Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: how to write paxctl MPROTECT-safe JIT code?

On Tue, 15 Nov 2016, Joerg Sonnenberger wrote:

On Tue, Nov 15, 2016 at 01:55:16PM +0100, Thomas Klausner wrote:
On Tue, Nov 15, 2016 at 01:42:56PM +0100, Joerg Sonnenberger wrote:
On Tue, Nov 15, 2016 at 12:34:14PM +0100, Thomas Klausner wrote:
I've filed some upstream bug reports about paxctl issues, some existed

One developer asks how to fix the issue:

Can someone please help out here?

The only safe and performant way I know is to create a temporary file,
unlink it and mmap it twice via the fd. It's a PITA.

So mkstemp() to get a file, unlink() to remove it, write the JIT code
to the file. What are the two mmap()s for, what flags do they get?

One is writeable, the other is executable.

So, you don't write(2) to the file. You store code in memory via the writeable mmap address range, and then execute via the 2nd mmap range.

| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:      |
| (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at   |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at |

Home | Main Index | Thread Index | Old Index