Page 1 of 1

PaX powerpc nx-bit emulation

PostPosted: Wed Aug 31, 2016 2:58 am
by b4tman

I've been googling this and trying to look at diffs. But i still couldn't quite understand the whole thing..

So to my understanding, In non-nx-bit powerpc system PaX emulates nx-bit using the guarded bit. So my question is: How does this emulation exactly works and on what powerpc systems does it apply too?

Thank you all :)

Re: PaX powerpc nx-bit emulation

PostPosted: Wed Aug 31, 2016 5:57 am
by PaX Team
there's no emulation here really, it's simple nx behaviour as supported by the cpu (ppc32). the details are in the respective manuals ;).

Re: PaX powerpc nx-bit emulation

PostPosted: Thu Sep 01, 2016 5:50 am
by b4tman
Thank you :)

I checked it out, and checked the respectful code. Here is what i have learned (if im mistaken i hope someone can enlighten me):

It looks like pax uses the ITLB miss handler to hook a page execution and then uses a reserved page table entry bit to mark that a nx check should be made using the guarded bit. this bit is set by set_pte_at() if pax is enabled on the corresponding mm struct. And finally, if the guarded bit is set, the code jumps to a normal guardedexception handling (and what happens there - i dont know yet).

One question occurs to me from this flow and it is: does it affect kernel pages too or only user pages?