PaX powerpc nx-bit emulation

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

PaX powerpc nx-bit emulation

Postby b4tman » Wed Aug 31, 2016 2:58 am

Hello,

I've been googling this and trying to look at diffs. But i still couldn't quite understand the whole thing..

So to my understanding, In non-nx-bit powerpc system PaX emulates nx-bit using the guarded bit. So my question is: How does this emulation exactly works and on what powerpc systems does it apply too?

Thank you all :)
b4tman
 
Posts: 2
Joined: Wed Aug 31, 2016 2:48 am

Re: PaX powerpc nx-bit emulation

Postby PaX Team » Wed Aug 31, 2016 5:57 am

there's no emulation here really, it's simple nx behaviour as supported by the cpu (ppc32). the details are in the respective manuals ;).
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: PaX powerpc nx-bit emulation

Postby b4tman » Thu Sep 01, 2016 5:50 am

Thank you :)

I checked it out, and checked the respectful code. Here is what i have learned (if im mistaken i hope someone can enlighten me):

It looks like pax uses the ITLB miss handler to hook a page execution and then uses a reserved page table entry bit to mark that a nx check should be made using the guarded bit. this bit is set by set_pte_at() if pax is enabled on the corresponding mm struct. And finally, if the guarded bit is set, the code jumps to a normal guardedexception handling (and what happens there - i dont know yet).

One question occurs to me from this flow and it is: does it affect kernel pages too or only user pages?
b4tman
 
Posts: 2
Joined: Wed Aug 31, 2016 2:48 am


Return to grsecurity support