Re: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to allocate

From:	Richard Henderson
Subject:	Re: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to allocate stack with correct perms
Date:	Fri, 17 Jun 2016 09:12:16 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0

On 06/17/2016 07:11 AM, Peter Maydell wrote:
> Some architectures require the stack to be executable; notably
> this includes MIPS, because the kernel's floating point emulator
> may try to put trampoline code on the stack to handle some cases.
> (See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815409
> for an example of this causing QEMU to crash.)
> 
> Create a utility function qemu_alloc_stack() which allocates a
> block of memory for use as a stack with the correct permissions.
> Since we would prefer to make the stack non-executable if we can
> as a defence against code execution exploits, we detect whether
> the existing stack is mapped executable. Unfortunately this
> requires us to grovel through /proc/self/maps to determine the
> permissions on it.
> 
> Signed-off-by: Peter Maydell <address@hidden>
> ---
> This method of figuring out the correct perms for the stack is
> not exactly pretty; better suggestions welcome.
> 
> NB that this utility function also gives us a handy place to put
> code for allocating a guard page at the bottom of the stack, or
> mapping it as MAP_GROWSDOWN, or whatever.
...
> +    /* Some architectures (notably MIPS) require an executable stack, but
> +     * we would prefer to avoid making the stack executable unnecessarily,
> +     * to defend against code execution exploits.
> +     * Check whether the current stack is executable, and follow its lead.
> +     * Unfortunately to do this we have to wade through /proc/self/maps
> +     * looking for the stack memory. We default to assuming we need an
> +     * executable stack and remove the permission only if we can successfully
> +     * confirm that non-executable is OK.
> +     */
> +
> +    prot = PROT_READ | PROT_WRITE | PROT_EXEC;
...
> +#else
> +static int stack_prot(void)
> +{
> +    /* Assume an executable stack is needed, since we can't detect it. */
> +    return PROT_READ | PROT_WRITE | PROT_EXEC;
> +}
> +#endif


What about using dl_iterate_phdr, looking for PT_GNU_STACK?
That interface is present on a few other hosts besides Linux.

But really this is a place that I'd much rather fall back to an ifdef ladder
than assume executable permission is required.


r~

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to allocate stack with correct perms, Peter Maydell, 2016/06/17
- Re: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to allocate stack with correct perms, Richard Henderson <=
  - Re: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to allocate stack with correct perms, Peter Maydell, 2016/06/17
    - Re: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to allocate stack with correct perms, Richard Henderson, 2016/06/17
    - Re: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to allocate stack with correct perms, Peter Maydell, 2016/06/17
- Re: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to allocate stack with correct perms, Laszlo Ersek, 2016/06/18

Prev by Date: [Qemu-devel] [Bug 1318281] Re: linux-user: x86_64 target fails to call sys_futex()
Next by Date: Re: [Qemu-devel] [PATCH v4 1/3] target-i386: KVM: add basic Intel LMCE support
Previous by thread: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to allocate stack with correct perms
Next by thread: Re: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to allocate stack with correct perms
Index(es):
- Date
- Thread