address@hidden: Bug#293722: grub: simulated stack not marked PROT

bug-grub

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

address@hidden: Bug#293722: grub: simulated stack not marked PROT_EXEC,

From:	Jason Thomas
Subject:	address@hidden: Bug#293722: grub: simulated stack not marked PROT_EXEC, causes segfaults on new hardware]
Date:	Sun, 6 Feb 2005 01:25:07 +1100
User-agent:	Mutt/1.5.6+20040907i

----- Forwarded message from Colin Watson <address@hidden> -----

> Date: Sat, 5 Feb 2005 10:50:40 +0000
> From: Colin Watson <address@hidden>
> To: address@hidden
> Subject: Bug#293722: grub: simulated stack not marked PROT_EXEC, causes 
> segfaults on new hardware
> 
> Package: grub
> Version: 0.95+cvs20040624-12
> Severity: important
> 
> When using Linux 2.6.10, grub's 'install' command segfaults on new
> hardware that has the NX bit available (e.g. AMD64, and I think also new
> Pentium 4 systems). This turns out to be because:
> 
>   * grub's Unix shell allocates a region of memory part of which is used
>     as a simulated stack;
> 
>   * the 'install' command uses a nested function which causes GCC to
>     emit a stack trampoline requiring an executable stack;
>     
>   * malloc()ed memory is only PROT_READ|PROT_WRITE by default;
> 
>   * 2.6.10 sets noexec=on by default, thereby assuming that pages
>     without PROT_EXEC set can be treated as non-executable, and this is
>     enforced on hardware with the NX bit available.
> 
> The attached patch corrects this problem (tested), and I believe should
> be harmless on older systems. Please apply. Most of it came from the
> mprotect() man page and/or is probably too obvious/short to be
> copyrightable, but if I need to sign an assignment to have this go
> upstream then I'll be happy to do so.
> 
> Thanks,
> 
> -- 
> Colin Watson                                       address@hidden

> --- grub-0.95+cvs20040624.orig/grub/asmstub.c
> +++ grub-0.95+cvs20040624/grub/asmstub.c
> @@ -42,6 +42,12 @@
>  #include <sys/time.h>
>  #include <termios.h>
>  #include <signal.h>
> +#include <sys/mman.h>
> +
> +#include <limits.h>
> +#ifndef PAGESIZE
> +#define PAGESIZE 4096
> +#endif
>  
>  #ifdef __linux__
>  # include <sys/ioctl.h>              /* ioctl */
> @@ -142,6 +148,22 @@
>    assert (grub_scratch_mem == 0);
>    scratch = malloc (0x100000 + EXTENDED_MEMSIZE + 15);
>    assert (scratch);
> +
> +  {
> +    char *p;
> +    int ret;
> +
> +    /* Align to a multiple of PAGESIZE, assumed to be a power of two. */
> +    p = (char *) (((long) scratch) & ~(PAGESIZE - 1));
> +
> +    /* The simulated stack needs to be executable, since GCC uses stack
> +     * trampolines to implement nested functions.
> +     */
> +    ret = mprotect (p, 0x100000 + EXTENDED_MEMSIZE + 15,
> +                 PROT_READ | PROT_WRITE | PROT_EXEC);
> +    assert (ret == 0);
> +  }
> +
>    grub_scratch_mem = (char *) ((((int) scratch) >> 4) << 4);
>  
>    /* FIXME: simulate the memory holes using mprot, if available. */


----- End forwarded message -----

-- 
Jason Thomas
Linux System Administrator
http://www.sage-au.org.au/

[Prev in Thread]

Current Thread

[Next in Thread]

address@hidden: Bug#293722: grub: simulated stack not marked PROT_EXEC, causes segfaults on new hardware], Jason Thomas <=
- Re: address@hidden: Bug#293722: grub: simulated stack not marked PROT_EXEC, causes segfaults on new hardware], Peter Jones, 2005/02/08

Prev by Date: If not install GRUB on MBR...
Next by Date: Grub-question when performing Kernel-upgrade
Previous by thread: If not install GRUB on MBR...
Next by thread: Re: address@hidden: Bug#293722: grub: simulated stack not marked PROT_EXEC, causes segfaults on new hardware]
Index(es):
- Date
- Thread