LinuxLists.cc - IA64/x86-64 and execution protection support?

2003-11-03 14:49:38

Subject: IA64/x86-64 and execution protection support?

Hello.

I was reading El Reg this morning when they discussed "execution protection"
on the new Intel (IA64) and AMD (K8 and above) chips.
Does the Linux kernel have support for preventing execution of certain
memory regions on those architectures?
Also, I know that some implementations of x86 stack protection are out there;
I've not seen them in the vanilla kernels; is there any plan to implement
them?

Thank you!
-Joseph
--
Joseph===============================================trelane@digitasaru.net
"Asked by CollabNet CTO Brian Behlendorf whether Microsoft will enforce its
patents against open source projects, Mundie replied, 'Yes, absolutely.'
An audience member pointed out that many open source projects aren't
funded and so can't afford legal representation to rival Microsoft's. 'Oh
well,' said Mundie. 'Get your money, and let's go to court.'
Microsoft's patents only defensive? http://swpat.ffii.org/players/microsoft

2003-11-03 16:49:12

by David Mosberger

[permalink] [raw]

Subject: Re: IA64/x86-64 and execution protection support?

>>>>> On Mon, 3 Nov 2003 08:49:33 -0600, Joseph Pingenot <[email protected]> said:

Joseph> Hello. I was reading El Reg this morning when they
Joseph> discussed "execution protection" on the new Intel (IA64) and
Joseph> AMD (K8 and above) chips. Does the Linux kernel have
Joseph> support for preventing execution of certain memory regions
Joseph> on those architectures?

Yes, on ia64, data and stack do not get mapped executable by default.
Also, return addresses (under the discretion of the compiler) are
virtually always stored on a separate register stack, making it more
difficult to use memory stack overflows to overwrite return addresses.

--daviid

2003-11-03 20:21:12

by Bryan O'Sullivan

[permalink] [raw]

Subject: Re: IA64/x86-64 and execution protection support?

On Mon, 2003-11-03 at 06:49, Joseph Pingenot wrote:

> Does the Linux kernel have support for preventing execution of certain
> memory regions on those architectures?

It does on x86_64, yes. This can be enabled or disabled via command
line options.

<b

2003-11-18 13:56:45

by Andi Kleen

[permalink] [raw]

Subject: Re: IA64/x86-64 and execution protection support?

Joseph Pingenot <[email protected]> writes:

> Does the Linux kernel have support for preventing execution of certain
> memory regions on those architectures?
> Also, I know that some implementations of x86 stack protection are out there;
> I've not seen them in the vanilla kernels; is there any plan to implement
> them?

The x86-64 port supports no-execution for stack and heap and other
memory areas, but it is not enabled by default because it breaks some
software. You can enable it with the noexec= boot parameter. See
Documentation/x86_64/boot-options.txt for details.

-Andi