Re: PAX mprotect and JIT

To: tech-kern%NetBSD.org@localhost
Subject: Re: PAX mprotect and JIT
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Sun, 26 Feb 2017 14:09:08 +0100

On Sun, Feb 26, 2017 at 10:30:05AM +0100, Martin Husemann wrote:
> > (2) A hack for allow mprotect to switch between W and X, but still
> > honoring W^X. This is a hack and needs to be carefully rethought,
> > since I believe the way pax is currently implemented is wrong. Consider
> > it a PoC.
> 
> Wouldn't it be better to create a variant of mremap() that allows
> specifying the new protection flags and only allow a W^X toggle in
> the M_REMAPDUP case?

The mremap() dance is only desirable for multi-threaded JIT. If you
compile a module at a time before making it visible, just a plain
mprotect is enough.

Joerg

Follow-Ups:
- Re: PAX mprotect and JIT
  - From: Martin Husemann

References:
- PAX mprotect and JIT
  - From: Joerg Sonnenberger
- Re: PAX mprotect and JIT
  - From: Martin Husemann

Prev by Date: Re: PAX mprotect and JIT
Next by Date: Re: PAX mprotect and JIT
Previous by Thread: Re: PAX mprotect and JIT
Next by Thread: Re: PAX mprotect and JIT
Indexes:

Home | Main Index | Thread Index | Old Index