32 bit userland on G5

32 bit userland on G5

[Johannes Berg]

[-- Attachment #1: Type: text/plain, Size: 413 bytes --]

Hi,

Since apparently the G5 honours no-execute permissions, shouldn't the 64
bit kernel set the READ_IMPLIES_EXEC personality flag for 32-bit
userland?

The memory being execute-protected is causing a mono bug
(http://bugzilla.ximian.com/show_bug.cgi?id=77028) but I'm not sure
where the correct fix would be, currently the kernel doesn't seem to be
behaving exactly the same on G4 and G5.

johannes

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 793 bytes --]

Re: 32 bit userland on G5

[David Woodhouse]

On Tue, 2006-06-13 at 12:25 +0200, Johannes Berg wrote:
> Since apparently the G5 honours no-execute permissions, shouldn't the 64
> bit kernel set the READ_IMPLIES_EXEC personality flag for 32-bit
> userland?

Why? Just because older hardware wasn't capable of enforcing the
permissions, that doesn't mean that we shouldn't enforce them now.

-- 
dwmw2

Re: 32 bit userland on G5

[Johannes Berg]

[-- Attachment #1: Type: text/plain, Size: 361 bytes --]

On Tue, 2006-06-13 at 13:45 +0100, David Woodhouse wrote:

> Why? Just because older hardware wasn't capable of enforcing the
> permissions, that doesn't mean that we shouldn't enforce them now.

Yeah, I was just thinking that there are programs relying on that and if
they run in the 32-bit compat mode they might rightfully do so... Dunno.

johannes

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 793 bytes --]

Re: 32 bit userland on G5

[David Woodhouse]

On Tue, 2006-06-13 at 18:05 +0200, Johannes Berg wrote:
> Yeah, I was just thinking that there are programs relying on that and if
> they run in the 32-bit compat mode they might rightfully do so... Dunno. 

Nah. It isn't a valid assumption; just as it isn't valid to assume that
your stack will _always_ be at about 0xbfffffff. 

-- 
dwmw2

Re: 32 bit userland on G5

[Johannes Berg]

[-- Attachment #1: Type: text/plain, Size: 278 bytes --]

On Tue, 2006-06-13 at 17:15 +0100, David Woodhouse wrote:

> Nah. It isn't a valid assumption; just as it isn't valid to assume that
> your stack will _always_ be at about 0xbfffffff. 

Ok.

Just curious though: Why does READ_IMPLIES_EXEC exist at all then?

johannes

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 793 bytes --]

Re: 32 bit userland on G5

[Paul Mackerras]

Johannes Berg writes:

> Since apparently the G5 honours no-execute permissions, shouldn't the 64
> bit kernel set the READ_IMPLIES_EXEC personality flag for 32-bit
> userland?

The elf_read_implies_exec() macro in include/asm-powerpc/elf.h
achieves the same effect, I believe.

Paul.

Re: 32 bit userland on G5

[Paul Mackerras]

David Woodhouse writes:

> Why? Just because older hardware wasn't capable of enforcing the
> permissions, that doesn't mean that we shouldn't enforce them now.

Historically the PPC32 ELF ABI has used an executable PLT, containing
instructions constructed at runtime, located next to the BSS, and
without the corresponding program header entry indicating execute
permission.  Alan Modra devised a new way of doing the PLT which
doesn't require it to be executable, but of course it is only used in
programs that have been built since the new method went into the
toolchain (in fact all of the .o files being linked have to have been
compiled with the new method in order for it to be used).

So if you are absolutely sure that every program you will ever want to
run on your kernel has been built with an up-to-date toolchain, you
can turn on enforcement of execute permissions for 32-bit processes.
It would be a "courageous" step (in the Yes Minister sense :) for a
distro to do it, IMHO.

Paul.

Re: 32 bit userland on G5

[David Woodhouse]

On Wed, 2006-06-14 at 08:52 +1000, Paul Mackerras wrote:
> Historically the PPC32 ELF ABI has used an executable PLT, containing
> instructions constructed at runtime, located next to the BSS, and
> without the corresponding program header entry indicating execute
> permission.  Alan Modra devised a new way of doing the PLT which
> doesn't require it to be executable, but of course it is only used in
> programs that have been built since the new method went into the
> toolchain (in fact all of the .o files being linked have to have been
> compiled with the new method in order for it to be used).

'Historical' being until about 4 years ago, around the time of
http://ecos.sourceware.org/ml/binutils/2002-05/msg00097.html ?

> So if you are absolutely sure that every program you will ever want to
> run on your kernel has been built with an up-to-date toolchain, you
> can turn on enforcement of execute permissions for 32-bit processes.
> It would be a "courageous" step (in the Yes Minister sense :) for a
> distro to do it, IMHO. 

We already did it in Fedora. We don't default to READ_IMPLIES_EXEC for
32-bit processes on the 64-bit kernel.

-- 
dwmw2

Re: 32 bit userland on G5

[Paul Mackerras]

David Woodhouse writes:

> 'Historical' being until about 4 years ago, around the time of
> http://ecos.sourceware.org/ml/binutils/2002-05/msg00097.html ?

That's not the one I was talking about; that appears to be about
marking the GOT and PLT as executable in the ELF file.  That may be
enough in fact to allow us to turn off read-implies-exec, though.

> We already did it in Fedora. We don't default to READ_IMPLIES_EXEC for
> 32-bit processes on the 64-bit kernel.

By patching include/asm-powerpc/elf.h?

Paul.

Re: 32 bit userland on G5

[David Woodhouse]

On Wed, 2006-06-14 at 09:46 +1000, Paul Mackerras wrote:
> > We already did it in Fedora. We don't default to READ_IMPLIES_EXEC 
> > for 32-bit processes on the 64-bit kernel.
> 
> By patching include/asm-powerpc/elf.h? 

By patching fs/binfmt_elf.c -- it's part of the exec-shield patch.
http://cvs.fedora.redhat.com/viewcvs/devel/kernel/linux-2.6-execshield.patch?rev=1.20&view=auto

shinybook /home/dwmw2 $ cat foo.c
int foo[2] = { 0x3860005a, 0x4e800020 };
int main(void)
{
        int (*foofn)(void) = (void *)foo;
        int f = foofn();
        printf("%x\n", f);
}
shinybook /home/dwmw2 $ ./foo
5a
shinybook /home/dwmw2 $ scp foo pmac: ; ssh pmac
foo                                             100% 9996     9.8KB/s
00:00
Last login: Wed Jun 14 00:58:26 2006 from shinybook-bcm.infradead.org
pmac /home/dwmw2 $ ./foo
Segmentation fault
pmac /home/dwmw2 $ setarch ppc -X ./foo
5a

-- 
dwmw2

Re: 32 bit userland on G5

[Johannes Berg]

[-- Attachment #1: Type: text/plain, Size: 232 bytes --]

On Wed, 2006-06-14 at 08:44 +1000, Paul Mackerras wrote:

> The elf_read_implies_exec() macro in include/asm-powerpc/elf.h
> achieves the same effect, I believe.

Even for mprotect()? It doesn't look like it does.

johannes

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 793 bytes --]