From owner-freebsd-amd64@FreeBSD.ORG Wed Dec 15 16:57:10 2004 Return-Path: Delivered-To: freebsd-amd64@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 201E216A4CE; Wed, 15 Dec 2004 16:57:10 +0000 (GMT) Received: from canning.wemm.org (canning.wemm.org [192.203.228.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id E92FD43D2F; Wed, 15 Dec 2004 16:57:09 +0000 (GMT) (envelope-from peter@wemm.org) Received: from fw.wemm.org (canning.wemm.org [192.203.228.65]) by canning.wemm.org (Postfix) with ESMTP id C2E342A7EA; Wed, 15 Dec 2004 08:57:09 -0800 (PST) (envelope-from peter@wemm.org) Received: from overcee.wemm.org (overcee.wemm.org [10.0.0.3]) by fw.wemm.org (Postfix) with ESMTP id 39D20E2B5; Wed, 15 Dec 2004 08:57:09 -0800 (PST) (envelope-from peter@wemm.org) Received: from overcee.wemm.org (localhost [127.0.0.1]) by overcee.wemm.org (8.13.1/8.13.1) with ESMTP id iBFGv9uA044778; Wed, 15 Dec 2004 08:57:09 -0800 (PST) (envelope-from peter@wemm.org) Received: from localhost (localhost [[UNIX: localhost]]) by overcee.wemm.org (8.13.1/8.13.1/Submit) id iBFGv5F7044773; Wed, 15 Dec 2004 08:57:05 -0800 (PST) (envelope-from peter@wemm.org) X-Authentication-Warning: overcee.wemm.org: peter set sender to peter@wemm.org using -f From: Peter Wemm To: freebsd-amd64@freebsd.org Date: Wed, 15 Dec 2004 08:57:05 -0800 User-Agent: KMail/1.7.1 References: <1103050826.21655.13.camel@server.mcneil.com> In-Reply-To: <1103050826.21655.13.camel@server.mcneil.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200412150857.05622.peter@wemm.org> cc: amd64@freebsd.org Subject: Re: non-executable stack X-BeenThere: freebsd-amd64@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting FreeBSD to the AMD64 platform List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Dec 2004 16:57:10 -0000 On Tuesday 14 December 2004 11:00 am, Sean McNeil wrote: > Just wondering if FreeBSD is taking advantage of the non-execute > capability in the amd64 processor to protect the stack and allocation > area. If so, how would something like the java VM work? Would it > have to have some sort of chflag bit set or suid'd? > > Cheers, > Sean We sort-of support the PG_NX bit, but there are things broken in the pmap.c code which means it will get lost over time. We cheat and create the primary stack with execute turned on, because the executable signal trampoline is still in there. The signal trampoline should be in libc anyway. gcc needs to have its configuration changed so that it uses mprotect() to turn PROT_EXEC on when it needs to execute stuff on the stack. It does this for many architectures, but not for FreeBSD/i386 and /amd64. Things like the java vm would need to use mprotect() like they do on solaris, linux etc. -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com "All of this is for nothing if we don't go to the stars" - JMS/B5