From owner-freebsd-arch@FreeBSD.ORG  Tue Aug 26 07:50:26 2008
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C02A3106566B
	for <freebsd-arch@freebsd.org>; Tue, 26 Aug 2008 07:50:26 +0000 (UTC)
	(envelope-from andrew@areilly.bpa.nu)
Received: from nschwmtas05p.mx.bigpond.com (nschwmtas05p.mx.bigpond.com
	[61.9.189.149]) by mx1.freebsd.org (Postfix) with ESMTP id 5096E8FC21
	for <freebsd-arch@freebsd.org>; Tue, 26 Aug 2008 07:50:17 +0000 (UTC)
	(envelope-from andrew@areilly.bpa.nu)
Received: from nschwotgx02p.mx.bigpond.com ([124.188.162.219])
	by nschwmtas05p.mx.bigpond.com with ESMTP id
	<20080826074959.BJMG6339.nschwmtas05p.mx.bigpond.com@nschwotgx02p.mx.bigpond.com>
	for <freebsd-arch@freebsd.org>; Tue, 26 Aug 2008 07:49:59 +0000
Received: from areilly.bpa.nu ([124.188.162.219])
	by nschwotgx02p.mx.bigpond.com with ESMTP id
	<20080826074956.EBAD11844.nschwotgx02p.mx.bigpond.com@areilly.bpa.nu>
	for <freebsd-arch@freebsd.org>; Tue, 26 Aug 2008 07:49:56 +0000
Received: (qmail 17150 invoked by uid 501); 26 Aug 2008 07:49:43 -0000
Date: Tue, 26 Aug 2008 17:49:43 +1000
From: Andrew Reilly <andrew-freebsd@areilly.bpc-users.org>
To: Matthew Macy <mat.macy@gmail.com>
Message-ID: <20080826074943.GB85357@duncan.reilly.home>
References: <g8q8i5$s9g$2@ger.gmane.org>
	<3c1674c90808231713x47e42de5oa9fc2f2f244d2e74@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3c1674c90808231713x47e42de5oa9fc2f2f244d2e74@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
X-RPD-ScanID: Class unknown; VirusThreatLevel unknown, RefID
	str=0001.0A150203.48B3B5A4.0071,ss=1,fgs=0
Cc: Ivan Voras <ivoras@freebsd.org>, freebsd-arch@freebsd.org
Subject: Re: FreeBSD and DEP aka "NX bit"?
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Aug 2008 07:50:26 -0000

On Sat, Aug 23, 2008 at 05:13:30PM -0700, Matthew Macy wrote:
> On Sat, Aug 23, 2008 at 5:04 PM, Ivan Voras <ivoras@freebsd.org> wrote:
> > I stumbled upon this Wikipedia page:
> > http://en.wikipedia.org/wiki/Comparison_of_BSD_operating_systems#Security_features
> > and it mentions NX bit is supported in FreeBSD. Is this true? Is it
> > enabled by default?
> 
> Yes. However, it is in the upper word so it only works with PAE or
> amd64. "jemalloc" maps the heap NX and thread stacks are mapped NX.
> The default process stack currently needs to be executable because
> sigcode is placed at the start of the stack at the time of process
> creation.

Oh, I was looking into this a few months ago, and came to the
conclusion that NX wasn't turned on at all.

How do applications/languages that use JIT or other run-time
code generation get around the non-executable heap?  Just not
use jemalloc?

I've been using 7-STABLE on amd64 for a long time, and haven't
noticed any problems with Java or SBCL lisp or PLT-scheme, all
of which use JIT code generation (but probably neither use
jemalloc?)

Cheers,

-- 
Andrew