Re: PAX mprotect and JIT

To: tech-kern%netbsd.org@localhost
Subject: Re: PAX mprotect and JIT
From: christos%astron.com@localhost (Christos Zoulas)
Date: Sun, 26 Feb 2017 21:08:51 +0000 (UTC)

In article <20170226153519.GA28284%britannica.bec.de@localhost>,
Joerg Sonnenberger  <joerg%bec.de@localhost> wrote:
>On Sun, Feb 26, 2017 at 03:20:46PM +0000, Christos Zoulas wrote:
>> Any type of foreign API we introduce (MREMAP_DUP or whatever) we'll have to
>> maintain separate patches for (which is not that bad), instead of teaching
>> libffi (and friends) that we are like SE/Linux and we need to write
>> files for PaX (which is disgusting). Perhaps it is simpler to just allow
>> these transitions (rw- <-> r-x) by using an madvise(2) call.
>
>They are somewhat unrelated problems. Allow mprotect to move from RW to
>RX is one thing. That doesn't help if you want to do lazy compilation in
>a multi-threaded programs for example. That's the part that MREMAP_DUP
>solves. I wouldn't be surprised if other systems pick up the
>interface...

In that case, why don't we make an mdup(void *, size_t, ) system call instead
that dups the pages and sets the new permission on them; this way we get the
desired effect without touching mprotect? Or even call that mmap(, ... M_DUP)
to get the second ref (the M_DUP flag needs to be alone, except for the
alignment constraints).

christos

References:
- PAX mprotect and JIT
  - From: Joerg Sonnenberger
- Re: PAX mprotect and JIT
  - From: Kamil Rytarowski
- Re: PAX mprotect and JIT
  - From: Christos Zoulas
- Re: PAX mprotect and JIT
  - From: Joerg Sonnenberger

Prev by Date: Re: PAX mprotect and JIT
Next by Date: Re: PAX mprotect and JIT
Previous by Thread: Re: PAX mprotect and JIT
Next by Thread: Re: PAX mprotect and JIT
Indexes:

Home | Main Index | Thread Index | Old Index