Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753883AbbHFAYB (ORCPT <rfc822;w@1wt.eu>);
	Wed, 5 Aug 2015 20:24:01 -0400
Received: from mailapp01.imgtec.com ([195.59.15.196]:41256 "EHLO
	mailapp01.imgtec.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751867AbbHFAYA (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Wed, 5 Aug 2015 20:24:00 -0400
Message-ID: <55C2A91B.1090704@imgtec.com>
Date: Wed, 5 Aug 2015 17:23:55 -0700
From: Leonid Yegoshin <Leonid.Yegoshin@imgtec.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: David Daney <ddaney@caviumnetworks.com>
CC: Paul Burton <paul.burton@imgtec.com>, <daniel.sanders@imgtec.com>,
        <linux-mips@linux-mips.org>, <cernekee@gmail.com>,
        <Zubair.Kakakhel@imgtec.com>, <geert+renesas@glider.be>,
        <david.daney@cavium.com>, <peterz@infradead.org>,
        <heiko.carstens@de.ibm.com>, <paul.gortmaker@windriver.com>,
        <behanw@converseincode.com>, <macro@linux-mips.org>, <cl@linux.com>,
        <pkarat@mvista.com>, <linux@roeck-us.net>, <tkhai@yandex.ru>,
        <james.hogan@imgtec.com>, <alexinbeijing@gmail.com>,
        <rusty@rustcorp.com.au>, <Steven.Hill@imgtec.com>,
        <lars.persson@axis.com>, <aleksey.makarov@auriga.com>,
        <linux-kernel@vger.kernel.org>, <ralf@linux-mips.org>,
        <luto@amacapital.net>, <dahi@linux.vnet.ibm.com>,
        <markos.chandras@imgtec.com>, <eunb.song@samsung.com>,
        <kumba@gentoo.org>
Subject: Re: [PATCH v4 3/3] MIPS: set stack/data protection as non-executable
References: <20150805234348.20722.71740.stgit@ubuntu-yegoshin> <20150805234936.20722.60927.stgit@ubuntu-yegoshin> <20150805235543.GG2057@NP-P-BURTON> <55C2A50A.50805@imgtec.com> <55C2A6FE.1020003@caviumnetworks.com>
In-Reply-To: <55C2A6FE.1020003@caviumnetworks.com>
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.20.3.79]
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1670
Lines: 45

On 08/05/2015 05:14 PM, David Daney wrote:
> On 08/05/2015 05:06 PM, Leonid Yegoshin wrote:
>> On 08/05/2015 04:55 PM, Paul Burton wrote:
>>>
>>>
>>> As was pointed out last time you posted this, it breaks backwards
>>> compatibility with userland & thus cannot be applied.
>>
>> Never observed since first version.
>>
>> In other side, the problem with apps like ssh_keygen is observed in
>> absence of executable stack protection.
>
> You cannot change the default.
>
> If your ssh_keygen is broken, get a working version.

It is actually any application which requests non-executable stack 
protection and needs some emulation BEFORE GLIBC cancels that 
non-executable stack protection due to libraries.

If you build all libraries with PT_GNU_STACK 'non-executable' and use 
application with the same protection then you can't emulate even a 
single instruction - it crashes immediately. So, it is not a bad 
application, it is a bad choice for emulation space in past.

>
> I have never had a problem running ssh_keygen (on platforms requiring 
> emulation).

Create a buildroot FS with PT_GNU_STACK 'non-executable' libraries. Then 
run ssh_keygen on CPU without FPU and look.

You also may try to run MIPS R2 Debian on MIPS R6 CPU, and see a 
spectacular failure of ssh_keygen (it tries to emulate MIPS R2 
instruction before first library is loaded and that fails due to 
non-executable stack protection.

- Leonid.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/