From owner-svn-src-head@FreeBSD.ORG  Sat Oct 15 12:35:19 2011
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1267A1065788;
	Sat, 15 Oct 2011 12:35:19 +0000 (UTC) (envelope-from kib@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c])
	by mx1.freebsd.org (Postfix) with ESMTP id EC0538FC18;
	Sat, 15 Oct 2011 12:35:18 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
	by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p9FCZIfq013774;
	Sat, 15 Oct 2011 12:35:18 GMT (envelope-from kib@svn.freebsd.org)
Received: (from kib@localhost)
	by svn.freebsd.org (8.14.4/8.14.4/Submit) id p9FCZIMN013769;
	Sat, 15 Oct 2011 12:35:18 GMT (envelope-from kib@svn.freebsd.org)
Message-Id: <201110151235.p9FCZIMN013769@svn.freebsd.org>
From: Konstantin Belousov <kib@FreeBSD.org>
Date: Sat, 15 Oct 2011 12:35:18 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
	svn-src-head@freebsd.org
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: 
Subject: svn commit: r226388 - in head/sys: compat/freebsd32 kern sys vm
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Oct 2011 12:35:19 -0000

Author: kib
Date: Sat Oct 15 12:35:18 2011
New Revision: 226388
URL: http://svn.freebsd.org/changeset/base/226388

Log:
  Control the execution permission of the readable segments for
  i386 binaries on the amd64 and ia64 with the sysctl, instead of
  unconditionally enabling it.
  
  Reviewed by:	marcel

Modified:
  head/sys/compat/freebsd32/freebsd32_misc.c
  head/sys/kern/imgact_elf.c
  head/sys/sys/sysent.h
  head/sys/vm/vm_unix.c

Modified: head/sys/compat/freebsd32/freebsd32_misc.c
==============================================================================
--- head/sys/compat/freebsd32/freebsd32_misc.c	Sat Oct 15 12:33:24 2011	(r226387)
+++ head/sys/compat/freebsd32/freebsd32_misc.c	Sat Oct 15 12:35:18 2011	(r226388)
@@ -445,7 +445,7 @@ freebsd32_mprotect(struct thread *td, st
 	ap.len = uap->len;
 	ap.prot = uap->prot;
 #if defined(__amd64__) || defined(__ia64__)
-	if (ap.prot & PROT_READ)
+	if (i386_read_exec && (ap.prot & PROT_READ) != 0)
 		ap.prot |= PROT_EXEC;
 #endif
 	return (sys_mprotect(td, &ap));
@@ -536,7 +536,7 @@ freebsd32_mmap(struct thread *td, struct
 #endif
 
 #if defined(__amd64__) || defined(__ia64__)
-	if (prot & PROT_READ)
+	if (i386_read_exec && (prot & PROT_READ))
 		prot |= PROT_EXEC;
 #endif
 

Modified: head/sys/kern/imgact_elf.c
==============================================================================
--- head/sys/kern/imgact_elf.c	Sat Oct 15 12:33:24 2011	(r226387)
+++ head/sys/kern/imgact_elf.c	Sat Oct 15 12:35:18 2011	(r226388)
@@ -123,6 +123,14 @@ SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WOR
     nxstack, CTLFLAG_RW, &__elfN(nxstack), 0,
     __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": enable non-executable stack");
 
+#if __ELF_WORD_SIZE == 32
+#if defined(__amd64__) || defined(__ia64__)
+int i386_read_exec = 0;
+SYSCTL_INT(_kern_elf32, OID_AUTO, read_exec, CTLFLAG_RW, &i386_read_exec, 0,
+    "enable execution from readable segments");
+#endif
+#endif
+
 static Elf_Brandinfo *elf_brand_list[MAX_BRANDS];
 
 #define	trunc_page_ps(va, ps)	((va) & ~(ps - 1))
@@ -1666,7 +1674,7 @@ __elfN(trans_prot)(Elf_Word flags)
 		prot |= VM_PROT_READ;
 #if __ELF_WORD_SIZE == 32
 #if defined(__amd64__) || defined(__ia64__)
-	if (flags & PF_R)
+	if (i386_read_exec && (flags & PF_R))
 		prot |= VM_PROT_EXECUTE;
 #endif
 #endif

Modified: head/sys/sys/sysent.h
==============================================================================
--- head/sys/sys/sysent.h	Sat Oct 15 12:33:24 2011	(r226387)
+++ head/sys/sys/sysent.h	Sat Oct 15 12:35:18 2011	(r226388)
@@ -151,6 +151,10 @@ extern struct sysentvec null_sysvec;
 extern struct sysent sysent[];
 extern const char *syscallnames[];
 
+#if defined(__amd64__) || defined(__ia64__)
+extern int i386_read_exec;
+#endif
+
 #define	NO_SYSCALL (-1)
 
 struct module;

Modified: head/sys/vm/vm_unix.c
==============================================================================
--- head/sys/vm/vm_unix.c	Sat Oct 15 12:33:24 2011	(r226387)
+++ head/sys/vm/vm_unix.c	Sat Oct 15 12:35:18 2011	(r226388)
@@ -141,7 +141,7 @@ sys_obreak(td, uap)
 		prot = VM_PROT_RW;
 #ifdef COMPAT_FREEBSD32
 #if defined(__amd64__) || defined(__ia64__)
-		if (SV_PROC_FLAG(td->td_proc, SV_ILP32))
+		if (i386_read_exec && SV_PROC_FLAG(td->td_proc, SV_ILP32))
 			prot |= VM_PROT_EXECUTE;
 #endif
 #endif