From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36933)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1bDwlO-0000ak-4E
	for qemu-devel@nongnu.org; Fri, 17 Jun 2016 12:36:59 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1bDwlM-0003Z8-VW
	for qemu-devel@nongnu.org; Fri, 17 Jun 2016 12:36:58 -0400
Received: from mail-vk0-x22a.google.com ([2607:f8b0:400c:c05::22a]:36102)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <peter.maydell@linaro.org>) id 1bDwlM-0003Z3-BD
	for qemu-devel@nongnu.org; Fri, 17 Jun 2016 12:36:56 -0400
Received: by mail-vk0-x22a.google.com with SMTP id u64so122877397vkf.3
	for <qemu-devel@nongnu.org>; Fri, 17 Jun 2016 09:36:56 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <404917c9-62b2-f853-a4a2-b1d9beb66c81@twiddle.net>
References: <1466172679-10156-1-git-send-email-peter.maydell@linaro.org>
	<404917c9-62b2-f853-a4a2-b1d9beb66c81@twiddle.net>
From: Peter Maydell <peter.maydell@linaro.org>
Date: Fri, 17 Jun 2016 17:36:36 +0100
Message-ID: <CAFEAcA9gYgEJ9qucQHN5KcC6AHtcvce_pPWVA3q4og3mHOj2+Q@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [Qemu-devel] [PATCH] oslib-posix: New qemu_alloc_stack() to
 allocate stack with correct perms
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Richard Henderson <rth@twiddle.net>
Cc: QEMU Developers <qemu-devel@nongnu.org>, Patch Tracking <patches@linaro.org>, Aurelien Jarno <aurelien@aurel32.net>, Leon Alrae <leon.alrae@imgtec.com>, Michael Tokarev <mjt@tls.msk.ru>, "Daniel P. Berrange" <berrange@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>

On 17 June 2016 at 17:12, Richard Henderson <rth@twiddle.net> wrote:
> What about using dl_iterate_phdr, looking for PT_GNU_STACK?
> That interface is present on a few other hosts besides Linux.

We could do that. I note that the MIPS kernel is buggy in that
it will assume the stack is executable even if the binary
has PT_GNU_STACK saying "please don't be executable". And
most architectures except x86-64 won't honour PT_GNU_STACK=non-exec
unless the parent process also had nonexec stack (because they
let the READ_IMPLIES_EXEC personality flag be inherited; see
https://insights.sei.cmu.edu/cert/2014/02/feeling-insecure-blame-your-parent.html
). So the PT_GNU_STACK flag doesn't necessarily match up with
either the actual executability of the standard stack or with
what the kernel actually requires.

> But really this is a place that I'd much rather fall back to an ifdef ladder
> than assume executable permission is required.

The trouble with this is that it means that as and when the MIPS
folks fix their kernel and libc and compiler to support non-exec
stacks we won't automatically pick this up, and our stacks will
remain executable. Also it requires us to audit every architecture
to find out which ones require exec-stack. But maybe it is just
MIPS? (Maybe we could just say "this is a MIPS kernel bug" ? :-))

thanks
-- PMM