Hi Maciej, Aleksandar, On Wed, Dec 06, 2017 at 05:50:52PM +0000, Maciej W. Rozycki wrote: > What problem are you trying to solve anyway? Is it not something that > can be handled with the `execstack' utility?
The commit message states that for Android "non-exec stack is required". Is Android checking that then Aleksandar? If so, how? I presume what you actually want here is for the kernel to lie & indicate to whatever part of Android that performs this check that the stack is non-executable even when it is really executable? Is this aimed at the Android emulator? If so would it be possible to instead implement RIXI support & make the non-exec stack actually work? > NB as someone has observed with programs that do not request a > non-executable stack we actually propagate the execute permission to all > data pages. Is it not something we would want to handle differently? It would of course be ideal to mark data/heap memory non-executable - the question is how should we know that it's safe to do so. The approach I took in 1a770b85c1f1 ("MIPS: non-exec stack & heap when non-exec PT_GNU_STACK is present") was to require the PT_GNU_STACK header in order to mark both stack & heap non-executable, for reasons outlined in its commit message: - I was told at the time that no MIPS tools were yet emitting PT_GNU_STACK, so we wouldn't be changing the behaviour of any existing binaries & thus wouldn't break any. - It matches the behaviour of both ARM & x86. Marking the heap non-executable by default would have advantages in that we wouldn't need to worry about icache coherency for it in set_pte_at()/__update_cache(), so one idea I had was that we could possibly initially mark pages non-executable in the TLB & later enable execution only if we take a TLBXI exception, with the assumption being that in most cases we'll never try executing from the heap. That's not an idea I've yet found the time to implement or measure the impact of though. Thanks, Paul