[compiler-rt] [Patch] Support for NX stacks

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[compiler-rt] [Patch] Support for NX stacks

Ed Schouten
Hello all,

Kostik Belousov is currently working on a patchset for FreeBSD to make no-exec stacks work on i386 and amd64. Support for this is long overdue, but limitations to the way signal handling is implemented on those architectures has made it a bit tougher to implement this.

If I understand the patchset correctly, processes will only use a no-exec stack if the executable and its libraries don't depend on it being executable. This is done by adding a marker to all object files. For C files, this seems to be done automatically, but for assembly files, we need to mark them manually.

Kostik is proposing the following patchset to be committed to FreeBSD HEAD:

        http://people.freebsd.org/~kib/misc/nxstack.2.patch

Would it be possible for the compiler-rt changes (in contrib/compiler-rt) to get upstreamed? Thanks.

--
Ed Schouten <[hidden email]>
WWW: http://80386.nl/


_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: [compiler-rt] [Patch] Support for NX stacks

Nick Kledzik
Since all the code in compiler-rt does not execute anything on the stack, is there some command line option that will add that section?  That way every .s file will not need to be touched.  

Alternately, is there some way to add the section directive to the assembly.h file, that way every file will get it without having to change every .S file?

I'm fine with adding this information, just modifying every .S file and adding a macro seems fragile.

-Nick

On Dec 8, 2010, at 11:53 AM, Ed Schouten wrote:

> Hello all,
>
> Kostik Belousov is currently working on a patchset for FreeBSD to make no-exec stacks work on i386 and amd64. Support for this is long overdue, but limitations to the way signal handling is implemented on those architectures has made it a bit tougher to implement this.
>
> If I understand the patchset correctly, processes will only use a no-exec stack if the executable and its libraries don't depend on it being executable. This is done by adding a marker to all object files. For C files, this seems to be done automatically, but for assembly files, we need to mark them manually.
>
> Kostik is proposing the following patchset to be committed to FreeBSD HEAD:
>
> http://people.freebsd.org/~kib/misc/nxstack.2.patch
>
> Would it be possible for the compiler-rt changes (in contrib/compiler-rt) to get upstreamed? Thanks.
>
> --
> Ed Schouten <[hidden email]>
> WWW: http://80386.nl/
>
>
> _______________________________________________
> cfe-dev mailing list
> [hidden email]
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev


_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: [compiler-rt] [Patch] Support for NX stacks

Ed Schouten
Hi Nick,

On Dec 15, 2010, at 18:59, Nick Kledzik wrote:
> Since all the code in compiler-rt does not execute anything on the stack, is there some command line option that will add that section?  That way every .s file will not need to be touched.  
>
> Alternately, is there some way to add the section directive to the assembly.h file, that way every file will get it without having to change every .S file?
>
> I'm fine with adding this information, just modifying every .S file and adding a macro seems fragile.

I've discussed this with Kostik and as far as we know, there is no way this can be done without modifying the .S files. There is, for example, no assembler flag.

Greetings,
--
Ed Schouten <[hidden email]>
WWW: http://80386.nl/


_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: [compiler-rt] [Patch] Support for NX stacks

pageexec
On 21 Dec 2010 at 11:38, Ed Schouten wrote:

> Hi Nick,
>
> On Dec 15, 2010, at 18:59, Nick Kledzik wrote:
> > Since all the code in compiler-rt does not execute anything on the stack, is there some command line option that will add that section?  That way every .s file will not need to be touched.  
> >
> > Alternately, is there some way to add the section directive to the assembly.h file, that way every file will get it without having to change every .S file?
> >
> > I'm fine with adding this information, just modifying every .S file and adding a macro seems fragile.
>
> I've discussed this with Kostik and as far as we know, there is no way this can be done without modifying the .S files. There is, for example, no assembler flag.

i don't know about other toolchains but GNU binutils supports 'as --noexecstack' and 'ld -z noexecstack'
if you want to avoid changing the .S files.

_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev