[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to allocate

From: Richard Henderson
Subject: Re: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to allocate stack with correct perms
Date: Fri, 17 Jun 2016 09:12:16 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0

On 06/17/2016 07:11 AM, Peter Maydell wrote:
> Some architectures require the stack to be executable; notably
> this includes MIPS, because the kernel's floating point emulator
> may try to put trampoline code on the stack to handle some cases.
> (See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815409
> for an example of this causing QEMU to crash.)
> Create a utility function qemu_alloc_stack() which allocates a
> block of memory for use as a stack with the correct permissions.
> Since we would prefer to make the stack non-executable if we can
> as a defence against code execution exploits, we detect whether
> the existing stack is mapped executable. Unfortunately this
> requires us to grovel through /proc/self/maps to determine the
> permissions on it.
> Signed-off-by: Peter Maydell <address@hidden>
> ---
> This method of figuring out the correct perms for the stack is
> not exactly pretty; better suggestions welcome.
> NB that this utility function also gives us a handy place to put
> code for allocating a guard page at the bottom of the stack, or
> mapping it as MAP_GROWSDOWN, or whatever.
> +    /* Some architectures (notably MIPS) require an executable stack, but
> +     * we would prefer to avoid making the stack executable unnecessarily,
> +     * to defend against code execution exploits.
> +     * Check whether the current stack is executable, and follow its lead.
> +     * Unfortunately to do this we have to wade through /proc/self/maps
> +     * looking for the stack memory. We default to assuming we need an
> +     * executable stack and remove the permission only if we can successfully
> +     * confirm that non-executable is OK.
> +     */
> +
> +#else
> +static int stack_prot(void)
> +{
> +    /* Assume an executable stack is needed, since we can't detect it. */
> +}
> +#endif

What about using dl_iterate_phdr, looking for PT_GNU_STACK?
That interface is present on a few other hosts besides Linux.

But really this is a place that I'd much rather fall back to an ifdef ladder
than assume executable permission is required.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]