Re: CVS commit: src/sys/arch/mips/include

[Alexander Nasonov <alnsn%yandex.ru@localhost>]

Matt Thomas wrote:
> 
> On Jul 22, 2014, at 2:40 PM, Alexander Nasonov <alnsn%yandex.ru@localhost> 
> wrote:
> 
> > Matt Thomas wrote:
> >> 
> >> On Jul 22, 2014, at 2:27 PM, Alexander Nasonov <alnsn%yandex.ru@localhost> 
> >> wrote:
> >>> I allocate with the X flag and it seems to work:
> >>> 
> >>> /* in sljitExecAllocator.c */
> >>>       return (void *)uvm_km_alloc(module_map, size,
> >>>           PAGE_SIZE, UVM_KMF_WIRED | UVM_KMF_ZERO | UVM_KMF_EXEC);
> >> 
> >> ok.  Then you need don't a hook for cache flushing
> >> 
> >> pmap_protect(vm_map_pamp(module_map), va, size) will do that for you.
> >> At least for arm/mips/ppc/vax.  (e.g. changing a writeable exec page
> >> to read-only automatically causes it exec cleaned).
> > 
> > sljit allocates 64K exec chucks which are managed by a special allocator.
> > You need to run pmap_protect for each chunk. I think it's cheaper to
> > flush icache.
> 
> Maybe.  But I'd prefer executable code to be in read-only pages so that
> malicious code can't be placed in them and executed.  I think trading
> space for security is a valid tradeoff.

That would be my preference too but it's not how sljit is designed.
The author of sljit doing some refactoring at the moment. I'll ask
if he can look into this issue too.

Alex