Subject: PaX MPROTECT (Re: CVS commit: src)
To: None <>
From: YAMAMOTO Takashi <>
List: tech-kern
Date: 05/17/2006 05:14:07
> Log Message:
> Introduce PaX MPROTECT -- mprotect(2) restrictions used to strengthen
> W^X mappings.

- pax_mprotect_adjust seems no-op.
- "*new_prot &= ~VM_PROT_EXECUTE;" in obj != NULL case of pax_mprotect
  is no-op because the condition isn't met if VM_PROT_EXECUTE is set.
- mprotect(2) is not only user of uvm_map_protect.
  have you checked the rest of users?
- uobj == NULL is not a good test for anonymous memory,
  if you want to count eg. sysv shared memory or COW'ed memory as anonymous.
  (i'm not sure why you want to check if anonymous or not here.)
- the semantics of uvm_map_protect after your change is not clear to me.
  eg. consider doing mprotect(100, 100, WRITE|EXEC) and
  [100..150] is file-backed and [150..200] is anonymous memory.
  if i read your change correctly, both of WRITE and EXEC bits will be
  removed for the entire range.  is it an intended behaviour?
- i couldn't find any code to restrict mmap.  does this make sense without it?

have you had any public review of the patch?