tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: PAX mprotect and JIT



In article <20170226153519.GA28284%britannica.bec.de@localhost>,
Joerg Sonnenberger  <joerg%bec.de@localhost> wrote:
>On Sun, Feb 26, 2017 at 03:20:46PM +0000, Christos Zoulas wrote:
>> Any type of foreign API we introduce (MREMAP_DUP or whatever) we'll have to
>> maintain separate patches for (which is not that bad), instead of teaching
>> libffi (and friends) that we are like SE/Linux and we need to write
>> files for PaX (which is disgusting). Perhaps it is simpler to just allow
>> these transitions (rw- <-> r-x) by using an madvise(2) call.
>
>They are somewhat unrelated problems. Allow mprotect to move from RW to
>RX is one thing. That doesn't help if you want to do lazy compilation in
>a multi-threaded programs for example. That's the part that MREMAP_DUP
>solves. I wouldn't be surprised if other systems pick up the
>interface...

In that case, why don't we make an mdup(void *, size_t, ) system call instead
that dups the pages and sets the new permission on them; this way we get the
desired effect without touching mprotect? Or even call that mmap(, ... M_DUP)
to get the second ref (the M_DUP flag needs to be alone, except for the
alignment constraints).

christos



Home | Main Index | Thread Index | Old Index