From: Andi Kleen <ak@suse.de>
To: Linus Torvalds <torvalds@osdl.org>
Cc: Andi Kleen <ak@suse.de>, Ingo Molnar <mingo@elte.hu>,
Christoph Hellwig <hch@infradead.org>,
Arjan van de Ven <arjan@infradead.org>,
akpm@osdl.org, linux-kernel@vger.kernel.org, drepper@redhat.com
Subject: Re: [PROPOSAL/PATCH] Remove PT_GNU_STACK support before 2.6.11
Date: Sun, 6 Feb 2005 18:56:19 +0100 [thread overview]
Message-ID: <20050206175619.GA18245@wotan.suse.de> (raw)
In-Reply-To: <Pine.LNX.4.58.0502060907220.2165@ppc970.osdl.org>
On Sun, Feb 06, 2005 at 09:08:47AM -0800, Linus Torvalds wrote:
>
>
> On Sun, 6 Feb 2005, Andi Kleen wrote:
> >
> > Force READ_IMPLIES_EXEC for all 32bit processes to fix
> > the 32bit source compatibility.
>
> Andi, stop this. We're _not_ going to say "32-bit executables don't need
> PROT_EXEC. The executables would need to be marked broken per-executable,
> not some kind of "we don't do this globally" setting.
The thing I'm annoyed about is that all the testing for this
change seems to go towards the x86-64 32bit emulation
(because effectively near nobody uses 32bit PAE+NX right now)
And the main job of the 32bit emulation is not to prove
as a testing ground for experimental stuff, but to be compatible.
And changes like this break it and cause me a lot of additional work.
Here's a slightly different patch to only turn it off for 32bit x86-64.
If the 32bit experimental security people can get their stuff tested
properly and 32bit NX CPUs are actually used widely
and all the third party sources fixed I can probably follow in a few months.
But I really don't have the capacity to track third party software fixes for
stuff that really has nothing to do with compatible 32bit emulation.
Please consider applying this patch. It only touches x86-64. Thanks:
-Andi
Always enable PROT_READ implies PROT_EXEC for 32bit programs
running on x86-64. This reverts behaviour back to what 2.6.9 did.
Signed-off-by: Andi Kleen <ak@suse.de>
diff -u linux-2.6.11rc3/arch/x86_64/kernel/process.c-o linux-2.6.11rc3/arch/x86_64/kernel/process.c
--- linux-2.6.11rc3/arch/x86_64/kernel/process.c-o 2005-02-04 09:12:52.000000000 +0100
+++ linux-2.6.11rc3/arch/x86_64/kernel/process.c 2005-02-06 15:26:45.000000000 +0100
@@ -577,6 +577,11 @@
/* Make sure to be in 64bit mode */
clear_thread_flag(TIF_IA32);
+
+ /* Clear in case it was set from a 32bit parent.
+ Bug: this overwrites the user choice. Would need
+ a second bit too. */
+ current->personality &= ~READ_IMPLIES_EXEC;
}
asmlinkage long sys_fork(struct pt_regs *regs)
diff -u linux-2.6.11rc3/arch/x86_64/ia32/ia32_binfmt.c-o linux-2.6.11rc3/arch/x86_64/ia32/ia32_binfmt.c
--- linux-2.6.11rc3/arch/x86_64/ia32/ia32_binfmt.c-o 2005-02-04 09:12:52.000000000 +0100
+++ linux-2.6.11rc3/arch/x86_64/ia32/ia32_binfmt.c 2005-02-06 15:23:33.000000000 +0100
@@ -262,6 +262,7 @@
set_thread_flag(TIF_ABI_PENDING); \
else \
clear_thread_flag(TIF_ABI_PENDING); \
+ current->personality |= READ_IMPLIES_EXEC; \
} while (0)
/* Override some function names */
next prev parent reply other threads:[~2005-02-06 17:57 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-06 11:36 [PROPOSAL/PATCH] Remove PT_GNU_STACK support before 2.6.11 Andi Kleen
2005-02-06 11:47 ` Arjan van de Ven
2005-02-06 12:02 ` Ingo Molnar
2005-02-06 12:25 ` Ingo Molnar
2005-02-06 12:36 ` Andi Kleen
2005-02-06 12:45 ` Ingo Molnar
2005-02-06 12:50 ` Andi Kleen
2005-02-06 12:59 ` Arjan van de Ven
2005-02-06 13:01 ` Andi Kleen
2005-02-06 13:04 ` Arjan van de Ven
2005-02-06 13:09 ` Andi Kleen
2005-02-06 13:31 ` Ingo Molnar
2005-02-06 13:43 ` Andi Kleen
2005-02-06 13:06 ` Christoph Hellwig
2005-02-06 13:11 ` Andi Kleen
2005-02-06 13:32 ` Ingo Molnar
2005-02-06 13:46 ` Andi Kleen
2005-02-06 14:08 ` Ingo Molnar
2005-02-06 14:22 ` Ingo Molnar
2005-02-06 14:29 ` Andi Kleen
2005-02-06 17:08 ` Linus Torvalds
2005-02-06 17:13 ` Arjan van de Ven
2005-02-06 17:31 ` Linus Torvalds
2005-02-06 17:39 ` Arjan van de Ven
2005-02-06 18:04 ` Linus Torvalds
2005-02-06 18:08 ` Arjan van de Ven
2005-02-06 17:56 ` Andi Kleen [this message]
2005-02-06 12:33 ` Andi Kleen
2005-02-06 12:40 ` Arjan van de Ven
2005-02-06 12:48 ` Andi Kleen
2005-02-06 15:54 ` Andreas Schwab
2005-02-06 17:05 ` Linus Torvalds
2005-02-06 17:58 ` Andi Kleen
2005-02-06 12:11 ` Paweł Sikora
[not found] ` <200502061303.12377.pluto@pld-linux.org>
[not found] ` <20050206124701.GD30109@wotan.suse.de>
2005-02-06 18:07 ` Paweł Sikora
2005-02-06 18:38 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050206175619.GA18245@wotan.suse.de \
--to=ak@suse.de \
--cc=akpm@osdl.org \
--cc=arjan@infradead.org \
--cc=drepper@redhat.com \
--cc=hch@infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox