Non-executable stacks

Kostik Belousov kostikbel at gmail.com
Thu Nov 25 16:20:16 UTC 2010 

Hello,

at the
http://people.freebsd.org/~kib/misc/nxstacks.1.patch
please find the patch that implements non-executable stack support for
amd64 (and FreeBSD/ia32 processes executed on amd64 host).

The implementation is done to take advantage of GNU toolchain
PT_GNU_STACK markers. The description of them I was able to find,
except the binutils and gcc source code, is at
http://www.redhat.com/archives/fedora-devel-list/2003-November/msg00838.html
http://www.gentoo.org/proj/en/hardened/gnu-stack.xml

Notes about the patch. It consists of the following pieces that are
relatively independed from each other:

- Added .note.GNU-stack section for all assembly sources for i386 and
  amd64, used to build rtld, libc, libm and libthr. The libraries do
  not need executable stack, so shall be marked as such. This is the
  biggest and most trivial part of the patch. I had to modify
  contributed source for compiler-rt library.

- Changed gcc configuration to emit .note.GNU-stack as appropriate,
  for i386 and amd64.

- Moved signal trampolines off the main process stack. For this, I had
  to implement the global shared page n-th time. Simple allocator is
  provided to carve properly aligned chunks of the page space. Used
  by image activators to allocate space for the trampolines.

- ELF activator parses PT_GNU_STACK phdr and sets the stack protection
  as specified in the image. If the phdr is missing, rwx is used, as before.

- rtld is supplied with the main stack protection mode a by new aux vector.
  If any dso is loaded that requires executable stack and current protection
  disables execution from stack, __pthread_map_stacks_exec() is called.

- For single-threaded process, libc provides the weak implementation of
  __pthread_map_stacks_exec that calls mprotect() on the main process
  stack.

- For multi-threaded process, libthr provides __pthread_map_stacks_exec()
  that changes protection of all allocated stacks. New rtld interface
  _rtld_get_stack_prot() is used to properly set protection for created
  threads.

It is curious enough that HEAD allocates the main stack on amd64 as
executable, but libthr marks all stacks for non-initial thread as not
executable ! This should already break some gcc features when used
from non-initial thread.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-amd64/attachments/20101125/aba4b720/attachment.pgp

More information about the freebsd-amd64 mailing list