On Mon, 11 Jul 2011 14:34:38 +0400, Valeriy E. Ushakov wrote:
On Jul 10, 2011, at 7:58 PM, Valeriy E. Ushakov wrote:>> That seems to be a bit tricky to write in a portable way: testing --x >> right in memory pages requires to put/copy some payload in a page and>> call it. > > dlopen something, find a function with dlsym, disable exec on that> page and call the function. Catch SIGSEGV, check siginfo. mprotect> it back and call the function again. doesn't work when the target uses function descriptors.You mean "fat" function pointers like e.g. ia64? It's easier tospecial case couple of arches where we introduce a bit of special caseMI code to deconstruct the fat function pointer to get the code address, than to write asm code for all arches. Or?
Exactly; use of function pointers is dictated by the ABI, so I can't really use them as I'd like to, like i386/amd64 (these need some care too, you could end up pointing to the GOT entry rather than the first byte of the function).
On a side note, as stated in my initial mail, I'd like to provide MD hooks so I can write tests for any part of memory, like testing non-executable stack(s) (especially when grown), or check that correct protections are applied to different part of memory regions.
I can't do that simply through rtld, as I need to memcpy(2) the payload and therefore have access to the beginning (which is not necessarily trivial given certain architectures), and the end (never found a way to properly label those without using assembly routines).
-- Jean-Yves Migeon jym%NetBSD.org@localhost