Re: [PATCH] x86_64: Disabling read-implies-exec when the stack is executable

From: Kees Cook
Date: Wed May 11 2016 - 22:12:02 EST

Next message: Alex Williamson: "Re: [PATCH 5/5] vfio-pci: Allow to mmap MSI-X table if interrupt remapping is supported"
Previous message: Hongzhou Yang: "Re: [PATCH 6/6] pinctrl: mt8173: set GPIO16 to usb iddig mode"
In reply to: Andi Kleen: "Re: [PATCH] x86_64: Disabling read-implies-exec when the stack is executable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, May 11, 2016 at 3:40 PM, Andi Kleen <ak@xxxxxxxxxxxxxxx> wrote:
>> However, I would tend to agree: RIE should only be needed on 32-bit
>> since 64-bit started its life knowing about no-exec permissions.
>
> NX was not in the original AMD K8 chips. Was only added some time later.

So we should retain this behavior for all of 64-bit?

>> set_personality_64bit()'s (which is confusingly just an initializer
>> and not called during the personality() syscall) comment about this
>> makes no sense to me:
>>
>> /* TBD: overwrites user setup. Should have two bits.
>> But 64bit processes have always behaved this way,
>> so it's not too bad. The main problem is just that
>> 32bit childs are affected again. */
>> current->personality &= ~READ_IMPLIES_EXEC;
>
> What does not make sense?

I just don't have enough context to make sense of it. What two bits?
Always behaved what way?Affected by what?

-Kees

--
Kees Cook
Chrome OS & Brillo Security

Next message: Alex Williamson: "Re: [PATCH 5/5] vfio-pci: Allow to mmap MSI-X table if interrupt remapping is supported"
Previous message: Hongzhou Yang: "Re: [PATCH 6/6] pinctrl: mt8173: set GPIO16 to usb iddig mode"
In reply to: Andi Kleen: "Re: [PATCH] x86_64: Disabling read-implies-exec when the stack is executable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]