From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Message-ID: <17630.39716.551115.850057@cargo.ozlabs.ibm.com> Date: Sun, 13 Aug 2006 13:23:16 +1000 From: Paul Mackerras To: "Albert Cahalan" Subject: Re: PowerPC paxtest results w/ gcc-4.1 In-Reply-To: <787b0d920608121948rad24dc7le834f1b499543ace@mail.gmail.com> References: <787b0d920608112250q551c98f5j328183c31eebaf77@mail.gmail.com> <17629.48408.564322.747132@cargo.ozlabs.ibm.com> <787b0d920608120736n1ba0bc03jccf2964bf7ebb1d5@mail.gmail.com> <17630.27174.711916.643790@cargo.ozlabs.ibm.com> <787b0d920608121948rad24dc7le834f1b499543ace@mail.gmail.com> Cc: linuxppc-dev@ozlabs.org, debian-powerpc List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Albert Cahalan writes: > VM_STACK_DEFAULT_FLAGS32 is wrong. A fail-safe > default is important for security. If gcc on PowerPC ever > does generate code which puts trampolines on the stack, > then that can be fixed by converting to legal C code or > by adding the fragile marking to the defective executables. > Did gcc ever generate such code on PowerPC? If not, > then there is no reason to ever allow an executable stack. I believe it did for nested procedures in C. Now that we have the VDSO and use it for signal trampolines, we probably could change the default stack protections. > No. Look in the segment registers. The granularity > isn't great, but the stack can be protected at least. No, ld.so tends to go just below the stack: f7fe6000-f7fff000 r-xp 00000000 08:05 17069 /lib/ld-2.3.6.so f800e000-f800f000 r--p 00018000 08:05 17069 /lib/ld-2.3.6.so f800f000-f8010000 rwxp 00019000 08:05 17069 /lib/ld-2.3.6.so ffe67000-ffe7c000 rw-p ffe67000 00:00 0 [stack] Paul.