[RFC] Enable nxstack by default

Kostik Belousov kostikbel at gmail.com
Tue Oct 18 09:07:58 UTC 2011 

On Mon, Oct 17, 2011 at 09:30:56PM +0200, Oliver Pinter wrote:
> Hi all!
> 
> I think, it's the time to enable the nxstack feature. Any comments,
> pros, cons?

I dragged the change long enough for it to miss the 9.0.
After the 9.0 is released, I will flip the switch with the following
change.

diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
index 8455f48..926fe64 100644
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@@ -118,7 +118,12 @@ static int elf_legacy_coredump = 0;
 SYSCTL_INT(_debug, OID_AUTO, __elfN(legacy_coredump), CTLFLAG_RW, 
     &elf_legacy_coredump, 0, "");
 
-static int __elfN(nxstack) = 0;
+int __elfN(nxstack) =
+#if defined(__amd64__) || defined(__powerpc64__) /* both 64 and 32 bit */
+	1;
+#else
+	0;
+#endif
 SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO,
     nxstack, CTLFLAG_RW, &__elfN(nxstack), 0,
     __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": enable non-executable stack");
diff --git a/sys/powerpc/aim/mmu_oea64.c b/sys/powerpc/aim/mmu_oea64.c
index 7500462..0e27351 100644
--- a/sys/powerpc/aim/mmu_oea64.c
+++ b/sys/powerpc/aim/mmu_oea64.c
@@ -1445,6 +1445,8 @@ moea64_uma_page_alloc(uma_zone_t zone, int bytes, u_int8_t *flags, int wait)
 	return (void *)va;
 }
 
+extern int elf32_nxstack;
+
 void
 moea64_init(mmu_t mmu)
 {
@@ -1464,6 +1466,8 @@ moea64_init(mmu_t mmu)
 		uma_zone_set_allocf(moea64_mpvo_zone,moea64_uma_page_alloc);
 	}
 
+	elf32_nxstack = 1;
+
 	moea64_initialized = TRUE;
 }
 
diff --git a/sys/powerpc/booke/machdep.c b/sys/powerpc/booke/machdep.c
index c2b5e6f..82a37e1 100644
--- a/sys/powerpc/booke/machdep.c
+++ b/sys/powerpc/booke/machdep.c
@@ -192,6 +192,8 @@ void print_kernel_section_addr(void);
 void print_kenv(void);
 u_int booke_init(uint32_t, uint32_t);
 
+extern int elf32_nxstack;
+
 static void
 cpu_e500_startup(void *dummy)
 {
@@ -227,6 +229,9 @@ cpu_e500_startup(void *dummy)
 	/* Set up buffers, so they can be used to read disk labels. */
 	bufinit();
 	vm_pager_bufferinit();
+
+	/* Cpu supports execution permissions on the pages. */
+	elf32_nxstack = 1;
 }
 
 static char *

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20111018/7bf7b2f6/attachment.pgp

More information about the freebsd-current mailing list