grsecurity forums

Skip to content

PaX on NX-less ppc systems

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

PaX on NX-less ppc systems

Postby AngelicLiar » Mon Jun 21, 2010 4:51 am

Hello,

I would like to implement PaX on an embedded PPC system with Freescale's e300 core. The problem? This processor does not have an NX bit.

I've tried reviewing the patched code in \arch\powerpc, and I'm not quite sure whether PaX supports such a processor. Does it?

If not, could I possibly port the old x86 (=non-NX) PAGEEXEC method to NX-less ppc, considering the e300 does have split TLBs (ITLB and DTLB)?

PS. what about the ASLR features? Would RANDMMAP or RANDUSTACK work without NOEXEC?
AngelicLiar
 
Posts: 5
Joined: Mon Jun 21, 2010 4:43 am
Top

Re: PaX on NX-less ppc systems

Postby PaX Team » Mon Jun 21, 2010 6:59 am

AngelicLiar wrote:I would like to implement PaX on an embedded PPC system with Freescale's e300 core. The problem? This processor does not have an NX bit.
there're other ppc CPUs without NX support yet PAGEEXEC works on them ;).
I've tried reviewing the patched code in \arch\powerpc, and I'm not quite sure whether PaX supports such a processor. Does it?
how does linux support E300 itself? i've got little idea about all the ppc families, but based on a quick look at .34, i only see E500 and E200 as config options, nothing specific for E300 (on the other hand grep shows that there's some E300 related code in the tree). in any case, as i alluded to above, you can have PaX/PAGEEXEC work on this family too by simply making use of the guarded bit as we do on other CPUs already (look at the change in arch/powerpc/include/asm/pte-hash32.h). in fact, if E300 support uses that header file then you already have NX support, test it out ;). note that your userland had better be built with -msecure-plt.
If not, could I possibly port the old x86 (=non-NX) PAGEEXEC method to NX-less ppc, considering the e300 does have split TLBs (ITLB and DTLB)?
it's not necessary, nor am i sure it'd work on ppc. what you may want to experiment with is the itlb miss handler, if there's no unified tlb or another mechanism, that can leak dtlb entries into the insn fetch resolution process, then you can implement NX behaviour in there too, without using the guarded bit.
PS. what about the ASLR features? Would RANDMMAP or RANDUSTACK work without NOEXEC?
sure, they've always been independent features.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group
cron