics depend on the > +ISA v

<    1   2