From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47647)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1bDxYJ-0004D8-GO
	for qemu-devel@nongnu.org; Fri, 17 Jun 2016 13:27:32 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1bDxYG-0006VQ-7j
	for qemu-devel@nongnu.org; Fri, 17 Jun 2016 13:27:31 -0400
Received: from mail-qk0-x243.google.com ([2607:f8b0:400d:c09::243]:36082)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rth7680@gmail.com>) id 1bDxYG-0006VI-35
	for qemu-devel@nongnu.org; Fri, 17 Jun 2016 13:27:28 -0400
Received: by mail-qk0-x243.google.com with SMTP id l81so12753805qke.3
	for <qemu-devel@nongnu.org>; Fri, 17 Jun 2016 10:27:28 -0700 (PDT)
Sender: Richard Henderson <rth7680@gmail.com>
References: <1466172679-10156-1-git-send-email-peter.maydell@linaro.org>
	<404917c9-62b2-f853-a4a2-b1d9beb66c81@twiddle.net>
	<CAFEAcA9gYgEJ9qucQHN5KcC6AHtcvce_pPWVA3q4og3mHOj2+Q@mail.gmail.com>
From: Richard Henderson <rth@twiddle.net>
Message-ID: <6b4b8d0f-afdd-16d6-8236-e912c417d74f@twiddle.net>
Date: Fri, 17 Jun 2016 10:27:24 -0700
MIME-Version: 1.0
In-Reply-To: <CAFEAcA9gYgEJ9qucQHN5KcC6AHtcvce_pPWVA3q4og3mHOj2+Q@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to
 allocate stack with correct perms
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: QEMU Developers <qemu-devel@nongnu.org>, Patch Tracking <patches@linaro.org>, Aurelien Jarno <aurelien@aurel32.net>, Leon Alrae <leon.alrae@imgtec.com>, Michael Tokarev <mjt@tls.msk.ru>, "Daniel P. Berrange" <berrange@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>

On 06/17/2016 09:36 AM, Peter Maydell wrote:
> On 17 June 2016 at 17:12, Richard Henderson <rth@twiddle.net> wrote:
>> What about using dl_iterate_phdr, looking for PT_GNU_STACK?
>> That interface is present on a few other hosts besides Linux.
> 
> We could do that. I note that the MIPS kernel is buggy in that
> it will assume the stack is executable even if the binary
> has PT_GNU_STACK saying "please don't be executable". And
> most architectures except x86-64 won't honour PT_GNU_STACK=non-exec
> unless the parent process also had nonexec stack (because they
> let the READ_IMPLIES_EXEC personality flag be inherited; see
> https://insights.sei.cmu.edu/cert/2014/02/feeling-insecure-blame-your-parent.html
> ). So the PT_GNU_STACK flag doesn't necessarily match up with
> either the actual executability of the standard stack or with
> what the kernel actually requires.

How bizarre.

Glibc will most definitely honour PT_GNU_STACK when allocating thread stacks,
so it's a weird thing for the kernel to want to inherit for the initial thread
stack.

>> But really this is a place that I'd much rather fall back to an ifdef ladder
>> than assume executable permission is required.
> 
> The trouble with this is that it means that as and when the MIPS
> folks fix their kernel and libc and compiler to support non-exec
> stacks we won't automatically pick this up, and our stacks will
> remain executable. Also it requires us to audit every architecture
> to find out which ones require exec-stack. But maybe it is just
> MIPS? (Maybe we could just say "this is a MIPS kernel bug" ? :-))

I am inclined to hope that this is just a mips thing.
It's a pretty strange situation.

But I did really mean fall back.  Yes, try the other methods, but if we don't
detect anything about the stack, only enable it via ifdef ladder.


r~