NetBSD Problem Report #57701
From www@netbsd.org Sat Nov 18 03:47:38 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id F27CB1A9238
for <gnats-bugs@gnats.NetBSD.org>; Sat, 18 Nov 2023 03:47:37 +0000 (UTC)
Message-Id: <20231118034736.9F8271A9239@mollari.NetBSD.org>
Date: Sat, 18 Nov 2023 03:47:36 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: alpha kernel is built with RWX segment
X-Send-Pr-Version: www-1.0
>Number: 57701
>Category: port-alpha
>Synopsis: alpha kernel is built with RWX segment
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: port-alpha-maintainer
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Nov 18 03:50:00 +0000 2023
>Closed-Date: Sat Nov 18 14:04:42 +0000 2023
>Last-Modified: Sat Nov 18 14:04:42 +0000 2023
>Originator: Taylor R Campbell
>Release: current
>Organization:
The NetBSD LDation
>Environment:
>Description:
/space/tools/bin/../lib/gcc/alpha--netbsd/10.5.0/../../../../alpha--netbsd/bin/ld: warning: cc1 has a LOAD segment with RWX permissions
The kernel image should have finer-grained permissions so the CPU doesn't allow, e.g., writing to the text segment.
>How-To-Repeat:
link an alpha kernel
>Fix:
Teach sys/arch/alpha/conf/kern.ldscript to use separate program segments for read/execute, read/write, and read-only parts of the kernel.
>Release-Note:
>Audit-Trail:
From: Taylor R Campbell <riastradh@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc: thorpej@NetBSD.org
Subject: Re: port-alpha/57701: alpha kernel is built with RWX segment
Date: Sat, 18 Nov 2023 03:53:37 +0000
This is a multi-part message in MIME format.
--=_fvz4bw6Sgb7EvIjKFB6Nr1oMeWUc8Daj
Attached draft patch attempts to fix this -- not yet compile-tested.
--=_fvz4bw6Sgb7EvIjKFB6Nr1oMeWUc8Daj
Content-Type: text/plain; charset="ISO-8859-1"; name="alpharwxldscript"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment; filename="alpharwxldscript.patch"
From b1662f8a75d78b3a04afd0f967561f8c5d8e4412 Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <riastradh@NetBSD.org>
Date: Sat, 18 Nov 2023 03:45:01 +0000
Subject: [PATCH] alpha: Split kernel into RX, R-only, and RW segments.
PR port-alpha/57701
XXX pullup-10
XXX pullup-9
---
sys/arch/alpha/conf/kern.ldscript | 23 +++++++++++++++--------
1 file changed, 15 insertions(+), 8 deletions(-)
diff --git a/sys/arch/alpha/conf/kern.ldscript b/sys/arch/alpha/conf/kern.l=
dscript
index 1f14867634c3..e403140d73fc 100644
--- a/sys/arch/alpha/conf/kern.ldscript
+++ b/sys/arch/alpha/conf/kern.ldscript
@@ -20,14 +20,14 @@ SECTIONS
*(.text)
*(.text.*)
*(.stub)
- } =3D0x47ff041f
+ } :rxmain =3D0x47ff041f
_etext =3D . ;
PROVIDE (etext =3D .);
=20
.rodata :
{
*(.rodata .rodata.*)
- }
+ } :romain
=20
.data :
{
@@ -41,7 +41,7 @@ SECTIONS
=20
. =3D ALIGN(COHERENCY_UNIT);
*(.data.*)
- }
+ } :rwmain
=20
/*
* Small-data located along side GOT and small-bss for
@@ -51,12 +51,12 @@ SECTIONS
.got :
{
*(.got)
- }
+ } :rwmain
=20
.sdata :
{
*(.sdata .sdata.*)
- }
+ } :rwmain
_edata =3D . ;
PROVIDE (edata =3D .) ;
=20
@@ -66,13 +66,13 @@ SECTIONS
{
*(.sbss .sbss.*)
*(.scommon)
- }
+ } :rwmain
=20
.bss :
{
*(.bss .bss.*)
*(COMMON)
- }
+ } :rwmain
=20
/* End of the kernel image */
__kernel_end =3D . ;
@@ -82,5 +82,12 @@ SECTIONS
.note.netbsd.ident :
{
KEEP(*(.note.netbsd.ident));
- }
+ } :romain
+}
+
+PHDRS
+{
+ rxmain PT_LOAD;
+ romain PT_LOAD;
+ rwmain PT_LOAD;
}
--=_fvz4bw6Sgb7EvIjKFB6Nr1oMeWUc8Daj--
From: Jason Thorpe <thorpej@me.com>
To: Taylor Campbell <riastradh@netbsd.org>, gnats-bugs@netbsd.org
Cc: port-alpha-maintainer@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: port-alpha/57701: alpha kernel is built with RWX segment
Date: Fri, 17 Nov 2023 21:11:36 -0800
Alpha loads the kernel into K0SEG and executes it from there, so it doesn=E2=
=80=99t really matter.
-- thorpej
Sent from my iPhone.
> On Nov 17, 2023, at 7:50=E2=80=AFPM, campbell+netbsd@mumble.net wrote:
>=20
> The kernel image should have finer-grained permissions so the CPU doesn't a=
llow, e.g., writing to the text segment.
From: Jason Thorpe <thorpej@me.com>
To: gnats-bugs@netbsd.org
Cc: port-alpha-maintainer@netbsd.org,
gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: port-alpha/57701: alpha kernel is built with RWX segment
Date: Sat, 18 Nov 2023 04:57:12 -0800
Sorry, I responded from my phone last night, and wanted to add some =
additional context from a proper keyboard.
> On Nov 17, 2023, at 7:50 PM, campbell+netbsd@mumble.net wrote:
>=20
>> Description:
> =
/space/tools/bin/../lib/gcc/alpha--netbsd/10.5.0/../../../../alpha--netbsd=
/bin/ld: warning: cc1 has a LOAD segment with RWX permissions
Notice my comment was about =E2=80=9Ccc1=E2=80=9D, i.e. the C compiler =
back-end. Not about the kernel.
> The kernel image should have finer-grained permissions so the CPU =
doesn't allow, e.g., writing to the text segment.
Doing this for the kernel image would be mostly just a waste of memory, =
because the kernel is loaded into and executed from K0SEG, which is a =
direct-mapped segment with no permission enforcement other than =E2=80=9Cn=
ot accessible from user mode". The likelihood of *that* being changed =
is zero, so there=E2=80=99s no point in adding space between the =
sections to page-align them.
-- thorpej
State-Changed-From-To: open->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Sat, 18 Nov 2023 14:04:42 +0000
State-Changed-Why:
derp
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.