Re: PAX mprotect and JIT

To: tech-kern%netbsd.org@localhost
Subject: Re: PAX mprotect and JIT
From: christos%astron.com@localhost (Christos Zoulas)
Date: Mon, 27 Feb 2017 03:17:15 +0000 (UTC)

In article <20170226213704.DED726038D%jupiter.mumble.net@localhost>,
Taylor R Campbell  <campbell+netbsd-tech-kern%mumble.net@localhost> wrote:
>
>The idiom I imagine is something like:
>
>	void *buf = mmap(NULL, len, PROT_READ|PROT_WRITE|PROT_EXEC,
>	    MAP_ANON|MAP_REMAPDUP, -1, 0);

This is never allowed (rwx).

>	/* initialize buf with machine instructions */
>	void *ip = mremap(buf, len, NULL, len, MAP_REMAPDUP);
>	mprotect(ip, len, PROT_EXEC);
>	munmap(buf, len);
>	/* jump to *ip */
>	void *buf = mremap(ip, len, NULL, len, MAP_REMAPDUP);
>	mprotect(buf, len, PROT_READ|PROT_WRITE);
>	/* update buf with modified instructions */
>	munmap(buf, len);

Why not:

	void *buf = mmap(NULL, len, PROT_READ|PROT_WRITE, MAP_ANON, -1, 0);
	void *ip = mmap(buf, len, PROT_READ|PROT_EXEC, MAP_DUP, -1, 0);
	/* update buf with modified instructions */

christos

Follow-Ups:
- Re: PAX mprotect and JIT
  - From: Taylor R Campbell

References:
- Re: PAX mprotect and JIT
  - From: Joerg Sonnenberger
- Re: PAX mprotect and JIT
  - From: Taylor R Campbell

Prev by Date: Re: PAX mprotect and JIT
Next by Date: Re: PAX mprotect and JIT
Previous by Thread: Re: PAX mprotect and JIT
Next by Thread: Re: PAX mprotect and JIT
Indexes:

Home | Main Index | Thread Index | Old Index